{"id":46222912,"url":"https://github.com/appthreat/atom","last_synced_at":"2026-03-03T15:01:42.161Z","repository":{"id":168810962,"uuid":"644611192","full_name":"AppThreat/atom","owner":"AppThreat","description":"atom is a novel intermediate representation for applications and a standalone tool that is powered by chen. ","archived":false,"fork":false,"pushed_at":"2026-01-07T22:17:25.000Z","size":27836,"stargazers_count":83,"open_issues_count":39,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-27T10:52:56.984Z","etag":null,"topics":["application-analytics","code-analysis","exploit-prediction","intermediate-representation","reachability-analysis","supply-chain","variant-analysis","vulnerability-analysis"],"latest_commit_sha":null,"homepage":"https://atom-docs.appthreat.dev","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AppThreat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":"codemeta.json","zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-05-23T22:19:28.000Z","updated_at":"2026-01-26T07:39:10.000Z","dependencies_parsed_at":"2023-10-12T02:46:30.838Z","dependency_job_id":"ddd46828-6560-4ef1-95c2-54bae53df598","html_url":"https://github.com/AppThreat/atom","commit_stats":{"total_commits":209,"total_committers":3,"mean_commits":69.66666666666667,"dds":0.0574162679425837,"last_synced_commit":"c0a05a6e76a320e9827b02b8bccbddfc2b3120c7"},"previous_names":["appthreat/atom"],"tags_count":151,"template":false,"template_full_name":null,"purl":"pkg:github/AppThreat/atom","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppThreat%2Fatom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppThreat%2Fatom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppThreat%2Fatom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppThreat%2Fatom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AppThreat","download_url":"https://codeload.github.com/AppThreat/atom/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AppThreat%2Fatom/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30050222,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T14:38:37.398Z","status":"ssl_error","status_checked_at":"2026-03-03T14:38:06.721Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["application-analytics","code-analysis","exploit-prediction","intermediate-representation","reachability-analysis","supply-chain","variant-analysis","vulnerability-analysis"],"created_at":"2026-03-03T15:01:38.792Z","updated_at":"2026-03-03T15:01:42.153Z","avatar_url":"https://github.com/AppThreat.png","language":"Rust","readme":"# atom (⚛)\n\n\u003cimg src=\"./docs/static/img/Atom-logo.png\" width=\"200\" height=\"auto\" /\u003e\n\natom is a novel intermediate representation for applications and a standalone tool powered by the [chen](https://github.com/AppThreat/chen) library. The intermediate representation (a network with nodes and links) is optimized for operations typically used for application analytics and machine learning, including [slicing](./specification/docs/slices.md) and vectoring.\n\nOur vision is to make atom useful for many use cases such as:\n\n- **Supply-chain analysis:** Generate evidence of external library usage including the flow of data from sources to sinks. atom is used by [OWASP cdxgen](https://github.com/CycloneDX/cdxgen) to improve the precision and comprehensiveness of the generated CycloneDX document.\n- **Vulnerability analysis:** Describe vulnerabilities with evidence of affected symbols, call paths, and data-flows. Enable variant and [reachability analysis](https://github.com/AppThreat/atom/blob/main/specification/docs/slices.md#reachables-slice) at scale.\n- **Exploit prediction:** Predict exploits using precise representations of vulnerabilities, libraries, and applications.\n- **Threat-model and attack vectors generation:** Generate precise threat models and attack vectors for applications at scale.\n- **Application context detection:** Generate context useful for summarization and risk-profile generation (e.g. services, endpoints, and data attributes).\n- **Mind-maps for applications:** Automate summarization of large and complex applications as a developer tool.\n\nand more.\n\n![npm](https://img.shields.io/npm/dw/@appthreat/atom)\n\n## Languages supported\n\n- C/C++\n- H (C/C++ Header and pre-processed .i files alone)\n- Java (Requires compilation)\n- Jar\n- Android APK (Requires Android SDK. Set the environment variable `ANDROID_HOME` or use the container image.)\n- JavaScript\n- Flow\n- TypeScript\n- Python (Supports 3.x to 3.13)\n- PHP (Requires PHP \u003e= 7.4. Supports PHP 7.0 to 8.4 with limited support for PHP 5.x)\n- Ruby (Requires Ruby 4.0.x. Supports Ruby 1.8 - 4.0.x syntax)\n- Scala (WIP)\n\n## Installation\n\natom comprises a scala core with a Node.js wrapper module. It is currently distributed as a npm package.