Detector: Todo Scanner

Scans source code for TODO, FIXME, HACK, and XXX comments with optional age enrichment from git blame.

Property	Value
Name	`todo-scanner`
Tier	DETERMINISTIC
Languages	All (any file with comments)
External tool	`git blame` (optional, for age)
LLM required	No
Confidence	0.90

What it detects

TODO/FIXME/HACK/XXX markers in code comments. Requires a comment prefix (#, //, /*, --, <!--) within 5 characters before the tag to avoid matching prose text.

Also scans markdown files for HTML comment TODOs: .

How it works

Walks all source files (skipping binary, generated, and common skip directories)
Matches TODO|FIXME|HACK|XXX patterns with a preceding comment marker
Rejects matches inside string literals (odd-quote heuristic)
Rejects compound words like todo-scanner (negative lookahead (?!-))
Enriches with git blame date to show how old the TODO is

Severity

FIXME and HACK → MEDIUM
TODO and XXX → LOW

Example finding

[TODO] tests/test_build_system.py:42
  # TODO: add tests for PEP 660 editable installs
  Age: 14 months (git blame)
  Severity: LOW, Confidence: 0.90

Observed accuracy

Repo	Findings	TP Rate
pip-tools	19	100%
httpx	1	100%
shadcn-ui/ui	20	100%
bubbletea	8	100%

Overall: 100% true positive rate across 48 findings on 4 repos.

Known limitations

Cannot determine if a TODO is still relevant (would require LLM analysis)
Age enrichment fails on shallow clones (--depth=1)

Local Repo Sentinel · MIT License

Home

Getting Started

Reference

Detectors

Advanced

Workflow

Detector: Todo Scanner

Detector: Todo Scanner

What it detects

How it works

Severity

Example finding

Observed accuracy

Known limitations

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally