coala
pfff
| coala | pfff | |
|---|---|---|
| 3 | 6 | |
| 3,515 | 2,422 | |
| 0.1% | - | |
| 0.0 | 0.0 | |
| 3 months ago | about 5 years ago | |
| Python | OCaml | |
| GNU Affero General Public License v3.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
coala
-
Level up your Python today with open-source contributions
Read the contributing guidelines on GitHub
- Show HN: Semgrep App
pfff
-
AST-grep(sg) is a CLI tool for code structural search, lint, and rewriting
Hi, ast-grep author here. This is a great question and I asked this in the first place before I started the hobby project.
TLDR; I designed ast-grep to be on different tracks than semgrep.
Semgrep is for security and ast-grep is for development.
First and foremost, I have always been in awe of semgrep. Semgrep's documentation, product sites and Padioleau's podcast all gave me a lot of inspiration. Using code to find code is such a cool idea that I never need to craft an intricate regex or write a lengthy AST program. sgrep and patch from https://github.com/facebookarchive/pfff/wiki/Sgrep have helped me a lot in real large codebases.
When I used semgrep as a software engineer, instead of a security researcher, I found semgrep has not touched too much on routine development works. I can use `semgrep -e PATTERN` but the Python wrapper is not too fast compared to grep.
-
Interesting ocaml mention in buck2 by fb
Meta/Facebook are long time OCaml users, their logo is on the OCaml website. Their static analysis tool and its predecessor are both written in OCaml.
-
What's wrong with static-analysis autofix/codemod tools? Why don't we use them more, across the industry? What's your experience?
Over the decades, there's been so very many attempts to address this conundrum; and yet, ...
- Show HN: Semgrep App
- Show HN: Visualizing a Codebase
What are some alternatives?
code2flow - Pretty good call graphs for dynamic languages
WhiteBeam - WhiteBeam: Transparent endpoint security
pycallgraph
flow - Adds static typing to JavaScript to improve developer productivity and code quality.
vprof - Visual profiler for Python
vircadia-native-core - Vircadia open source agent-based metaverse ecosystem.
pysonar2 - PySonar2: a semantic indexer for Python with interprocedual type inference
syntax-searcher - Language-independent command-line utility for syntax-aware pattern matching.
pydeps - Python Module Dependency graphs
ocaml-tree-sitter-semgrep - Generate parsers from tree-sitter grammars extended to support Semgrep patterns
PythonBuddy - 1st Online Python Editor With Live Syntax Checking and Execution
infer - A static analyzer for Java, C, C++, and Objective-C