Krowcode LogoKrowcode

Every Feature You Need

Krowcode is the most comprehensive code quality tool available — 9,200+ rules, 75 languages, 5 consumption surfaces, and zero cloud dependency.

Core Capabilities

9,200+ Unique Rules

The most comprehensive rule set available. 15 categories covering security, performance, complexity, dead code, maintainability, testing, API design, and more.

  • 579 security rules
  • 491 best practice rules
  • 233 performance rules
  • 197 complexity rules

75 Languages & 36 Frameworks

From TypeScript to COBOL, from React to Kubernetes. Each rule is adapted per language, producing 1.45 million targeted checks across 113 analysis targets.

  • Full AST for TypeScript/JavaScript
  • Pattern-based for Python, Go, Rust, Java
  • Framework-specific rules
  • DevOps config analysis

Privacy First — Zero Cloud

Everything runs locally on your machine. Your code never leaves your environment. No telemetry, no cloud processing, no data collection.

  • 100% local analysis
  • No external API calls
  • No telemetry or tracking
  • Optional AI features with explicit consent

Auto-Fix System

6 fixable rule types with tiered safety levels. Automatic backups before any changes. Daily fix reports documenting every modification.

  • Tier 1: 100% safe fixes
  • Tier 2: 95-99% safe fixes
  • Tier 3: 80-95% safe fixes
  • Automatic backup & rollback

Quality Scoring

0-100 quality scores with A-F letter grades. Track trends over time. Set quality gates for CI/CD enforcement.

  • Numeric 0-100 scores
  • A-F letter grades
  • Trend tracking
  • Quality gate enforcement

3-Layer FP Defense

Industry-leading false positive detection. Rule engine suppression, smart post-analysis filtering, and user config overrides work together to eliminate noise.

  • Generated code detection
  • Framework pattern awareness
  • Inline suppression comments
  • ESLint compatibility

Five Consumption Surfaces

One analysis engine, five ways to use it — pick the one that fits your workflow.

VS Code Extension

Real-time diagnostics as you type. Code lenses showing complexity scores. Hover information with rule details. Quick-fix code actions. Full quality dashboard webview.

Real-time squigglesCode lensesHover infoCode actionsDashboard panelWorkspace scanning

CLI Tool — 14 Commands

Analyze, report, fix, count, watch, diff, pre-commit, hook-install, mcp, rules, init, ai, pr-check, quality-gate. Full CI/CD integration with SARIF output.

analyzereportfixwatchdiffpre-commitmcpquality-gate

MCP Server

8 tools for AI assistants to query code quality programmatically. Works with Claude, Copilot, and any MCP-compatible client.

analyze_fileanalyze_directoryget_issuesget_quality_scoreget_rulesget_summary

Language Server (LSP)

Editor-agnostic code analysis via the Language Server Protocol. Works with Vim, Neovim, Sublime Text, and any LSP-compatible editor.

Real-time diagnosticsHover informationConfigurable severityAll 75 languages

Self-Hosted Dashboard

Team-wide metrics, trends, quality gates, and alerts. Fastify + TimescaleDB + Redis + MinIO. WebSocket real-time updates. RBAC with 4 roles.

Portfolio viewProject detailTeam dashboardQuality gatesAlert rulesRBAC

15 Rule Categories

Security

579

SQL injection, XSS, CSRF, SSRF, hardcoded secrets, eval, innerHTML

Best Practices

491

Strict equality, error handling, no var, prefer const

Performance

233

Sync operations, memory leaks, unnecessary re-renders

Style

201

Naming conventions, formatting, consistency

Complexity

197

Cyclomatic complexity, nesting depth, parameters

Dead Code

185

Unused imports, functions, classes, interfaces, exports

Maintainability

159

File/function length, unused variables, monolithic classes

Error Handling

106

Catch blocks, error types, unhandled rejections

Testing

102

Test coverage patterns, assertion quality

Technical Debt

101

TODO tracking, deprecated APIs, magic numbers

API Design

92

REST conventions, GraphQL patterns, input validation

Framework

88

React, Vue, Svelte, Angular, Express, Next.js

Documentation

85

JSDoc, docstrings, README patterns

Code Smells

42

Long methods, feature envy, data clumps

Concurrency

39

Race conditions, deadlocks, thread safety

Performance

LRU Cache

Byte-size tracking, TTL expiration, hit/miss statistics

Incremental Analysis

SHA-256 content hashing with timestamp short-circuit

Parallel Pool

Configurable concurrency with Promise.race for throughput

Pre-split Lines

Source lines passed to all rules — no redundant split()

Lazy Loading

Rules loaded on-demand to reduce startup time

File Retry

Exponential backoff for transient I/O failures

Security Hardened

  • No shell injection — execFileSync with argument arrays
  • Symlink attack prevention — backup directory validated
  • ReDoS protection — 100 KB input cap, content sampling
  • Regex injection prevention — glob-to-regex escapes all special chars
  • MCP input limits — 10 MB max payload
  • Path validation — prevents directory traversal
  • No JS config execution — refuses .js config files

Ready to Try?

Get started in under a minute. No account required.

Get Started