\n\n```shell\nnpm install -g @appthreat/atom @appthreat/atom-parsetools\natom --help\n```\n\nInstall cdxgen npm package to generate a Software Bill-of-Materials (SBOM) which is required for reachables slicing.\n\n```shell\nnpm install -g @cyclonedx/cdxgen --omit=optional\n```\n\n## container usage\n\n```shell\ndocker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom --help\n# podman run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom --help\n```\n\nExample for java project.\n\n```shell\ndocker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom -l java -o /app/app.atom /app\n# podman run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom -l java -o /app/app.atom /app\n```\n\n## atom native-image (Advanced users only)\n\natom is available as a native image built using graalvm community edition.\n\n```shell\ncurl -LO https://github.com/AppThreat/atom/releases/latest/download/atom-amd64\nchmod +x atom-amd64\n./atom-amd64 --help\n```\n\nOn Windows\n\n```pwsh\ncurl -LO https://github.com/AppThreat/atom/releases/latest/download/atom.exe\n.\\atom.exe --help\n```\n\nNOTE: Commands such as astgen, rbastgen, phpastgen, etc. are not bundled into this native image. Install the npm package `@appthreat/atom-parsetools` to get these commands.\n\n```shell\nnpm install -g @appthreat/atom-parsetools\nwhich astgen\nwhich phpastgen\n```\n\n## CLI Usage\n\n```\nUsage: atom [parsedeps|data-flow|usages|reachables] [options] [input]\n\n input source file or directory\n -o, --output \u003cvalue\u003e output filename. Default app.⚛ or app.atom in windows\n -s, --slice-outfile \u003cvalue\u003e\n export intra-procedural slices as json\n -l, --language \u003cvalue\u003e source language\n --frontend-args \u003cvalue\u003e Advanced frontend configuration (key=value). E.g. --frontend-args defines=DEBUG,cpp-standard=c++17\n --with-data-deps generate the atom with data-dependencies - defaults to `false`\n --remove-atom do not persist the atom file - defaults to `false`\n --reuse-atom reuse existing atom file - defaults to `false`\n -x, --export-atom export the atom file with data-dependencies to graphml - defaults to `false`\n --export-dir \u003cvalue\u003e export directory. Default: atom-exports\n --file-filter \u003cvalue\u003e the name of the source file to generate slices from. Uses regex.\n --method-name-filter \u003cvalue\u003e\n filters in slices that go through specific methods by names. Uses regex.\n --method-parameter-filter \u003cvalue\u003e\n filters in slices that go through methods with specific types on the method parameters. Uses regex.\n --method-annotation-filter \u003cvalue\u003e\n filters in slices that go through methods with specific annotations on the methods. Uses regex.\n --max-num-def \u003cvalue\u003e maximum number of definitions in per-method data flow calculation - defaults to 2000\nCommand: parsedeps\nExtract dependencies from the build file and imports\nCommand: data-flow [options]\nExtract backward data-flow slices\n --slice-depth \u003cvalue\u003e the max depth to traverse the DDG for the data-flow slice - defaults to 7.\n --sink-filter \u003cvalue\u003e filters on the sink's `code` property. Uses regex.\nCommand: usages [options]\nExtract local variable and parameter usages\n --min-num-calls \u003cvalue\u003e the minimum number of calls required for a usage slice - defaults to 1.\n --include-source includes method source code in the slices - defaults to false.\n --extract-endpoints extract http endpoints and convert to openapi format using atom-tools - defaults to false.\nCommand: reachables [options]\nExtract reachable data-flow slices based on automated framework tags\n --source-tag \u003cvalue\u003e source tag - defaults to framework-input. Comma-separated values allowed.\n --sink-tag \u003cvalue\u003e sink tag - defaults to framework-output. Comma-separated values allowed.\n --include-crypto includes crypto library flows - defaults to false.\n --help display this help message\n```\n\n## Sample Invocations\n\n### Generate an atom\n\n```shell\n# Compile java project\natom -o app.atom -l java .\n```\n\n```shell\natom -o app.atom -l jar \u003cjar file\u003e\n```\n\n```shell\nexport ANDROID_HOME=\u003cpath to android sdk\u003e\natom -o app.atom -l apk \u003capk file\u003e\n```\n\n### Create reachables slice for a java project.\n\n```shell\ncd \u003cpath to repo\u003e\ncdxgen -t java --deep -o bom.json .\natom reachables -o app.atom -s reachables.json -l java .\n```\n\nPass the argument `--reuse-atom` to slice based on an existing atom file.