Magdoub/App-Size-Analyzer

https://github.com/Magdoub/App-Size-Analyzer

Scanned on Mar 19, 2026

2 High
28 Medium
26 Low

AI Assessment

VERDICT

The repository is production-ready from a security perspective but has moderate code quality issues that should be addressed before major releases. Scanner reports zero security, secrets, or dependency vulnerabilities.

TOP RISKS

→ Ten instances of 145-line duplicated code blocks flagged across src/lib/parsers/android/aab-parser.js, specs/002-sort-by-size/checklists/requirements.md, and sample-files/README.md. This reduces maintainability and increases bug-fix complexity.

→ High cyclomatic complexity (CCN 35) flagged in src/lib/parsers/common/types.js:16 and src/lib/parsers/android/proto/resources-proto.js:259. The scanner detected this pattern 15 times across multiple parser files, suggesting the detectContentType function or similar logic branches extensively.

→ No CI/CD pipeline, SECURITY.md policy file, or CODEOWNERS configuration detected. These governance gaps increase operational risk despite code quality being acceptable.

WHAT TO FIX FIRST

Refactor the detectContentType function in src/lib/parsers/common/types.js to reduce CCN 35 down to acceptable levels (target: <10). This single finding appears 15 times across the codebase and directly impacts testability and maintainability.

RECOMMENDATION

Verify the HIGH duplicated code findings against actual file content—README files sometimes trigger false positives. The medium-severity complexity issues are real and worth addressing through function decomposition. Add missing governance files (CI/CD workflow, SECURITY.md, CODEOWNERS) to complete the production readiness profile.

fix-prompt.md

Category Breakdown

Security0%Secrets & Credentials0%Dependencies0%Code Quality0%Best Practices0%
300/300
Security
200/200
Secrets & Credentials
150/150
Dependencies
72/100
Code Quality25 findings
100/100
Best Practices3 findings

Findings(56 in 5 groups)

Duplicate found between sample-files/README.md:3 and public/sample-files/README.md:3. Consider extracting shared logic into a reusable function or module.

Affected files

sample-files/README.mdL3
specs/002-sort-by-size/checklists/requirements.mdL3
src/lib/parsers/android/aab-parser.jsL379
src/lib/analysis/image-compression/compressor.jsL195
specs/010-summary-page-graphs/checklists/requirements.mdL5
specs/009-sample-file-quickstart/checklists/requirements.mdL5
specs/007-xray-insights-enhancements/checklists/requirements.mdL3
specs/003-xray-ux-improvements/checklists/requirements.mdL3
specs/001-app-size-analyzer/checklists/requirements.mdL5
src/lib/analysis/image-compression/compressor.jsL142
sample-files/README.mdL3
specs/002-sort-by-size/checklists/requirements.mdL3
src/lib/parsers/android/aab-parser.jsL379
src/lib/analysis/image-compression/compressor.jsL195
specs/010-summary-page-graphs/checklists/requirements.mdL5
specs/009-sample-file-quickstart/checklists/requirements.mdL5
specs/007-xray-insights-enhancements/checklists/requirements.mdL3
specs/003-xray-ux-improvements/checklists/requirements.mdL3
specs/001-app-size-analyzer/checklists/requirements.mdL5
src/lib/analysis/image-compression/compressor.jsL142

Function "detectContentType ( path )" has a cyclomatic complexity of 35 (77 lines, 1 parameters). This function is very complex. Consider breaking it into smaller, more focused functions.

Affected files

src/lib/parsers/common/types.jsL16
src/lib/parsers/android/proto/resources-proto.jsL259
src/lib/parsers/android/binary-xml-parser.js0
src/lib/parsers/ios/ipa-parser.js0
src/lib/parsers/ios/framework-parser.js0
src/lib/analysis/breakdown-generator.js0
src/App.vueL396
src/composables/useChatGPTPrompt.js0
src/lib/analysis/insight-rules.jsL864
src/composables/useChatGPTPrompt.js0
src/lib/parsers/android/apk-parser.jsL170
src/lib/parsers/android/arsc-parser.js0
src/lib/parsers/android/aab-parser.jsL215
src/lib/visualization/color-scheme.js0
src/lib/parsers/common/zip-parser.jsL37
src/lib/parsers/common/types.jsL16
src/lib/parsers/android/proto/resources-proto.jsL259
src/lib/parsers/android/binary-xml-parser.js0
src/lib/parsers/ios/ipa-parser.js0
src/lib/parsers/ios/framework-parser.js0

and 10 more files...

No CI/CD configuration was found (GitHub Actions, GitLab CI, CircleCI, etc.). Continuous integration helps catch issues before they reach production.

Affected files

unknown
unknown

This repository has no SECURITY.md file. A security policy helps users report vulnerabilities responsibly and shows that the project takes security seriously.

Affected files

unknown
unknown

This repository has no CODEOWNERS file. CODEOWNERS ensures that pull requests are automatically assigned to the right reviewers, improving code review coverage.

Affected files

unknown
unknown

Share your ShipScanner

Show the world your code quality. Your report has a beautiful preview image built in.

LinkedInTwitter / X

Embed Trust Badge

Show your code quality score in your README. The badge updates automatically every time you re-scan.

README.md
ShipScanner: A 743
[![ShipScanner: A 743](https://shipscanner.dev/api/badge/cmmxgt7760003js046flgtuoq)](https://shipscanner.dev/report/cmmxgt7760003js046flgtuoq)