[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-10937":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":13,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":31,"readmeContent":32,"aiSummary":33,"trendingCount":14,"starSnapshotCount":14,"syncStatus":16,"lastSyncTime":34,"discoverSource":35},10937,"reach","elixir-vibe\u002Freach","elixir-vibe","Program dependence graph and architecture\u002Fcode-flow analysis for BEAM projects",null,"Elixir",147,10,3,0,1,2,17,47.82,"MIT License",false,"master",[23,24,25,26,27,28,29,30],"data-flow","dependence-graph","elixir","erlang","program-analysis","slicing","static-analysis","taint-analysis","2026-06-12 04:00:53","# Reach\n\nProgram dependence graph and release-safety toolkit for Elixir, Erlang, Gleam, JavaScript, and TypeScript.\n\nReach builds a graph of **what depends on what** in your code: control flow, call graph, data flow, effects, and OTP\u002Fprocess relationships. Use it to inspect risky functions, trace values, validate architecture policy, and generate interactive HTML reports.\n\nElixir 1.18+ \u002F OTP 27+.\n\n## Installation\n\n```elixir\ndef deps do\n  [\n    {:reach, \"~> 2.0\", only: [:dev, :test], runtime: false}\n  ]\nend\n```\n\nOptional dependencies enable richer output:\n\n```elixir\n{:jason, \"~> 1.0\"},       # JSON output\n{:boxart, \"~> 0.3.3\"},    # terminal graphs\n{:makeup, \"~> 1.0\"},\n{:makeup_elixir, \"~> 1.0\"},\n{:makeup_js, \"~> 0.1\"}\n```\n\n## Quickstart\n\nGenerate an interactive report:\n\n```bash\nmix reach\n```\n\nMap the project:\n\n```bash\nmix reach.map\nmix reach.map --modules\nmix reach.map --coupling\nmix reach.map --hotspots\n```\n\nInspect a target:\n\n```bash\nmix reach.inspect MyApp.Accounts.create_user\u002F1 --context\nmix reach.inspect lib\u002Fmy_app\u002Faccounts.ex:42 --impact\nmix reach.inspect MyApp.Accounts.create_user\u002F1 --why MyApp.Repo\n```\n\nTrace data:\n\n```bash\nmix reach.trace --from conn.params --to Repo\nmix reach.trace --variable changeset --in MyApp.Accounts.create_user\u002F1\n```\n\nRun release checks:\n\n```bash\nmix reach.check --arch\nmix reach.check --changed --base main\nmix reach.check --smells --strict\nmix reach.check --arch --smells --write-baseline .reach-baseline.json\nmix reach.check --candidates\n```\n\nInspect OTP\u002Fprocess risks:\n\n```bash\nmix reach.otp\nmix reach.otp --concurrency\n```\n\n## Canonical CLI\n\nReach 2.x uses five canonical analysis tasks plus the HTML report task.\n\n| Command | Purpose |\n|---|---|\n| `mix reach` | Interactive HTML report |\n| `mix reach.map` | Project map: modules, coupling, hotspots, effects, depth, data flow |\n| `mix reach.inspect TARGET` | Target-local deps, impact, graph, context, data, candidates, why paths |\n| `mix reach.trace` | Data-flow, taint, and slicing workflows |\n| `mix reach.check` | CI\u002Frelease checks: architecture, changed code, dead code, smells, candidates |\n| `mix reach.otp` | OTP\u002Fprocess analysis: behaviours, state machines, supervision, concurrency, coupling |\n\nUse `--format json` for automation. Canonical commands emit pure JSON envelopes with stable command names.\n\nOlder task names were removed in Reach 2.0 and fail fast with migration guidance. See the [Canonical CLI guide](guides\u002Fcli.md).