Programming Languages

• xenon
• styler - printing of R code.
• flay
• flog
• Railroader
• RuboCop
• ruby-lint
• SandiMeter
• Sorbet
• C2Rust - compliant code to Rust. The translator (or transpiler) produces unsafe Rust code that closely mirrors the input C code.
• cargo-audit - db/).
• cargo-semver-checks - plz`. It found semver violations in [more than 1 in 6 of the top 1000 most-downloaded crates](https://predr.ag/blog/semver-violations-are-common-better-tooling-is-the-answer/) on crates.io.
• diff.rs
• Prusti
• rust-analyzer
• holistic
• SQLFluff
• squawk
• Visual Expert
• WartRemover
• sh
• SwiftFormat - line formatting tool for reformatting Swift code.
• Frink
• Nagelfar
• tclchecker
• Codelyzer
• fta - based static analysis for TypeScript projects
• stc
• tslint-clean-code
• zod - first schema validation with static type inference. The goal is to eliminate duplicative type declarations. With Zod, you declare a validator once and Zod will automatically infer the static TypeScript type. It is easy to compose simpler types into complex data structures.
• DesigniteJava
• ruby-lint
• goodpractice - practice recommendations.
• electrolysis
• IKOS
• TrustInSoft Analyzer - of-bounds array accesses, null-pointer dereferences, use-after-free, divide-by-zeros, uninitialized memory accesses, signed overflows, invalid pointer arithmetic, etc.), data flow and control flow verification as well as full functional verification of formal specifications. All versions of C up to C18 and C++ up to C++20 are supported. TrustInSoft Analyzer will acquire ISO 26262 qualification in Q2'2023 (TCL3). A MISRA C checker is also bundled.
• Regal
• MIRAI - level intermediate language, and providing warnings based on taint analysis.
• STOKE - language agnostic stochastic optimizer for the x86_64 instruction set. It uses random search to explore the extremely high-dimensional space of all possible program transformations.
• clazy - oriented static code analyzer based on the Clang framework. clazy is a compiler plugin which allows clang to understand Qt semantics. You get more than 50 Qt related compiler warnings, ranging from unneeded memory allocations to misusage of API, including fix-its for automatic refactoring.
• CMetrics
• cqmetrics
• ESBMC - bounded model checker based on satisfiability modulo theories for the verification of single- and multi-threaded C/C++ programs.
• ENRE-cpp - cpp is a ENtity Relationship Extractor for C/C++ based on @eclipse/CDT. (Under development)
• cppcheck
• CppDepend
• clang-tidy - based C++ linter tool with the (limited) ability to fix issues, too.
• cpplint
• KLEE - generate test cases for programs such that the test cases exercise as much of the program as possible.
• splint - assisted static program checker.
• SVF
• ArchUnitNET
• Meziantou.Analyzer
• SonarAnalyzer.CSharp
• Wintellect.Analyzers
• lint - driven set of lint rules for Dart and Flutter projects. Like pedantic but stricter
• DelphiLint - the-fly code analysis and linting, powered by SonarDelphi.
• SonarDelphi
• D-scanner - Scanner is a tool for analyzing D source code.
• credo
• dialyxir
• sobelow - focused static analysis for the Phoenix Framework.
• elvis
• fantomas
• FSharpLint
• ionide-analyzers
• Fortitude
• aligncheck
• bodyclose
• deadcode
• dogsled
• errcheck
• errwrap
• flen
• go-consistent
• go-critic
• gochecknoglobals
• goconst
• gofumpt - compatible. That is, `gofumpt` is happy with a subset of the formats that `gofmt` is happy with.
• gokart
• golint
• goreporter
• goroutine-inspect
• ineffassign
• misspell
• nakedret
• nargs
• OSV-Scanner
• prealloc
• structslop
• unconvert
• unparam
• wsl
• CodeNarc
• HLint
• Liquid Haskell
• Weeder
• ck - oriented metrics by processing the source Java files.
