{"id":49273694,"url":"https://github.com/jeremydev87/legolas","last_synced_at":"2026-05-07T06:04:27.663Z","repository":{"id":352075983,"uuid":"1213524868","full_name":"JeremyDev87/legolas","owner":"JeremyDev87","description":null,"archived":false,"fork":false,"pushed_at":"2026-04-24T23:51:16.000Z","size":344,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-25T01:34:25.319Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JeremyDev87.png","metadata":{"files":{"readme":"README.en.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["JeremyDev87"]}},"created_at":"2026-04-17T13:26:13.000Z","updated_at":"2026-04-24T23:51:20.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/JeremyDev87/legolas","commit_stats":null,"previous_names":["jeremydev87/legolas"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/JeremyDev87/legolas","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JeremyDev87%2Flegolas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JeremyDev87%2Flegolas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JeremyDev87%2Flegolas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JeremyDev87%2Flegolas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JeremyDev87","download_url":"https://codeload.github.com/JeremyDev87/legolas/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JeremyDev87%2Flegolas/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32265985,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-25T09:15:33.318Z","status":"ssl_error","status_checked_at":"2026-04-25T09:15:31.997Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-25T15:03:53.045Z","updated_at":"2026-05-07T06:04:27.655Z","avatar_url":"https://github.com/JeremyDev87.png","language":"Rust","funding_links":["https://github.com/sponsors/JeremyDev87"],"categories":[],"sub_categories":[],"readme":"# Legolas\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"./README.md\"\u003e한국어\u003c/a\u003e |\n  \u003cstrong\u003eEnglish\u003c/strong\u003e |\n  \u003ca href=\"./README.zh-CN.md\"\u003e中文\u003c/a\u003e |\n  \u003ca href=\"./README.es.md\"\u003eEspañol\u003c/a\u003e |\n  \u003ca href=\"./README.ja.md\"\u003e日本語\u003c/a\u003e\n\u003c/p\u003e\n\n**Slim bundles with precision.**\n\nLegolas is a Rust-powered CLI, distributed through npm with native binaries, for finding bundle-weight problems in modern web projects. It combines source-import analysis, lockfile inspection, optional bundle-artifact evidence, budget gates, and machine-readable output so optimization work can move from local triage to CI.\n\n## What It Checks\n\n- Framework and project shape for Next.js, Vite, Webpack, Rollup, Astro, Nuxt, React, Vue, and Svelte projects\n- Static and dynamic imports in JavaScript, TypeScript, JSX, TSX, Vue, and Svelte files\n- Heavy client dependencies such as charting, editor, icon, SDK, animation, map, monitoring, and UI packages\n- Duplicate package versions from npm, pnpm, and Yarn lockfiles\n- Tree-shaking risks, including broad icon imports, root utility imports, and repeated locale subpath imports\n- Lazy-loading opportunities on route-like, dashboard, modal, editor, map, and chart surfaces\n- Server/client boundary warnings for patterns such as browser surfaces importing Node-only modules\n- Bundle artifacts when present, including Webpack `stats.json` and esbuild/Rollup `meta.json` files in known locations\n\nLegolas estimates savings directionally. Treat the numbers as prioritization signals, then confirm production impact with your own bundle analyzer and performance telemetry.\n\n## Install and Run\n\nRun without adding a dependency:\n\n```bash\nnpx @jeremyfellaz/legolas scan .\nnpx @jeremyfellaz/legolas visualize .\nnpx @jeremyfellaz/legolas optimize .\n```\n\nOr install it in a project:\n\n```bash\nnpm install -D @jeremyfellaz/legolas\nnpx legolas scan .