\n\n```shell\natom reachables --reuse-atom -o app.atom -s reachables.json -l java .\n```\n\nExample with container-based invocation.\n\n```shell\ndocker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom reachables -l java -o /app/app.atom -s /app/reachables.slices.json /app\n# podman run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom reachables -l java -o /app/app.atom -s /app/reachables.slices.json /app\n```\n\n### Create usages slice for a java project.\n\n```shell\natom usages -o app.atom --slice-outfile usages.json -l java .\n```\n\nExample for a Ruby 4 project with container-based invocation.\n\n```shell\ndocker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom usages -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n# podman run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom usages -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n```\n\nPass the argument `--platform=linux/amd64`, if you face issues with Java or Ruby builds on arm64 architecture.\n\n```shell\ndocker run --rm --platform=linux/amd64 -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom usages -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n# podman run --rm --platform=linux/amd64 -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom usages -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n```\n\nFor Ruby 4, there is an alpine-based version available.\n\n```shell\ndocker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom-alpine-ruby atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n# podman run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom-alpine-ruby atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n```\n\nRuby 3 variant is also available for alpine.\n\n```shell\ndocker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom-alpine-ruby3 atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n# podman run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/appthreat/atom-alpine-ruby3 atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n```\n\n### Create data-flow slice for a java project.\n\n```shell\natom data-flow -o app.atom --slice-outfile df.json -l java .\n```\n\nLearn more about [slices](./specification/docs/slices.md) or view some [samples](https://github.com/AppThreat/atom-samples)\n\n### Extract HTTP endpoints in openapi format using atom-tools\n\natom can automatically invoke [atom-tools](https://github.com/AppThreat/atom-tools) `convert` command to extract http endpoints from the usages slices. Pass the argument `--extract-endpoints` to enable this feature.\n\n```shell\npip install atom-tools\natom usages --extract-endpoints -o app.atom --slice-outfile usages.json -l java .\n```\n\nA file called `openapi.json` would be created with the endpoints information. Use the environment variable `ATOM_TOOLS_OPENAPI_FILENAME` to customize the filename.\n\n```shell\nATOM_TOOLS_OPENAPI_FILENAME=openapi.json atom usages --extract-endpoints -o app.atom --slice-outfile usages.json -l ruby .\n```\n\nContainer-based invocation:\n\n```shell\ndocker run --rm -v /tmp:/tmp -e ATOM_TOOLS_OPENAPI_FILENAME=openapi.json -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n# podman run --rm -v /tmp:/tmp -e ATOM_TOOLS_OPENAPI_FILENAME=openapi.json -v $(pwd):/app:rw -t ghcr.io/appthreat/atom atom usages --extract-endpoints -l ruby -o /app/app.atom -s /app/usages.slices.json /app\n```\n\n### Export atom to graphml or dot format\n\nIt is possible to export each method along with data dependencies in an atom to graphml or dot format. Simply pass `--export` to enable this feature.\n\n```shell\natom -o app.atom -l java --export-atom --export-dir \u003cexport dir\u003e \u003cpath to application\u003e\n```\n\nThe resulting graphml files could be imported into [Neo4j](https://neo4j.com/labs/apoc/4.1/import/graphml/) or NetworkX for further analysis. Use the argument `--export-format` for dot format.\n\n```shell\natom -o app.atom -l java --export-atom --export-format dot --export-dir \u003cexport dir\u003e \u003cpath to application\u003e\n```\n\nIn dot format, individual representations such as ast, cdg, and cfg would also get exported.