Get roasted. Get better. Ship faster.
A zero-config CLI that scans your codebase and delivers brutally honest (but funny) feedback. Every roast is backed by a real finding β not random noise.
npx roast-my-codebaseβββββββββββββββββββββββββββββββ
β Roast My Codebase π₯ β
βββββββββββββββββββββββββββββββ
Project: my-app
Health Score: 42/100 F Chaotic
[ββββββββββββββββββββββββββββββ]
Some findings require immediate attention.
Project Summary
ββββββββββββββββββββββββββββββββββββββββ
Files Scanned 138
Total Files 412
Lines of Code 28,904
Dependencies 54
Dev Dependencies 21
Findings
ββββββββββββββββββββββββββββββββββββββββ
β 3 critical
β 18 warnings
β 11 info
β AuthService in src/auth/auth.service.ts has cyclomatic complexity of 34
Gru's plan: write simple function β add one more condition β this.
β .env is tracked in git β secrets may be exposed
Little Bobby Tables visited your repo. He felt at home.
β src/auth/auth.service.ts is 1,847 lines
Nobody: ... This file: *adds 200 more lines*
β "lodash" appears unused β paying rent for no reason
node_modules: the folder that makes SSD manufacturers nervous.
β src/utils/helpers.ts has cyclomatic complexity of 22
I've seen smaller decision trees at the DMV.
The findings have formed a coalition.
ββββββββββββββββββββββββββββββββββββββββ
Verdict
Functional code with security issues is a solved problem waiting to be exploited.
ββββββββββββββββββββββββββββββββββββββββ
Share your roast β https://x.com/intent/tweet?text=My%20codebase%20just%20got%20roasted...
roast-my-codebase Β· github.com/rahuldk1105/roast-my-codebase
Every PR gets a roast comment automatically. Teams screenshot them. They spread.
Step 1 β create .github/workflows/roast.yml in your repo:
name: Roast My Codebase
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
pull-requests: write
jobs:
roast:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: rahuldk1105/roast-my-codebase@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}That's it. No secrets to configure. GITHUB_TOKEN is provided automatically by GitHub.
What the PR comment looks like:
## π₯ Roast My Codebase β Health: 42/100 π΄
[ββββββββββββββββββββββββββββββ] 42/100
| Metric | Value |
|--------|-------|
| Files | 138 |
| Lines | 28k |
| Deps | 54 |
π΄ 3 critical β οΈ 18 warnings βΉοΈ 11 info
- π΄ `src/auth/auth.service.ts` β cyclomatic complexity of 34
- π΄ `.env` is tracked in git β secrets may be exposed
- β οΈ `src/auth/auth.service.ts` is 1,847 lines
- β οΈ "lodash" appears unused β paying rent for no reason
> π₯ **src/auth/auth.service.ts**: Nobody: ... This file: *adds 200 more lines*
> π₯ **.env**: Little Bobby Tables visited your repo. He felt at home.
> π₯ **codebase**: The findings have formed a coalition.
*Functional code with security issues is a solved problem waiting to be exploited.*
Generated by roast-my-codebase
Optional: fail PRs below a score threshold
- uses: rahuldk1105/roast-my-codebase@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
fail-below: "60"Optional: AI-powered roasts via Claude
- uses: rahuldk1105/roast-my-codebase@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
ai-roasts: "true"
anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}# Run without installing
npx roast-my-codebase
# Install globally
npm install -g roast-my-codebase
roast-my-codebase
# Scan a specific path
roast-my-codebase ./path/to/project| Check | What it finds |
|---|---|
| File Size | Files over 500 / 1000 / 2000 lines |
| Complexity | Functions with cyclomatic complexity 15+ |
| TODOs | TODO, FIXME, HACK, XXX comments |
| Dependencies | Unused or excessive packages |
| Circular Deps | Import cycles between modules |
| Duplicates | Copy-pasted code blocks |
| Dead Exports | Exports that are never imported |
| Type Safety | any, @ts-ignore, type bypasses |
| Security | Secrets in git, hardcoded credentials, eval usage |
| Test Coverage | Source files with no corresponding tests |
| Git Insights | High-churn files, large PRs, stale branches |
| Structure | Deep nesting, utils explosion, bloated folders |
Full support: JavaScript Β· TypeScript Β· Python Β· Go Β· Rust Β· Java Β· C# Β· Ruby Β· PHP Β· Swift Β· Kotlin
Framework checks: Next.js Β· React Β· Vue 3 Β· Angular Β· Svelte Β· Express Β· FastAPI
Language detection is automatic β no config needed.
