An architecture intelligence tool that runs entirely in your browser.
SysNexus is a tool that scans your codebase and gives you an interactive visual report of how everything connects dependencies, coupling, chokepoints, dead code, security risks, the whole picture.
You point it at a project folder (or a GitHub URL), wait a few seconds, and get back a self-contained HTML report with a force-directed graph, findings, and a workflow view. No installs beyond npm, no servers, no accounts. Everything happens in your browser tab.
git clone https://github.com/mic-tran/SysNexus.git
cd SysNexus
npm install
npm run build
npm run serveOpen http://localhost:3000 in Chrome or Edge, and then:
- π Local Folder β pick a project directory from your machine (everything stays local)
- π GitHub Repo β paste a URL like
https://github.com/expressjs/express - Drag & drop β just drop a folder onto the page
That's it. You'll get your report in a few seconds.
It reads through your project and classifies every file by language, role (source, config, test, infra), and whether it looks like an entry point. The usual suspects are ignored automatically node_modules, .git, dist, lock files, images, binaries, anything over 1MB.
Two sources are supported:
- Local folder - uses the File System Access API on Chrome/Edge, falls back to
<input webkitdirectory>on Firefox/Safari - GitHub - fetches the file tree via the Git Trees API, then grabs file contents in batches
Five language-specific analyzers extract structure from the source:
- JS/TS - ES imports, CommonJS requires, dynamic imports, functions, classes, Express/Koa routes,
process.envreferences, data store access (Mongoose, Prisma, Redis, etc.) - Python - imports, function/class defs, Flask/FastAPI/Django routes,
os.environ/os.getenv, security patterns - Java - packages, imports, classes, methods, Spring annotations (
@RestController,@GetMapping, etc.) - Shell -
.envfile parsing, script sourcing, env var references, service invocations (docker, kubectl, curl) - Config -
package.jsondeep analysis, Docker Compose services, K8s manifests, GitHub Actions workflows, Maven POM, Spring config
Each analyzer also estimates cyclomatic complexity per file, and computes things like instability, maintainability index, and a tech debt score.
Six detectors run graph-level analysis looking for problems:
| Detector | What it looks for |
|---|---|
| Cycles | Circular dependencies between files (Tarjan's SCC) |
| Dead Code | Files with zero incoming references, unreachable from entry points |
| Config Sprawl | Env vars read from 4+ files, orphaned vars, missing definitions |
| Coupling | Files with >15 inbound or outbound dependencies |
| Chokepoints | Modules where >30% of system paths converge β single points of failure |
| Security | Hardcoded secrets, eval(), disabled TLS, command injection, unsafe deserialization |
Findings are tagged with CWE IDs where applicable.
Everything gets bundled into a single self-contained HTML file β no external dependencies, no network calls. You can save it, email it, drop it in a wiki, whatever. The report includes:
- Map - force-directed graph with pan, zoom, click-to-inspect, minimap, folder clustering
- Findings - all issues grouped by category with severity, CWE links, and remediation advice
- Workflow - inferred flow from entry points β handlers β services β data stores
- Dashboard - health score, metrics breakdown, language distribution
- Search - fuzzy search across all nodes
- Export - download findings as TXT, CSV, or PDF
The report shows a letter grade based on findings:
Score = max(0, 100 β criticals Γ 15 - errors Γ 8 - warnings Γ 3)
| Grade | Score Range |
|---|---|
| A | 90-100 |
| B | 75-89 |
| C | 60-74 |
| D | 40-59 |
| F | 0-39 |
Click any node in the graph to see:
- Fan-in / fan-out metrics, complexity, instability, maintainability index
- Direct dependencies and dependents
- Coupling impact (what breaks if this file changes)
- Related findings and security issues
| Language | Extensions |
|---|---|
| JavaScript | .js .jsx .mjs .cjs |
| TypeScript | .ts .tsx .mts .cts |
| Python | .py .pyw |
| Java | .java |
| Shell | .sh .bash .bat .cmd .ps1 |
| YAML | .yml .yaml |
| JSON | .json .jsonc |
| XML | .xml .pom .wsdl |
| SQL | .sql |
| CSS/HTML | .css .scss .html |
| Dockerfile | Dockerfile Containerfile |
| Markdown | .md .mdx .rst |
When scanning a GitHub repo, requests go directly from your browser to api.github.com.
- Without a token - 60 requests/hour, public repos only
- With a token - 5,000 requests/hour, private repos supported
To create a token: GitHub β Settings β Developer settings β Personal access tokens β Fine-grained tokens. You only need repo (read) scope.
Your token is never stored or sent anywhere except directly to GitHub's API.
| Browser | Directory Picker | Fallback | GitHub | Drag & Drop |
|---|---|---|---|---|
| Chrome 86+ | β | β | β | β |
| Edge 86+ | β | β | β | β |
| Firefox | β | β | β | β |
| Safari 15.2+ | β | β | β | β |
Chrome and Edge give the best experience since they support the native directory picker.
βββ src/
β βββ main.ts # App entry point, UI, pipeline orchestration
β βββ index.html # Landing page
β βββ scanner/
β β βββ local-source.ts # File System Access API + webkitdirectory fallback
β β βββ github-source.ts # GitHub REST API scanner
β β βββ filters.ts # File/folder ignore rules
β βββ core/
β βββ graph/model.ts # Core types: GraphNode, GraphEdge, Finding, CodeFlowGraph
β βββ scanner/
β β βββ classify.ts # File classification by extension & patterns
β β βββ discover.ts # DiscoveredFile & ScanResult types
β βββ analyzers/
β β βββ index.ts # Analyzer pipeline
β β βββ js-ts-analyzer.ts # JavaScript/TypeScript
β β βββ python-analyzer.ts # Python
β β βββ java-analyzer.ts # Java
β β βββ shell-analyzer.ts # Shell & .env files
β β βββ config-analyzer.ts # YAML/JSON/XML configs
β βββ detectors/
β β βββ index.ts # Detector pipeline
β β βββ cycles.ts # Circular dependency detection (Tarjan SCC)
β β βββ dead-code.ts # Dead code detection (BFS reachability)
β β βββ config-sprawl.ts # Config sprawl analysis
β β βββ coupling.ts # Coupling metrics
β β βββ chokepoints.ts # Chokepoint detection (path centrality)
β β βββ security.ts # Security pattern matching
β β βββ rule-engine.ts # Custom rule evaluation
β βββ report/
β βββ build-report.ts # Self-contained HTML report generator
βββ build.js # esbuild config
βββ package.json
βββ tsconfig.json
βββ LICENSE
# Watch mode - rebuilds on every save
npm run dev
# Type check
npx tsc --noEmit
# Production build (minified)
npm run build
# Serve locally
npm run serveAll analysis runs locally in your browser. No code is uploaded, no telemetry, no tracking, no accounts. GitHub API calls (when you choose that source) go directly from your browser the app has no backend. The generated report is a standalone HTML file with zero external dependencies.
Contributions are welcome. Here's the flow:
- Fork the repo
- Create a branch (
git checkout -b feature/my-thing) - Make sure
npx tsc --noEmitpasses andnpm run buildsucceeds - Open a PR
Some ideas if you're looking for something to work on:
- New language analyzers - Go, Rust, C#, PHP, Ruby
- More detectors - complexity hotspots, test coverage gaps, dependency age
- CI integration - run SysNexus as a GitHub Action
- Static hosting - deploy to GitHub Pages / Netlify / Vercel
MIT - do whatever you want with it.
See your system. Understand it. Improve it.




