@framework-doctor/angular
Advanced tools
Diagnose and improve your Angular codebase health.
One command scans your codebase for security, performance, correctness, and dead code issues, then outputs a 0–100 score with actionable diagnostics.
Run at your project root:
npx -y @framework-doctor/angular .
Or use the unified CLI (auto-detects Angular):
npx -y @framework-doctor/cli .
Usage: angular-doctor [directory] [options]
Options:
-v, --version display the version number
--no-lint skip linting
--no-dead-code skip dead code detection
--no-audit skip dependency vulnerability audit
--format <format> output format: text or json
--verbose show file details per rule
--score output only the score (CI-friendly)
-y, --yes skip prompts, scan all workspace projects
--no-analytics disable anonymous analytics
--project <name> select workspace project (comma-separated for multiple)
--diff [base] scan only files changed vs base branch
--offline skip remote scoring (local score only)
-h, --help display help for command
Create angular-doctor.config.json:
{
"ignore": {
"rules": ["angular-doctor/no-eval", "angular-doctor/no-inner-html-binding"],
"files": ["src/generated/**"]
},
"lint": true,
"deadCode": true,
"audit": true,
"verbose": false,
"diff": false,
"analytics": true
}
Or use the angularDoctor key in package.json:
{
"angularDoctor": {
"deadCode": true,
"ignore": { "rules": ["angular-doctor/no-eval"] }
}
}
Angular Doctor also supports unified config via framework-doctor.config.json with an angularDoctor section. Framework-specific config overrides unified options.
Angular Doctor runs:
pnpm audit (use --no-audit to skip)Angular Doctor flags:
eval() — Code injection risknew Function() — Code injection risksetTimeout("string") / setInterval("string") — Implied evalinnerHTML binding — Raw HTML can lead to XSS if content is unsanitizedbypassSecurityTrust* — Bypassing Angular’s sanitizer can lead to XSSAngular Doctor optionally sends anonymous usage data when you opt in. Data is sent to your Supabase Edge Function (see supabase/README.md) when FRAMEWORK_DOCTOR_TELEMETRY_URL is configured. If your function enforces TELEMETRY_KEY, set FRAMEWORK_DOCTOR_TELEMETRY_KEY in the client environment. Limited to framework type, score range, diagnostic count. No code or paths are collected.
~/.framework-doctor/config.json.--no-analytics, set "analytics": false in config, or DO_NOT_TRACK=1.git clone https://github.com/pitis/framework-doctor
cd framework-doctor
pnpm install
pnpm build
Run locally:
pnpm exec angular-doctor /path/to/your/angular-project
# or directly:
node packages/angular-doctor/dist/cli.js /path/to/your/angular-project
FAQs
Diagnose Angular codebase health
The npm package @framework-doctor/angular receives a total of 8 weekly downloads. As such, @framework-doctor/angular popularity was classified as not popular.
We found that @framework-doctor/angular demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Malicious packages published to npm, PyPI, Go Modules, crates.io, and Packagist impersonate developer tooling to fetch staged malware, steal credentials and wallets, and enable remote access.
Security News
Microsoft has released an open source toolkit for enforcing runtime security policies on AI agents as adoption accelerates faster than governance controls.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.