Repository Analysis

lerna/lerna

Lerna is a fast, modern build system for managing and publishing multiple JavaScript/TypeScript packages from the same repository.

0.3 Likely human-written View on GitHub

0.3

Adjusted Score

0.3

Raw Score

100%

Time Factor

2026-05-29

Last Push

36,068

Stars

TypeScript

Language

118,624

Lines of Code

1357

Files

23

Pattern Hits

2026-05-31

Scan Date

Score History

Severity Breakdown

CRITICAL 1HIGH 0MEDIUM 1LOW 21

Pattern Findings

23 matches across 4 categories. Click a row to expand file-level details.

Over-Commented Block11 hits · 11 pts

Severity	File	Line	Snippet
LOW	tools/scripts/lerna-release.ts	41	if (options.local) {
LOW	tools/scripts/lerna-release.ts	61	// }`;
LOW	tools/scripts/lerna-release.ts	101
LOW	integration/__tests__/lerna-exec.spec.ts	21	const fixturePath = path.resolve(__dirname, "__fixtures__");
LOW	libs/core/src/lib/package.ts	421	// update committish
LOW	libs/core/src/lib/project/index.spec.ts	261	// const customPackages = [".", "my-packages/*"];
LOW	…core/src/lib/conventional-commits/recommend-version.ts	81	//
LOW	.github/workflows/other-node-versions.yml	81	run: \|
LOW	.github/workflows/other-node-versions.yml	181	# Subkey-Length: 2048
LOW	.github/workflows/other-node-versions.yml	221	# if: ${{ always() }}
LOW	.github/workflows/ci.yml	81	# # Generate a GPG key for test@example.com and store the output from stderr

Hyper-Verbose Identifiers10 hits · 10 pts

Severity	File	Line	Snippet
LOW	tools/scripts/e2e-build-package-publish.ts	24	async function buildPackagePublishAndCleanPorts() {
LOW	tools/scripts/e2e-build-package-publish.ts	44	async function updateVersionsAndPublishPackages() {
LOW	libs/core/src/lib/profiler.ts	27	export function generateProfileOutputPath(outputDirectory?: string) {
LOW	…bs/core/src/lib/collect-updates/make-diff-predicate.ts	31	return function hasDiffSinceThatIsntIgnored(node: ProjectGraphProjectNodeWithPackage) {
LOW	libs/core/src/lib/npmlog/gauge/theme-set.ts	105	ThemeSetProto.newMissingDefaultThemeError = function newMissingDefaultThemeError(
LOW	…/src/lib/command/create-project-graph-with-packages.ts	16	export async function createProjectGraphWithPackages(
LOW	…mmands/publish/src/lib/get-packages-without-license.ts	7	export function getPackagesWithoutLicense(
LOW	…s/publish/src/lib/get-projects-with-tagged-packages.ts	10	export async function getProjectsWithTaggedPackages(
LOW	…lish/src/lib/get-projects-with-unpublished-packages.ts	10	export async function getProjectsWithUnpublishedPackages(
LOW	packages/lerna/src/index.ts	61	function explicitlyHandleLegacyPackageManagementCommands(yargsInstance: ReturnType<typeof lernaCLI>) {

Hallucination Indicators1 hit · 10 pts

Severity	File	Line	Snippet
CRITICAL	libs/commands/publish/src/index.ts	295	pkg.lernaConfig.command.publish.assets = pkg.lernaConfig.command.publish.assets.map((asset) =>

AI Slop Vocabulary1 hit · 3 pts

Severity	File	Line	Snippet
MEDIUM	.github/workflows/pkg-pr-new.yml	5	# malicious actor were able to leverage this workflow to publish malware, nobody would receive it