\n```\n\nThe npm package requires Node.js `\u003e=18.17` and ships prebuilt Rust binaries for macOS `arm64/x64`, Linux `x64` with glibc, and Windows `x64`.\n\n## Commands\n\n| Command | Purpose | Common options |\n| --- | --- | --- |\n| `scan` | Full analysis report with dependency, lockfile, import, artifact, and boundary findings | `[path]`, `--config`, `--lang ko\\|en`, `--json`, `--sarif`, `--write-baseline`, `--baseline`, `--regression-only` |\n| `visualize` | Text bars for estimated dependency weight and duplicate package pressure | `[path]`, `--config`, `--lang ko\\|en`, `--limit` |\n| `optimize` | Ranked action list with difficulty, confidence, target files, and suggested fixes | `[path]`, `--config`, `--lang ko\\|en`, `--top`, `--json`, `--baseline`, `--regression-only` |\n| `budget` | Evaluates bundle-health budget rules | `[path]`, `--config`, `--lang ko\\|en`, `--json`, `--baseline`, `--regression-only` |\n| `ci` | CI-oriented budget gate that exits with code `1` on failures | `[path]`, `--config`, `--lang ko\\|en`, `--json`, `--sarif`, `--baseline`, `--regression-only` |\n\nHelp and text reports default to Korean. Pass `--lang en` for English output. Use `legolas help --lang en` for English command help.\n\n```bash\nnpx @jeremyfellaz/legolas help --lang en\n```\n\n## Common Workflows\n\nScan an app:\n\n```bash\nnpx @jeremyfellaz/legolas scan ./apps/storefront --lang en\n```\n\nGet JSON for automation:\n\n```bash\nnpx @jeremyfellaz/legolas scan ./apps/storefront --json --lang en\n```\n\nUpload SARIF from a scan-capable workflow:\n\n```bash\nnpx @jeremyfellaz/legolas scan ./apps/storefront --sarif --lang en\n```\n\nCreate and compare a baseline:\n\n```bash\nnpx @jeremyfellaz/legolas scan ./apps/storefront --write-baseline ./legolas-baseline.json --json --lang en\nnpx @jeremyfellaz/legolas scan ./apps/storefront --baseline ./legolas-baseline.json --regression-only --json --lang en\n```\n\nFail CI on budget regressions:\n\n```bash\nnpx @jeremyfellaz/legolas ci ./apps/storefront --baseline ./legolas-baseline.json --regression-only --sarif --lang en\n```\n\n## Configuration\n\nLegolas automatically discovers `legolas.config.json` from the project root. You can also pass a file explicitly with `--config`.\n\n```json\n{\n  \"scan\": {\n    \"path\": \"src\",\n    \"ignorePatterns\": [\"generated/**\", \"!generated/keep.ts\"]\n  },\n  \"visualize\": {\n    \"limit\": 12\n  },\n  \"optimize\": {\n    \"top\": 7\n  },\n  \"budget\": {\n    \"rules\": {\n      \"potentialKbSaved\": {\n        \"warnAt\": 40,\n        \"failAt\": 80\n      },\n      \"duplicatePackageCount\": {\n        \"warnAt\": 2,\n        \"failAt\": 4\n      },\n      \"dynamicImportCount\": {\n        \"warnAt\": 1,\n        \"failAt\": 0\n      }\n    }\n  }\n}\n```\n\nSource scanning also honors the project's `.gitignore` and root `.legolasignore`. `scan.ignorePatterns` uses POSIX-style path patterns relative to the resolved project root and supports `!` exception patterns like `.gitignore`.\n\n`potentialKbSaved` and `duplicatePackageCount` are maximum-style rules: higher actual values are worse. `dynamicImportCount` is a minimum-style rule: too few dynamic imports can warn or fail.\n\n## Output Formats\n\n- `scan --json` and `optimize --json` emit `legolas.analysis.v1`, documented by [docs/schema/analysis.v1.schema.json](./docs/schema/analysis.v1.schema.json).\n- `budget --json` emits `legolas.budget.v1`, documented by [docs/schema/budget.v1.schema.json](./docs/schema/budget.v1.schema.json).\n- `ci --json` emits `legolas.ci.v1`, documented by [docs/schema/ci.v1.schema.json](./docs/schema/ci.v1.schema.json).\n- `scan --sarif` and `ci --sarif` emit SARIF `2.1.0`, documented by [docs/schema/sarif.v1.json](./docs/schema/sarif.v1.json).