Interesting approach. I've been working on something similar but framework-aware — for NestJS projects specifically, scanning decorators via AST to catch missing auth guards, untyped DTOs, and missing Swagger docs. The hardcoded secret detection is a must-have, agreed. What's your false positive rate on the secret scanning? I found regex-based patterns flag test fixtures pretty aggressively.
Hi HN! I built Commit Story to visualize the history behind any GitHub repository.
Enter any public repo URL and get:
- An interactive commit timeline with milestone markers
- Contribution heatmap (last 52 weeks via GitHub Statistics API)
- Stat cards: total commits, contributors, project age, weekly average
- Compare two repos side by side
- GitHub Wrapped: any user's profile summary
- Embeddable badges for your README