TOSEM 2025 Publication
Code Health Meter: A Quantitative and Graph-Theoretic Foundation for Automated Code Quality and Architecture Assessment
π ACM TOSEM Paper
Code Health Meter (CHM) is a deterministic and modular static analysis framework that produces a formal, reproducible six-dimensional signature for each source module. It integrates complexity theory, duplication detection, and graph-theoretic analysis to quantify maintainability and structural soundness.
The system computes:
- Maintainability Index (MI): from Halstead metrics, Cyclomatic Complexity, and SLOC.
- Cyclomatic Complexity (CC): based on control flow graphs.
- Duplication Score: RabinβKarp fingerprinting via jscpd.
- Modularity (Q): Louvain community detection.
- Centrality: degree and betweenness metrics on the call graph.
- Coupling Metrics: using static dependency extraction.
# choose one package manager
pnpm add -D code-health-meter
yarn add -D code-health-meter
npm i -D code-health-meter- Node.js β₯ 18.x
- (Optional for SVG export) Graphviz
macOS:brew install graphvizβ’ Debian/Ubuntu:sudo apt install graphviz
Why two ways?
β’ Oneβoff runs: use npx (npm) or dlx (pnpm) to download & execute temporarily.
β’ Local runs: install the package, then use exec (pnpm) or npx (npm) so the binary resolves from your workspace.
# npm
npx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
# pnpm (equivalent of npx)
pnpm dlx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html# pnpm
pnpm exec code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
# npm
npx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format htmlHeadsβup (pnpm):
pnpm code-health-meteris not a CLI invocation; pnpm treats that as a script name.
Usepnpm dlx β¦(no install) orpnpm exec β¦(after installing).
Supported formats: html, json, or html,json for both.
# Oneβoff
npx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
pnpm dlx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
# Installed locally
pnpm exec code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format htmlTip (scripts): add
"scan": "code-health-meter --srcDir ./tests/mock-project --outputDir ./tests/output --format html"and runpnpm run scan/yarn run scan/npm run scan.
To replicate the analysis presented in the paper:
git clone https://github.com/helabenkhalfallah/code-health-meter.git
cd code-health-meter
pnpm install
pnpm run scan --srcDir "./tests/mock-project" --outputDir "./tests/output" --format htmlπ tests/mock-json-scan/
code-complexity-audit/CodeComplexityReport.jsoncode-modularity-audit/CodeModularityReport.jsoncode-modularity-audit/CodeModularityReport.svgcode-duplication-audit/jscpd-report.json
π tests/mock-html-scan/
code-complexity-audit/CodeComplexityReport.htmlcode-modularity-audit/CodeModularityReport.htmlcode-duplication-audit/html/index.html- Additional styled UI in
styles/andjs/
Note on Scale and Reproducibility: The included tests/mock-project is a simplified version intended for demonstration and functional validation of the Code Health Meter (CHM) framework. The original system evaluated in the TOSEM paper comprises approximately 14,000 lines of JavaScript/TypeScript code across 221 modules. Due to size and licensing constraints, that full system is not distributed as part of this artifact. However, the provided mock-project, along with the structured output reports, fully reproduces the CHM analysis pipeline, including complexity metrics, duplication detection, and graph-based modularity assessments.
src/β CHM analysis kernel (complexity, modularity, duplication)cli/β Command-line interfacetests/mock-project/β Evaluation system from TOSEM studytests/mock-json-scan/β Machine-readable output (JSON, SVG)tests/mock-html-scan/β Human-readable dashboard (HTML, CSS)
Analyzed entries vs raw files: per-metric builders operate on analyzed entries produced by a single
inspectDirectory()pass (not on raw file paths). The term entries is used below to make this explicit.