\n\n## Configuration\n\nReach reads `.reach.exs` for architecture and change-safety policy:\n\n```elixir\n[\n  layers: [\n    web: \"MyAppWeb.*\",\n    domain: \"MyApp.*\",\n    data: [\"MyApp.Repo\", \"MyApp.Schemas.*\"]\n  ],\n  deps: [\n    forbidden: [\n      {:domain, :web},\n      {:data, :web}\n    ]\n  ],\n  source: [\n    forbidden_modules: [\"MyApp.Legacy.*\"],\n    forbidden_files: [\"lib\u002Fmy_app\u002Flegacy\u002F**\"]\n  ],\n  calls: [\n    forbidden: [\n      {\"MyApp.Domain.*\", [\"IO.puts\", \"Jason.encode!\"]}\n    ]\n  ],\n  tests: [\n    hints: [\n      {\"lib\u002Fmy_app\u002Faccounts\u002F**\", [\"test\u002Fmy_app\u002Faccounts_test.exs\"]}\n    ]\n  ]\n]\n```\n\nStart from [`examples\u002Freach.exs`](examples\u002Freach.exs). See the [configuration guide](guides\u002Fconfiguration.md) for the full reference and narrative examples.\n\n## Library API\n\nReach can also analyze snippets, files, and source directories directly:\n\n```elixir\ngraph = Reach.string_to_graph!(\"\"\"\ndef run(input) do\n  command = String.trim(input)\n  System.cmd(\"sh\", [\"-c\", command])\nend\n\"\"\")\n\n[cmd_call] = Reach.nodes(graph, type: :call, module: System, function: :cmd)\nReach.backward_slice(graph, cmd_call.id)\n```\n\nCommon queries:\n\n```elixir\nReach.backward_slice(graph, node_id)\nReach.forward_slice(graph, node_id)\nReach.taint_analysis(graph, sources: [function: :params], sinks: [module: System, function: :cmd])\nReach.independent?(graph, node_a.id, node_b.id)\nReach.data_flows?(graph, source_id, sink_id)\n```\n\n## Documentation\n\nHexDocs guides are organized by workflow:\n\n- Overview, installation, and quickstart\n- Canonical CLI and JSON output\n- Configuration and `.reach.exs` policy\n- Concepts: dependence graph, control flow, call graph, data flow, effects, OTP\n- Validation and ProgramFacts oracle checks\n- Recipes and contributing notes\n\n## Validation\n\nReach itself is validated with:\n\n```bash\nmix compile --force --warnings-as-errors\nmix ci\n\u002Ftmp\u002Freach_validate_canonical_full.sh\nmix docs\nmix hex.build\n```\n\n`mix ci` includes formatting, JS checks, Credo\u002FExSlop, ExDNA duplication checks, architecture policy, Dialyzer, and tests.\n\n## Credo overlap\n\nA handful of Reach smell patterns overlap with Credo refactoring checks (`MapJoin`, `FilterCount`, `FilterFilter`, `MapInto`, `UnlessWithElse`, `CondStatements`, `ExpensiveEmptyEnumCheck`). Both tools can run together — Reach findings are advisory and never fail the build.\n\n## Acknowledgements\n\nSome structural smell patterns were informed by public [Credence](https:\u002F\u002Fgithub.com\u002FCinderella-Man\u002Fcredence) rules and [Clippy](https:\u002F\u002Frust-lang.github.io\u002Frust-clippy\u002F) lint categories. Framework-specific smell ideas are also informed by the public [claude-elixir-phoenix](https:\u002F\u002Fgithub.com\u002Foliver-kriska\u002Fclaude-elixir-phoenix) rule set. Reach implements them over its own IR\u002Fproject model and keeps them advisory.\n\n## License\n\nMIT. See [`LICENSE`](LICENSE).\n","Reach 是一个用于 BEAM 项目（如 Elixir、Erlang 等）的程序依赖图和架构\u002F代码流分析工具。它通过构建控制流、调用图、数据流、效果及 OTP 进程关系的图形来展示代码中的依赖关系，帮助开发者检查风险函数、追踪变量值、验证架构策略并生成交互式 HTML 报告。该工具支持静态分析、污点分析等多种技术特性，适用于需要进行代码审查、架构一致性检查或在发布前确保代码安全性的场景。使用 Reach 可以显著提高大型项目的可维护性和安全性。","2026-06-11 03:30:52","CREATED_QUERY"]