Getting Started with entkapp v5.4.0 β
Overview β
entkapp v5.4.0 is the Ultimate Hybrid Edition, updated to support monorepos, normal projects with high precision!
Why v5.4.0 (The Hybrid Edition)? β
This version addresses the "unstable feature-creep" of previous iterations by restoring the proven core logic from v7 while keeping the cutting-edge plugin architecture and OXC performance from v9.
π Key Improvements & Comparisons β
| Feature | entkapp v5.4.0 | Knip v6 Status |
|---|---|---|
| Circular Dependency Tracking | β Native Support (Tarjan-Algorithm) | π‘ Open Feature Request (#1734) |
| OXC Native Parsing | β Highly optimized (Rust binding pipeline) | β Not available |
| Ecosystem Plugins | β 80+ (Next.js, Nuxt, Astro, etc.) | β 100+ (dotenv, Next.js, Vite, Vue, etc.) |
| tsConfig Path Resolution | β Robust & v6-Ready | π Open Issue (#1794) |
| Monorepo Hoisting Fix | β Automatic Detection | π Open Regression (#1792) |
| Self-Healing / Auto-Fix | β Integrated (With safe transaction boundaries) | β οΈ Limited |
| Deep Program Analysis (CFG, Taint) | β Integrated | β Not available |
| SAST (ReDoS, Prototype Pollution) | β Integrated | β Not available |
| Incremental Watch Mode Analysis | β Native (Sub-second diff compilation via GraphCache) | β Full scan required |
| Supply Chain Typosquatting Detection | β Integrated (Verifies lockfile hashes and names) | β Not available |
| Automated Structural Transaction Integrity | β Native (SHA-256 backed modifications with GitSandbox) | β Not available |
| Dynamic Import Reachability Profiling | β Integrated (CFG-based predictive resolution) | β οΈ Static string mapping only |
| Dead-Code Graph Reachability | β Deep graph traversal for absolute dead files | β οΈ Syntactic heuristic checking only |
| Monorepo Boundary Enforcement | β Restricts illegal cross-package module leaking | β Config-reliant path allowance only |
| Type-Aware Dependency Pruning | β
Prunes devDependencies matching only unused types | β Structural manifest analysis only |
| Graceful AST Fault Tolerance | β Continues graph build on invalid/broken syntax nodes | β Continues analysis on invalid/broken syntax nodes |
New Features & Enhancements β
π Circular Dependency Tracking β
Detect circular dependencies in your codebase before they cause runtime issues or memory leaks. Unlike other tools, we provide a full trace of the cycle directly in the optimization plan. Read more about Circular Detection
πΊοΈ Robust tsConfig Path Mapping β
Our new PathMapper handles complex baseUrl and paths configurations with precision, ensuring that aliased imports are always resolved correctly, even in multi-package monorepos.
π¦ Monorepo Hoisting Awareness β
We've solved the "Sibling Workspace" problem. entkapp correctly identifies when dependencies are hoisted to the root, preventing false positives in individual packages.
π οΈ CLI Flag Refinement β
- The
--no-fixflag has been removed. Fixing is now default. - The
--fixflag now activates atomic code updates and structural healing without further questions.
π Windows & OXC Compatibility β
- Slashify Fix: Correct handling of Windows drive paths (e.g.,
C:/...) to prevent parsing errors. - OXC Analyzer Correction: Improved parsing logic for OXC, including
lang: "typescript"for accurate.tsfile parsing and robust handling of N-API conversion issues via JSON stabilization. - OXC Debugging: Enhanced verbose output to clearly indicate OXC status and fallback to TypeScript Compiler API if OXC fails.
π Advanced Program Analysis (Deep Tech) β
- Control Flow Graph (CFG) & Data Flow Analysis: Build a CFG from your AST to track execution flow, enabling:
- Reachable Code Analysis: Detecting dead code that syntax-matching misses.
- Definite Assignment Checking: Ensuring variables are initialized before use across all execution paths.
- Program Dependence Graph (PDG) & Taint Tracking: Implement Taint Analysis to track untrusted user input (sources) as it flows through the application to dangerous execution points (sinks, like SQL queries or
evalstatements). This turns your analyzer into a powerful SAST (Static Application Security Testing) tool. - Pointer Analysis / Alias Analysis: Determine if two different identifiers point to the same memory location or object instance.
β¨ Innovative & Novel Features β
- Workspace Diagnostic & Architecture Enforcement: Go beyond individual file linting. Analyze the entire workspace structure. Let users define strict architectural boundaries (e.g., "Files in
/featurescannot import files from/utilitiesdirectly; they must go through the public API"). Validate workspace configuration health, such as checking for circular dependencies across monorepo packages, misaligned dependency versions, or invalid license headers. - Type Typo / "Type-Jail" Analysis: For dynamically typed languages or loose TypeScript/JSDoc environments, track structural shapes implicitly to warn developers when they are accessing a property that probably doesn't exist on an object based on its history in the flow graph.
- Complexity Matrix & Technical Debt Costing: Combine complexity with change-frequency (via Git history integration). High-complexity code that changes often is a "Hotspot." Tell the developer exactly which files are costing them the most maintenance.
π΅οΈ Better Secrets Detection β
- Enhanced heuristics for detecting hardcoded secrets, including Google API Keys, Firebase API Keys, SSH keys, and certificates.
π Improved Dynamic Importing / Exporting / Entry β
- More robust resolution of dynamic imports and exports, including handling of computed exports and complex barrel file structures.
Quick Start β
Installation β
npm install entkappBasic Usage β
npx entkapp -rApply Fixes (with confirmation) β
npx entkapp -r --fixCheck for Circular Dependencies β
npx entkapp -r --verboseScan for Hardcoded Secrets β
npx entkapp -r --verboseNote: Always use the
-ror--runflag to execute the analysis loop. v5.4.0 focuses on security and precision. Use--verbosefor detailed debugging output, including OXC status and fallback information.
Community-Driven Development β
We listen to the issues that matter. By addressing long-standing pain points like circular dependency tracking and robust path resolution, we ensure that your developer experience is smooth and productive.