// src/kernel/complexity/CodeComplexityMetrics.js
import {
buildMaintainabilityReports, // MI
buildSLOCReports, // SLOC
buildCyclomaticReports, // CC
buildHalsteadMetricReports // Halstead
} from "./src/kernel/complexity/CodeComplexityMetrics.js";
// entries: array produced by a single inspectDirectory() pass
const reports = [
...buildMaintainabilityReports(entries),
...buildSLOCReports(entries),
...buildCyclomaticReports(entries),
...buildHalsteadMetricReports(entries),
];Full complexity report (composer):
// src/kernel/complexity/CodeComplexityBuilder.js
import { buildFullComplexityReport } from "./src/kernel/complexity/CodeComplexityBuilder.js";
const { summary, auditReports } = buildFullComplexityReport({
entries, // from inspectDirectory()
metricIds: ["mi","sloc","cyclo","hal"],
summaryBase, // aggregates you already computed
buildAuditStats, // categorization helper
});Producing analyzed entries:
// src/kernel/complexity/CodeComplexityUtils.js
import { inspectDirectory } from "./src/kernel/complexity/CodeComplexityUtils.js";
const { summary, files: entries } = inspectDirectory({
srcDir: "./tests/mock-project",
options: {/* parser / analyzer options */}
});// src/kernel/modularity/CodeModularityUtils.js, CodeModularityMetrics.js
import {
buildDirectoryTree, // Madge: obj() + svg()
buildLouvainGraph, // Graphology graph (directed)
} from "./src/kernel/modularity/CodeModularityUtils.js";
import {
detectCommunities, // Louvain communities + modularity
readDensity,
readDegreeCentralities
} from "./src/kernel/modularity/CodeModularityMetrics.js";
const { tree, treeVisualization } = await buildDirectoryTree(".");
const graph = await buildLouvainGraph(tree, treeVisualization);
const { modularity, communities } = detectCommunities(graph);
const { density } = readDensity(graph);
const { degreeCentrality, inDegreeCentrality, outDegreeCentrality } = readDegreeCentralities(graph);The duplication auditor uses jscpd and writes JSON/HTML to code-duplication-audit/. Programmatic consumption can read and parse jscpd-report.json:
import fs from "fs";
const dup = JSON.parse(
fs.readFileSync("./tests/output/code-duplication-audit/jscpd-report.json", "utf8")
);
console.log("clones:", dup.total?.clones || dup.statistics?.total?.clones);Duplication β fixed reproducibility
β
In tests/mock-project, CHM identifies 1 clone of 6 lines, matching the expected test results.
- Dependency graph is directed by default; centralities computed accordingly
- Louvain (Graphology) provides stable results for a fixed toolchain
- CHM favors a singleβpass complexity pipeline (compute once, reuse entries)
-
pnpm:
Command "code-health-meter" not found
Usepnpm dlx code-health-meter β¦(no install) orpnpm exec code-health-meter β¦(afterpnpm add -D code-health-meter). -
Missing SVGs
Install Graphviz (brew install graphvizorapt install graphviz), or run with--format jsonif SVGs arenβt needed. -
No outputs produced
Ensure--outputDirexists or is creatable; CHM creates it and writes:
CodeComplexityReport.{html|json},CodeModularityReport.{html|json|svg},code-duplication-audit/β¦.
git clone https://github.com/helabenkhalfallah/code-health-meter.git
cd code-health-meter
pnpm install
pnpm run scan --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html,json- Functional: Clarified pnpm usage (
dlx/exec) to eliminate βcommand not foundβ. - Reproducibility: Duplication detection now deterministic (1 clone / 6 lines in
tests/mock-project). - Reusable: Exposed Cyclomatic & Halstead builders as public APIs; added guidance on analyzed entries.
@article{benkhalfallah2025chm,
author = {HΓ©la Ben Khalfallah},
title = {Code Health Meter: A Quantitative and Graph-Theoretic Foundation for Automated Code Quality and Architecture Assessment},
journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
year = {2025},
note = {To appear},
}Licensed under the MIT License. See the LICENSE file.