Owner activity status in risk output

git-arch risk now shows when the dominant owner of a flagged scope
last committed anywhere in the repo.

62% concentration with an owner active 3 days ago and 62%
concentration with an owner inactive for 2 years are very
different risk stories — same number, different meaning.

When the gap exceeds 18 months, the reason field notes it directly.

npm install -g git-archaeologist
git-arch risk /path/to/repo

git-arch risk: maintenance risk map

New command: git-arch risk

Reuses the existing bus factor, ownership concentration, and
contributor count data — no new analysis — and reframes it as
LOW/MEDIUM/HIGH risk areas with plain-language explanations.

Example, from Express:

HIGH RISK
support
Bus Factor: 1 Ownership Concentration: 100% Contributors: 1
Reason: Single dominant maintainer (Douglas Christopher Wilson)
with limited contributor redundancy.

Also fixes a small inconsistency — the risk command now applies
the same bot-filtering as bus factor analysis, so the two stay
in sync.

npm install -g git-archaeologist
git-arch risk /path/to/repo

v1.9.3 — Bot author filtering

While analyzing 23 major OSS repos, I noticed something wrong.

Angular Robot was showing up as the owner of 18 out of 21 scopes
in the Angular codebase. Renovate Bot owned two NestJS scopes.
Dependabot appeared in Spring Boot.

These are automation accounts, not humans. The output was
actively misleading.

So I audited all 23 repos in the dataset. Only 3 were affected.
Angular was the severe case. After filtering, real owners appear:
Matthieu Riegler, Joey Perrott, and others who actually maintain
the codebase.

The fix detects bots by email pattern ([bot], noreply) and by
known name (Angular Robot, Renovate, Dependabot, etc.). The three
affected JSON files in the dataset have been regenerated.

This isn't a new feature. It's fixing output that was wrong.

npm install -g git-archaeologist

v1.9.2 — 8 commands, Repository Risk Report 2026

8 commands. Validated on Express, React, Vue, VSCode, Kubernetes.

Ran it on 7 major repos. Every single one had at least one module where
one person leaving would orphan critical code.

VSCode: extHost.protocol.ts touched by 98 authors. Curse score 108,070.
Kubernetes: 9 bus factor 1 modules across 99,697 files and 5,358 contributors.
Express: one person owns 69% of the entire codebase.

New in this release: git-arch blast, git-arch ownership, git-arch pr-risk,
PR comments in GitHub Action, BENCHMARKS.md, RESEARCH.md (11/11 top
cursed files had confirmed bug history).

npm install -g git-archaeologist

v1.4.4 — Production ready

Full-featured release with all known bugs fixed.

Features

• Curse score with exponential decay + acceleration detection
• Bus factor per folder
• Implicit coupling detection
• Ownership analysis
• --since flag for time-bounded analysis
• Interactive D3 treemap HTML report (--html)
• git-arch blame <file> for deep file history
• GitHub Action for CI integration
• Noise filter — changelogs/lockfiles excluded automatically

Install

npm install -g git-archaeologist

v1.2.1

What's new

• --since flag for time-bounded analysis (--since 90d, --since 2y, --since 2024-01-01)
• Interactive D3 treemap HTML report (--html)
• Curse score, bus factor per folder, implicit coupling, ownership analysis

Install

npm install -g git-archaeologist