Starts at 100. Deductions for real issues:
| Issue | Points |
|---|---|
| Extreme file (2000+ lines) | β5 |
| Circular dependency | β5 |
| Critical security issue | β10 |
| Large file (1000+ lines) | β3 |
| Unused dependency | β2 |
| Complex function | β2 |
| TODO/FIXME (each) | β0.25 |
Grades: 90β100 Excellent Β· 80β89 Good Β· 70β79 Fair Β· 60β69 Risky Β· 0β59 Chaotic
# Output formats
roast-my-codebase --json # Machine-readable JSON
roast-my-codebase --markdown # Markdown to stdout
roast-my-codebase --markdown-file # Save to .roast-report.md
roast-my-codebase --html-file # Save to .roast-report.html
roast-my-codebase --ascii # Big ASCII art grade (screenshot-worthy)
roast-my-codebase --badge # Generate .roast-badge.svg for your README
# CI/CD
roast-my-codebase --json --threshold 80 # Exit code 1 if score < 80
roast-my-codebase --pr-comment # Post GitHub PR comment
roast-my-codebase --init-ci # Drop a CI workflow into your repo
# AI roasts
roast-my-codebase --ai-roasts # Claude-powered contextual roasts
# Interactive
roast-my-codebase --fix # Show fix suggestions
roast-my-codebase --interactive # Walk through and apply fixes
roast-my-codebase --interactive --dry-run # Preview fixes without applying
# Scanning
roast-my-codebase --incremental # Only changed files since last commit
roast-my-codebase --since main # Only files changed since branching from main
roast-my-codebase --watch # Re-run on file changes
# History and comparison
roast-my-codebase --track # Save score snapshot
roast-my-codebase --history # Show last 30 days
roast-my-codebase --history 7 # Show last 7 days
roast-my-codebase --compare main # Diff against a branchCreate .roastrc.json in your project root:
{
"thresholds": {
"largeFile": 1000,
"extremeFile": 3000
},
"scanners": {
"disabled": ["test-coverage"]
},
"ignore": [
"**/vendor/**",
"**/generated/**"
],
"deductions": {
"secret": -20
}
}See CUSTOMIZATION.md for the full config reference and plugin development guide.
export ANTHROPIC_API_KEY=your_key_here
npx roast-my-codebase --ai-roastsUses Claude to generate context-aware roasts specific to your actual code. Cached for 7 days. Typical cost: $0.01β0.05 per scan.
Generic roast: "This file contains several geological layers."
AI roast: "This 1,847-line auth service handles authentication, authorization, password reset, email verification, 2FA, and probably your taxes. Pick a lane."
Search "Roast My Codebase" in the VS Code marketplace for inline diagnostics, a live health score in the status bar, and findings in the Problems panel.
- Real value β humor is the presentation layer; analysis is the product
- Zero config β works on any codebase with no setup
- Completely offline β no telemetry, no data collection, no cloud
- Fast β under 3 seconds on repos with fewer than 1000 files
PRs welcome. Each scanner is independent and easy to add to.
src/
βββ cli/ # Command setup
βββ scanners/ # Modular analysis passes
βββ scoring/ # Health score calculation
βββ roasts/ # Roast message pools
βββ report/ # Terminal + HTML rendering
βββ types/ # Shared interfaces
βββ utils/ # Shared helpers
MIT