TOSEM 2025 Publication
Code Health Meter: A Quantitative and Graph-Theoretic Foundation for Automated Code Quality and Architecture Assessment
📄 ACM TOSEM Paper
Code Health Meter (CHM) is a deterministic and modular static analysis framework that produces a formal, reproducible six-dimensional signature for each source module. It integrates complexity theory, duplication detection, and graph-theoretic analysis to quantify maintainability and structural soundness.
The system computes:
- Maintainability Index (MI): from Halstead metrics, Cyclomatic Complexity, and SLOC.
- Cyclomatic Complexity (CC): based on control flow graphs.
- Duplication Score: Rabin–Karp fingerprinting via jscpd.
- Modularity (Q): Louvain community detection.
- Centrality: degree and betweenness metrics on the call graph.
- Coupling Metrics: using static dependency extraction.
# choose one package manager
pnpm add -D code-health-meter
yarn add -D code-health-meter
npm i -D code-health-meter- Node.js ≥ 18.x
- (Optional for SVG export) Graphviz
macOS:brew install graphviz• Debian/Ubuntu:sudo apt install graphviz
Why two ways?
• One‑off runs: use npx (npm) or dlx (pnpm) to download & execute temporarily.
• Local runs: install the package, then use exec (pnpm) or npx (npm) so the binary resolves from your workspace.
# npm
npx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
# pnpm (equivalent of npx)
pnpm dlx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html# pnpm
pnpm exec code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
# npm
npx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format htmlHeads‑up (pnpm):
pnpm code-health-meteris not a CLI invocation; pnpm treats that as a script name.
Usepnpm dlx …(no install) orpnpm exec …(after installing).
Supported formats: html, json, or html,json for both.
# One‑off
npx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
pnpm dlx code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html
# Installed locally
pnpm exec code-health-meter --srcDir "./tests/mock-project" --outputDir "./tests/output" --format htmlTip (scripts): add
"scan": "code-health-meter --srcDir ./tests/mock-project --outputDir ./tests/output --format html"and runpnpm run scan/yarn run scan/npm run scan.
To replicate the analysis presented in the paper:
git clone https://github.com/helabenkhalfallah/code-health-meter.git
cd code-health-meter
pnpm install
pnpm run scan --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html📂 tests/mock-json-scan/
code-complexity-audit/CodeComplexityReport.jsoncode-modularity-audit/CodeModularityReport.jsoncode-modularity-audit/CodeModularityReport.svgcode-duplication-audit/jscpd-report.json
📂 tests/mock-html-scan/
code-complexity-audit/CodeComplexityReport.htmlcode-modularity-audit/CodeModularityReport.htmlcode-duplication-audit/html/index.html- Additional styled UI in
styles/andjs/
Note on Scale and Reproducibility: The included tests/mock-project is a simplified version intended for demonstration and functional validation of the Code Health Meter (CHM) framework. The original system evaluated in the TOSEM paper comprises approximately 14,000 lines of JavaScript/TypeScript code across 221 modules. Due to size and licensing constraints, that full system is not distributed as part of this artifact. However, the provided mock-project, along with the structured output reports, fully reproduces the CHM analysis pipeline, including complexity metrics, duplication detection, and graph-based modularity assessments.
src/– CHM analysis kernel (complexity, modularity, duplication)cli/– Command-line interfacetests/mock-project/– Evaluation system from TOSEM studytests/mock-json-scan/– Machine-readable output (JSON, SVG)tests/mock-html-scan/– Human-readable dashboard (HTML, CSS)
Analyzed entries vs raw files: per-metric builders operate on analyzed entries produced by a single
inspectDirectory()pass (not on raw file paths). The term entries is used below to make this explicit.
