Do you quantify your code risk per function using a score based on the CRAP metric? A few weeks ago, I started using fallow to replace knip and jscpd in a few projects, and it's been a solid upgrade (knip and jscpd are excellent, don't get me wrong).
The interesting part isn't just speed, although Rust definitely helps. It's how it approaches analysis, by leveraging results of different features, and the list of features is impressive:
- dead and duplicate code analysis
- code complexity analysis (cyclomatic, cognitive, density)
- a Maintainability Index score
- architecture rules with directory-based import boundaries
- a cleaner CI pipeline
- and yes, a "risk per function using a score based on the CRAP metric (Change Risk Anti-Patterns), originally developed by Alberto Savoia and Bob Evans at Agitar Labs in 2007."
And so much more! All open source! Their health page is worth a read. Also, the config out of the box seems pretty sound. What is there not to love? I think their production coverage (paid) could be a killer feature as well, especially with vibe-coded apps: "which functions actually executed when your deployed app handled real traffic". Golden.