• Dataflow Framework - strength dataflow framework for Java. The Dataflow Framework is used in the Checker Framework, Google’s Error Prone, Uber’s NullAway, Meta’s Nullsafe, and in other contexts. It is distributed with the Checker Framework.
• DesigniteJava
• Doop - to-end (fact generation, processing, statistics, etc.).
• forbidden-apis
• google-java-format
• NullAway - based null-pointer checker with low build-time overhead; an [Error Prone](http://errorprone.info/) plugin.
• RefactorFirst
• Soot
• Violations Lib
• JSLint - tools-dev/static-analysis/issues/223>) — The JavaScript Code Quality Tool.
• retire.js
• xo
• JET
• StaticLint
• detekt
• ktfmt
• luacheck
• lualint - based static analysis of global variable usage in Lua source code.
• Sys
• VeriFast - threaded and multithreaded C and Java programs annotated with preconditions and postconditions written in separation logic. To express rich specifications, the programmer can define inductive datatypes, primitive recursive pure functions over these datatypes, and abstract separation logic predicates.
• churn-php
• composer-dependency-analyser
• dephpend
• deptrac
• DesignPatternDetector
• GrumPHP
• larastan
• mago
• parallel-lint
• Parse
• PHP Architecture Tester
• PHP Assumptions
• PHP Insights
• PHP Refactoring Browser
• PHP-Parser
• php-speller
• PHPArkitect
• phploc
• phpmnd
• PHPQA
• phpqa - jakzal
• phpqa - jmolivas - in-one Analyzer CLI tool.
• Progpilot
• Reflection
• Tuli
• twig-lint - lint is a lint tool for your twig files.
• Perl::Analyzer - Analyzer is a set of programs and modules that allow users to analyze and visualize Perl codebases by providing information about namespaces and their relations, dependencies, inheritance, and methods implemented, inherited, and redefined in packages, as well as calls to methods from parent packages via SUPER.
• zarn
• autoflake
• bellybutton - specific rules.
• cohesion
• Dlint
• flake8
• Griffe
• linty fresh
• mbake
• pip-audit - commit hooks, and multiple vulnerability service integrations.
• prospector
• pyflakes
• pylyzers
• pyright
• pyroma
• pytype
• refurb - in linter for Rust.
• Safety
• ty
• vulture
• yapf
• cyclocomp
• flowR - analysis/flowr/wiki/Terminology#program-slice) and [dataflow analyzer](https://en.wikipedia.org/wiki/Data-flow_analysis) for the [R](https://www.r-project.org/) programming language. Its slicer allows you to reduce a complicated program just to the parts related for a specific task (e.g., the generation of a single or collection of plots, a significance test, ...). The dataflow analysis provides you with a detailed view on the semantics of the R code which can greatly improve other analyses. To use _flowR_, check out the [Visual Studio Code extension](https://marketplace.visualstudio.com/items?itemName=code-inspect.vscode-flowr), the [RStudio Addin](https://github.com/flowr-analysis/rstudio-addin-flowr), the [Docker image](https://hub.docker.com/r/eagleoutice/flowr), or the [R package](https://github.com/flowr-analysis/flowr-r-adapter).
• goodpractice - practice recommendations.
• rco
• Active Record Doctor
• Bullet
• bundler-audit - advisory-db).
• DatabaseConsistency
• dawnscanner
• ERB Lint
• ERB::Formatter
• Fasterer
• Fukuzatsu
• htmlbeautifier
• pelusa - type tool to improve your OO Ruby code.
• reek
• rubycritic
• rufo - editor plugin, to autoformat files on save or on demand.
• Skunk - - Find the most complicated code without test coverage!
• Standard Ruby
• Steep
• Traceroute
• cargo udeps
• cargo-breaking - breaking compares a crate's public API between two different branches, shows what changed, and suggests the next version according to semver.
• cargo-call-stack
• cargo-deny
• cargo-expand
• cargo-geiger
• cargo-show-asm - IR and MIR generated for Rust code
• cargo-spellcheck
• cargo-unused-features
• kani - precise model checker for Rust.
• lockbud
• rustfix - party lints, like those offered by clippy).