Scan a project once. View a 3D dependency graph. Compare git refs. Ship findings to GitHub. All from a single page, all running on your machine.
Point at a local folder or paste a GitHub URL. Get a self-contained 3D HTML report.
PR-review mode. See what changed structurally between two refs — files, issues, edges, deltas.
Architecture, MCP tools, comparison with Madge / Sourcegraph / CodeQL / Semgrep.
One scan. Multiple outputs.
Self-contained HTML. Three.js + force-graph inlined. Opens offline.
Hardcoded secrets, eval, XSS, CORS, SQL injection, missing auth.
--cve hits OSV.dev for every package.json dep.
@ast-grep/napi (Rust + tree-sitter). Accurate JS/TS/Python parsing in-process.
Resolves @/components/Foo. Detects monorepos (pnpm, npm/yarn, Lerna, Turbo).
For GitHub Code Scanning, GitLab, SonarQube, VS Code SARIF Viewer.
--fail-on <sev> + baseline. Block PRs on new issues.
--since main via git-worktree. Two-ref structural diff.
12 tools for Claude Code / Cursor / any agent. Cache on disk.
Byte-identical re-runs. Honors SOURCE_DATE_EPOCH.
// diagram3-disable-next-line for intentional patterns.
307 MB Alpine. Mount /work, get MCP over stdio.