\n\nJSON output includes a top-level `reportSummary`. SARIF output carries the same summary at `runs[0].properties.reportSummary`. The summary includes `language`, `verdictKey`, `confirmedInitialPayloadKbSaved`, `directionalOpportunityKb`, `estimatedLcpImprovementMs`, and `topActions`.\n\n`--json` and `--sarif` are mutually exclusive. `ci` returns a non-zero exit code when budget rules fail.\n\n## Example Output\n\nUse `--lang en` when you want English human-readable output. `scan` summarizes the project, verdict, confirmed initial payload savings, directional cleanup opportunity, next actions, evidence, and finding groups:\n\n```text\nLegolas scan for basic-parity-app\nProject root: \u003cPROJECT_ROOT\u003e\nMode: heuristic\nFrameworks: Vite, React\nPackage manager: pnpm\nScanned 1 source files and 4 imported packages\n\nVerdict: high impact\nConfirmed initial payload savings: ~348 KB (estimated LCP improvement ~731 ms)\nDirectional cleanup opportunity: ~366 KB\n\nTop next actions:\n1. Review chart.js upfront bundle weight [hard | high confidence | ~160 KB]\n   recommended fix: lazy-load - Register only the chart primitives you use and lazy load dashboard surfaces.\n   targets: src/Dashboard.tsx\n   evidence: src/Dashboard.tsx | specifier: chart.js | static import; Charting code is often only needed on a subset of screens.\n2. Lazy load chart.js [medium | low confidence | ~120 KB]\n   evidence: src/Dashboard.tsx | specifier: chart.js | route-like UI surface matched `dashboard` keyword\n\nHeaviest known dependencies:\n- chart.js (160 KB) [high confidence]: Charting code is often only needed on a subset of screens. imported in 1 file(s).\n```\n\n`Confirmed initial payload savings` sums only findings with source-import or bundle-artifact evidence for initial payload impact. Lockfile-only duplication is not counted in that confirmed/LCP number; it is treated as a `Directional cleanup opportunity` dependency-hygiene signal. Development/test-only duplicates are also presented as dependency-hygiene cleanup work, not as LCP improvement.\n\n`optimize` turns findings into ranked actions:\n\n```text\nLegolas optimize for basic-parity-app\n\n1. Review chart.js upfront bundle weight [hard | high confidence | ~160 KB]\n   recommended fix: lazy-load - Register only the chart primitives you use and lazy load dashboard surfaces.\n   targets: src/Dashboard.tsx\n   evidence: src/Dashboard.tsx | specifier: chart.js | static import; Charting code is often only needed on a subset of screens.\n```\n\n`budget` reports pass, warn, or fail for each rule:\n\n```text\nLegolas budget for basic-parity-app\n\nOverall status: Fail\n\nRule results:\n- potentialKbSaved: Fail (actual: 348, warnAt: 40, failAt: 80)\n- duplicatePackageCount: Pass (actual: 1, warnAt: 2, failAt: 4)\n- dynamicImportCount: Fail (actual: 0, warnAt: 1, failAt: 0)\n```\n\n## Development\n\n```bash\ncargo run -p legolas-cli -- help\ncargo test --workspace\n```\n\nContributor workflows use `cargo run -p legolas-cli -- ...` as the source of truth. The npm package wraps the compiled Rust binary from `vendor/\u003ctriple\u003e/legolas[.exe]`. When release packaging has staged those vendor binaries, validate the package layout with `npm run pack:check`.\n\n## Open Source\n\n- License: [MIT](./LICENSE)\n- Contributing guide: [CONTRIBUTING.md](./CONTRIBUTING.md)\n- Code of Conduct: [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md)\n- Security policy: [SECURITY.md](./SECURITY.md)\n- Sponsor: [GitHub Sponsors](https://github.com/sponsors/JeremyDev87)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeremydev87%2Flegolas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjeremydev87%2Flegolas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjeremydev87%2Flegolas/lists"}