// src/kernel/complexity/CodeComplexityMetrics.js
import {
buildMaintainabilityReports, // MI
buildSLOCReports, // SLOC
buildCyclomaticReports, // CC
buildHalsteadMetricReports // Halstead
} from "./src/kernel/complexity/CodeComplexityMetrics.js";
// entries: array produced by a single inspectDirectory() pass
const reports = [
...buildMaintainabilityReports(entries),
...buildSLOCReports(entries),
...buildCyclomaticReports(entries),
...buildHalsteadMetricReports(entries),
];Full complexity report (composer):
// src/kernel/complexity/CodeComplexityBuilder.js
import { buildFullComplexityReport } from "./src/kernel/complexity/CodeComplexityBuilder.js";
const { summary, auditReports } = buildFullComplexityReport({
entries, // from inspectDirectory()
metricIds: ["mi","sloc","cyclo","hal"],
summaryBase, // aggregates you already computed
buildAuditStats, // categorization helper
});Producing analyzed entries:
// src/kernel/complexity/CodeComplexityUtils.js
import { inspectDirectory } from "./src/kernel/complexity/CodeComplexityUtils.js";
const { summary, files: entries } = inspectDirectory({
srcDir: "./tests/mock-project",
options: {/* parser / analyzer options */}
});// src/kernel/modularity/CodeModularityUtils.js, CodeModularityMetrics.js
import {
buildDirectoryTree, // Madge: obj() + svg()
buildLouvainGraph, // Graphology graph (directed)
} from "./src/kernel/modularity/CodeModularityUtils.js";
import {
detectCommunities, // Louvain communities + modularity
readDensity,
readDegreeCentralities
} from "./src/kernel/modularity/CodeModularityMetrics.js";
const { tree, treeVisualization } = await buildDirectoryTree(".");
const graph = await buildLouvainGraph(tree, treeVisualization);
const { modularity, communities } = detectCommunities(graph);
const { density } = readDensity(graph);
const { degreeCentrality, inDegreeCentrality, outDegreeCentrality } = readDegreeCentralities(graph);The duplication auditor uses jscpd and writes JSON/HTML to code-duplication-audit/. Programmatic consumption can read and parse jscpd-report.json:
import fs from "fs";
const dup = JSON.parse(
fs.readFileSync("./tests/output/code-duplication-audit/jscpd-report.json", "utf8")
);
console.log("clones:", dup.total?.clones || dup.statistics?.total?.clones);Duplication — fixed reproducibility
✅ In tests/mock-project, CHM identifies 1 clone of 6 lines, matching the expected test results.
- Dependency graph is directed by default; centralities computed accordingly
- Louvain (Graphology) provides stable results for a fixed toolchain
- CHM favors a single‑pass complexity pipeline (compute once, reuse entries)
-
pnpm:
Command "code-health-meter" not found
Usepnpm dlx code-health-meter …(no install) orpnpm exec code-health-meter …(afterpnpm add -D code-health-meter). -
Missing SVGs
Install Graphviz (brew install graphvizorapt install graphviz), or run with--format jsonif SVGs aren’t needed. -
No outputs produced
Ensure--outputDirexists or is creatable; CHM creates it and writes:
CodeComplexityReport.{html|json},CodeModularityReport.{html|json|svg},code-duplication-audit/….
git clone https://github.com/helabenkhalfallah/code-health-meter.git
cd code-health-meter
pnpm install
pnpm run scan --srcDir "./tests/mock-project" --outputDir "./tests/output" --format html,json- Functional: Clarified pnpm usage (
dlx/exec) to eliminate “command not found”. - Reproducibility: Duplication detection now deterministic (1 clone / 6 lines in
tests/mock-project). - Reusable: Exposed Cyclomatic & Halstead builders as public APIs; added guidance on analyzed entries.
@article{benkhalfallah2025chm,
author = {Héla Ben Khalfallah},
title = {Code Health Meter: A Quantitative and Graph-Theoretic Foundation for Automated Code Quality and Architecture Assessment},
journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
year = {2025},
note = {To appear},
}Licensed under the MIT License. See the LICENSE file.