\n\nTo also compute and include data-dependency graph (DDG) information in the exported files, pass `--with-data-deps`\n\n```shell\natom -o app.atom -l java --export-atom --export-dir \u003cexport dir\u003e --with-data-deps \u003cpath to application\u003e\n```\n\n## Environment variables\n\n| Variable | Description |\n| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| **CHEN_IGNORE_TEST_DIRS** | Set to true to ignore `test` directories. Only supported for Python for now. |\n| **CHEN_PYTHON_IGNORE_DIRS** | Comma-separated list of directories to ignore for Python. |\n| **CHEN_DELOMBOK_MODE** | Delombok mode for the Java frontend (`no-delombok`, `default`, `types-only`, `run-delombok`). |\n| **CHEN_INCLUDE_PATH** | Include directories for the C frontend. Separate paths with `:` or `;`. |\n| **CHEN_ASTGEN_OUT** | Existing astgen output directory. Improves performance for JavaScript, TypeScript, and Flow during repeated invocations by reusing existing AST json data. |\n| **ATOM_TOOLS_OPENAPI_FORMAT** | OpenAPI format for atom-tools. Default: `openapi3.1.0`; alternative: `openapi3.0.1`. |\n| **ATOM_TOOLS_WORK_DIR** | Working directory for atom-tools. Defaults to atom input path. |\n| **ATOM_SCALASEM_WORK_DIR** | Working directory for scalasem. Defaults to atom input path. |\n| **ATOM_SCALASEM_SLICES_FILE** | Slices file name. Defaults to `semantics.slices.json`. |\n| **ATOM_JVM_ARGS** | Overrides the JVM arguments, including heap memory values, constructed by the atom Node.js wrapper. |\n| **ATOM_JAVA_HOME** | Java 21 or above to be used by atom. |\n| **PHP_CMD** | Overrides the PHP command used by the PHP frontend. |\n| **PHP_PARSER_BIN** | Overrides the php-parse command used by the PHP frontend. |\n| **SCALA_CMD** | Overrides the scala command. |\n| **SCALAC_CMD** | Overrides the scalac command used by the scala frontend. |\n| **ASTGEN_IGNORE_DIRS** | Comma-separated list of directories to ignore by the JavaScript astgen pre-processor command. |\n| **ASTGEN_IGNORE_FILE_PATTERN** | File pattern to ignore by the JavaScript astgen pre-processor command. |\n| **ASTGEN_INCLUDE_NODE_MODULES_BUNDLES** | Also include source code from node_modules directory. Makes the flows more complete at the cost of increased memory use. |\n| **JAVA_CMD** | Overrides the java command. |\n| **RUBY_CMD** | Overrides the Ruby command. |\n\n## atom Specification\n\nThe intermediate representation used by atom is available under the same open-source license (MIT). The specification is available in [protobuf](./specification/atom.proto), [markdown](./specification/docs/spec.md), and [html](./specification/docs/spec.html) formats.\n\nThe current specification version is 1.0.0\n\n## Generating atom files\n\natom files (app.⚛ or app.atom) are zip files with serialized protobuf data. atom cli is the preferred approach to generate these files. It is possible to author a generator tool from scratch using the [proto specification](./specification/atom.proto). We offer a sample in [Python](./specification/samples/python-atomgen/README.md) for interested users. We also offer proto bindings in additional languages which can be found [here](./specification/bindings/).\n\nExample code snippet for generating an atom in python.\n\n```python\n# Create a method fullname property\nmethodFullName = atom.CpgStructNodeProperty(\n name=atom.NodePropertyName.FULL_NAME, value=atom.PropertyValue(\"main\")\n)\n\n# Create a method node with the fullname property\nmethod = atom.CpgStructNode(\n key=1, type=atom.NodeType.METHOD, property=[methodFullName]\n)\n\n# Create an atom with a single node\natom_struct = atom.CpgStruct(node=[method])\n\n# Create an atom (app.atom) by serializing this data into a zip file\nwith ZipFile(\"app.atom\", \"w\") as zip_file:\n zip_file.writestr(\"cpg.proto\", bytes(atom_struct))\n```\n\n## License\n\nMIT\n\n## Developing / Contributing\n\nInstall Java 21\nNode.js \u003e 21\n\n```shell\nsbt clean stage scalafmt test createDistribution\ncd wrapper/nodejs\nbash build.sh \u0026\u0026 sudo npm install -g .\n```\n\n## Using atom with chennai\n\n[chennai](https://github.com/AppThreat/chen) is the recommended query interface for working with atom.\n\n```shell\nchennai\u003e importAtom(\"/home/almalinux/work/sandbox/apollo/app.atom\")\n```\n\n## atom tools\n\nCheckout [atom-tools](https://github.com/AppThreat/atom-tools) for some project ideas involving atom slices.\n\n## devenv setup\n\nInstall devenv by following the official [instructions](https://devenv.sh/getting-started/).\n\n```shell\ndevenv shell\n```\n\nLanguage-specific profile:\n\n```shell\n# Ruby environment\ndevenv --option config.profile:string ruby shell\n\n# php environment\ndevenv --option config.profile:string php shell\n```\n\n## Advanced Configuration\n\nFor complex projects, specifically those written in C or C++, you may need to pass granular configuration options to the underlying language frontend. You can achieve this using the `--frontend-args` flag.\n\nThis flag accepts a comma-separated list of key-value pairs in the format `key=value`.\n\n### Usage\n\n```bash\n--frontend-args key1=value1,key2=value2,key3=value3\n```\n\n### Supported Arguments (C/C++)\n\nThe following arguments are supported when `--language` is set to `c`, `cpp`, or `c++`.