__ __ _ __
__ ______ __________/ /____/ /_(_)____/ /__
/ / / / __ `/ ___/ __ / ___/ __/ / ___/ //_/
/ /_/ / /_/ / / / /_/ (__ ) /_/ / /__/ ,<
\__, /\__,_/_/ \__,_/____/\__/_/\___/_/|_|
/____/
Code metrics for Javascript
Install it:
% sudo npm install -g yardstick
Run it on one or more code files:
% yardstick mole.js
Scope CC Ar Cd Cm Cm/Cd
mole.js 79 - 415 162 39
anon@55 1 1 3 0 0
readCert 2 0 11 3 27
init 2 1 8 5 63
register 2 1 17 12 71
anon@274 1 1 10 5 50
token 2 1 9 2 22
anon@307 1 1 3 0 0
...
CC: Estimated cyclomatic complexity. "Estimated", since this is a hard
nut to crack on Javascript without actually running the code. The estimate
is fairly good however and the point being "higher number => higer
complexity => not necessarily so good" is still valid.
Ar: Arity of the function.
Cd: Number of lines of code, excluding blanks and comments.
Cm: Number of lines of comments.
Cm/Cd: Ratio of comments to code, as a percentage. So 100 means there
are as many lines of comments as there are lines of code, while 25 means
there are four times as many lines of code.
By themselves, possibly. But they can be a handy guide for evaluating areas of code that could use some love. It's a tool like anything else.
yardstick differs from $othertool!Like I said, calculating CC for JS code is nontrivial. A common approach for other languages is to simply count branching keywords. That doesn't give anything like the the full picture in JS since many common control structures are instead expressed as function calls. Consider:
for (var i = 0; i < 5; i++) {
/* ... */
}
vs
[0, 1, 2, 3, 4].forEach(function (i) {
/* ... */
});
Any tool that doesn't recognize those as the same structure is broken. Likewise:
someEventEmitter.on('something', function (d) {
/* ... */
}).on('error', function (e) {
/* ... */
});
Not to mention:
someEventEmitter.on('something', declaredElsewhere)
.on('error', alsoDeclaredElseWhere);
That last case isn't handled well by yardstick either...
MIT
FAQs
Cyclomatic dependency calculator for Javascript
The npm package yardstick receives a total of 0 weekly downloads. As such, yardstick popularity was classified as not popular.
We found that yardstick demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.
Research
/Security News
Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.