Scan a codebase for null access risks and error swallowing bugs before they hit production.
Run axiom-scan on just the files changed in a pull request to catch new risky assumptions.
Add axiom-scan to a CI pipeline so risky code changes are flagged automatically.
Find concurrency bugs like locks that are taken but never released.
| zer0contextlost/axiom | 0xradioac7iv/tempfs | abboskhonov/hermium | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 2/5 | 3/5 | 4/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Installs and runs directly via npm, no external infrastructure required.
axiom-scan is a static analysis tool for software developers that finds hidden assumptions in a codebase, assumptions that are never explicitly tested, but that the code quietly relies on to work correctly. Even if your test suite shows 85% line coverage, that does not mean the code is safe: it just means 85% of lines ran during tests. The assumptions behind those lines, such as "this value is never null here," "this database connection is always open first," or "this lock is always released," often go unchallenged until production breaks. axiom-scan reads your source code without running it (static analysis), infers what each piece of code is silently assuming, checks whether any test covers those assumptions, and produces a ranked list of the riskiest bets in your codebase. Findings are organized into categories: null access risks (code accessing a property that could be missing), ordering problems (code reading a value before it is guaranteed to exist), error swallowing (errors caught but silently discarded), concurrency bugs (locks taken but never released), and resource leaks (files or connections opened without a guaranteed close). You would use axiom-scan when you want to find the kind of bugs that only appear in production, after a refactor introduces a new code path, or when a subtle assumption turns out not to hold. It supports eight languages including TypeScript, Python, and Go, and ranks findings by blast radius so the most dangerous gaps surface first. It integrates into CI pipelines and code editors, and can run on just the files changed in a pull request. The tool is written in TypeScript and installed or run directly via npm.
A static analysis tool that finds untested hidden assumptions in your codebase, such as unreleased locks or unchecked nulls, and ranks the riskiest ones.
Mainly TypeScript. The stack also includes TypeScript, npm.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.