Repo Scan

1---2name: repo-scan3description: Cross-stack source code asset audit — classifies every file, detects embedded third-party libraries, and delivers actionable four-level verdicts per module with interactive HTML reports.4origin: community5---6 7# repo-scan8 9> Every ecosystem has its own dependency manager, but no tool looks across C++, Android, iOS, and Web to tell you: how much code is actually yours, what's third-party, and what's dead weight.10 11## When to Use12 13- Taking over a large legacy codebase and need a structural overview14- Before major refactoring — identify what's core, what's duplicate, what's dead15- Auditing third-party dependencies embedded directly in source (not declared in package managers)16- Preparing architecture decision records for monorepo reorganization17 18## Installation19 20```bash21# Fetch only the pinned commit for reproducibility22mkdir -p ~/.claude/skills/repo-scan23git init repo-scan24cd repo-scan25git remote add origin https://github.com/haibindev/repo-scan.git26git fetch --depth 1 origin 274266427git checkout --detach FETCH_HEAD28cp -r . ~/.claude/skills/repo-scan29```30 31> Review the source before installing any agent skill.32 33## Core Capabilities34 35| Capability | Description |36|---|---|37| **Cross-stack scanning** | C/C++, Java/Android, iOS (OC/Swift), Web (TS/JS/Vue) in one pass |38| **File classification** | Every file tagged as project code, third-party, or build artifact |39| **Library detection** | 50+ known libraries (FFmpeg, Boost, OpenSSL…) with version extraction |40| **Four-level verdicts** | Core Asset / Extract & Merge / Rebuild / Deprecate |41| **HTML reports** | Interactive dark-theme pages with drill-down navigation |42| **Monorepo support** | Hierarchical scanning with summary + sub-project reports |43 44## Analysis Depth Levels45 46| Level | Files Read | Use Case |47|---|---|---|48| `fast` | 1-2 per module | Quick inventory of huge directories |49| `standard` | 2-5 per module | Default audit with full dependency + architecture checks |50| `deep` | 5-10 per module | Adds thread safety, memory management, API consistency |51| `full` | All files | Pre-merge comprehensive review |52 53## How It Works54 551. **Classify the repo surface**: enumerate files, then tag each as project code, embedded third-party code, or build artifact.562. **Detect embedded libraries**: inspect directory names, headers, license files, and version markers to identify bundled dependencies and likely versions.573. **Score each module**: group files by module or subsystem, then assign one of the four verdicts based on ownership, duplication, and maintenance cost.584. **Highlight structural risks**: call out dead-weight artifacts, duplicated wrappers, outdated vendored code, and modules that should be extracted, rebuilt, or deprecated.595. **Produce the report**: return a concise summary plus the interactive HTML output with per-module drill-down so the audit can be reviewed asynchronously.60 61## Examples62 63On a 50,000-file C++ monorepo:64- Found FFmpeg 2.x (2015 vintage) still in production65- Discovered the same SDK wrapper duplicated 3 times66- Identified 636 MB of committed Debug/ipch/obj build artifacts67- Classified: 3 MB project code vs 596 MB third-party68 69## Best Practices70 71- Start with `standard` depth for first-time audits72- Use `fast` for monorepos with 100+ modules to get a quick inventory73- Run `deep` incrementally on modules flagged for refactoring74- Review the cross-module analysis for duplicate detection across sub-projects75 76## Links77 78- [GitHub Repository](https://github.com/haibindev/repo-scan)