\n\n| Key | Type | Description | Example |\n| :--------------------- | :------ | :------------------------------------------------------------------------------ | :---------------------------- |\n| `defines` | List | Comma-separated preprocessor definitions. | `defines=DEBUG,VERSION=2` |\n| `includes` | List | Additional header include paths. | `includes=/opt/local/include` |\n| `cpp-standard` | String | The C++ standard version to use. | `cpp-standard=c++17` |\n| `function-bodies` | Boolean | Whether to extract function bodies. | `function-bodies=false` |\n| `parse-inactive-code` | Boolean | Parse code within disabled preprocessor blocks (e.g., inside `#if 0`). | `parse-inactive-code=true` |\n| `with-image-locations` | Boolean | Create image locations (explains how a name made it into the translation unit). | `with-image-locations=true` |\n| `enable-ast-cache` | Boolean | Cache parsed ASTs to disk to speed up subsequent runs on unchanged files. | `enable-ast-cache=true` |\n| `ast-cache-dir` | String | Directory to store cached AST files. Defaults to `ast_out` in input directory. | `ast-cache-dir=/tmp/cache` |\n| `only-ast-cache` | Boolean | Only generate AST cache files and exit. Useful for large projects to avoid OOM. | `only-ast-cache=true` |\n\n\u003e **Note:** Boolean values must be passed as the strings `true` or `false`.\n\n### Examples\n\n**1. Setting C++ Standard and Defines**\nGenerate an atom for a C++ project using C++17.\n\n```bash\njava -jar atom.jar \\\n --language c++ \\\n --input ./my-cpp-project \\\n --frontend-args cpp-standard=c++17\n```\n\n**2. Handling Custom Include Paths**\nIf your project relies on headers located outside the source tree:\n\n```bash\njava -jar atom.jar \\\n --language c \\\n --input ./src \\\n --frontend-args includes=/usr/local/include,/opt/mylib/include\n```\n\n**3. Parsing Inactive Code**\nTo include code hidden behind preprocessor directives (like `#ifdef WINDOWS` when running on Linux):\n\n```bash\njava -jar atom.jar \\\n --language c \\\n --input ./src \\\n --frontend-args parse-inactive-code=true\n```\n\n**4. Large Projects: Two-Stage Generation (Memory Optimization)**\nFor very large C/C++ codebases, generating the full graph in one pass might consume too much memory. You can split the process into two stages using the AST cache.\n\n_Stage 1: Generate AST Cache Only_\nThis parses files one by one and saves their ASTs to disk (`./src/ast_out` by default), keeping memory usage low.\n\n```bash\njava -jar atom.jar \\\n --language c \\\n --input ./src \\\n --frontend-args only-ast-cache=true,ast-cache-dir=/tmp/cache\n```\n\n_Stage 2: Generate Atom from Cache_\nRun the command again with caching enabled. It will load the pre-computed ASTs from disk, significantly speeding up graph creation.\n\n```bash\njava -jar atom.jar \\\n --language c \\\n --input ./src \\\n --frontend-args enable-ast-cache=true,ast-cache-dir=/tmp/cache\n```\n\n## Troubleshooting\n\n### atom file is incomplete for large JS/TS projects\n\nastgen might require a generous heap of memory for large JavaScript projects, especially flow projects. Use the environment variable `NODE_OPTIONS` to increase the memory available.\n\n```bash\nexport NODE_OPTIONS=\"--expose-gc --max-old-space-size=16288\"\n```\n\nFor large projects such as React 19, astgen requires over 80 GB of heap memory! Use the environment variable `CHEN_ASTGEN_OUT` to make atom and chen, reuse any existing directory containing astgen generated json and typemap files.\n\nTo improve the accuracy further, include source code from the `node_modules` directory by setting `ASTGEN_INCLUDE_NODE_MODULES_BUNDLES`.\n\n```bash\nexport ASTGEN_INCLUDE_NODE_MODULES_BUNDLES=true\nexport ASTGEN_IGNORE_DIRS=\"\"\n```\n\n## Enterprise support\n\nEnterprise support including custom language development and integration services is available via AppThreat Ltd.\n\n## Sponsors\n\nYourKit supports open source projects with innovative and intelligent tools for monitoring and profiling Java and .NET applications.\nYourKit is the creator of \u003ca href=\"https://www.yourkit.com/java/profiler/\"\u003eYourKit Java Profiler\u003c/a\u003e, \u003ca href=\"https://www.yourkit.com/dotnet-profiler/\"\u003eYourKit .NET Profiler\u003c/a\u003e, and \u003ca href=\"https://www.yourkit.com/youmonitor/\"\u003eYourKit YouMonitor\u003c/a\u003e.\n\n![YourKit logo](./specification/yklogo.png)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappthreat%2Fatom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappthreat%2Fatom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappthreat%2Fatom/lists"}