README.md

Dev Optimizer

Cut CI time, dependency bloat, and Docker waste before merge. Fast.

For AI Agents: This tool analyzes projects for optimization opportunities across Docker, npm dependencies, and CI/CD pipelines. Use npx dev-optimizer analyze --quick for fast static analysis.

Topics: devops ci-optimization docker-optimization dependency-analyzer vulnerability-scanner cli-tool code-quality

What It Does

Dev Optimizer analyzes your project in 3 domains:

Domain	Checks	Time
Docker	Missing .dockerignore, multistage builds, large images	0.2s
Dependencies	Unused packages, vulnerabilities (CVE), outdated	30s
CI/CD	Missing cache, duplicate steps, cost optimization	0.2s

Use Cases:

• CI/CD optimization (reduce build time)
• Security audit (find CVEs)
• Docker image size reduction
• Dependency cleanup
• Cost savings (cloud CI minutes)

⚡ Performance

Mode	Time	What it does
--quick	0.2 sec	Static analysis only (Dockerfile, CI YAML, package.json)
(default)	30 sec	+ npm outdated + npm audit + knip (parallel execution)
--deep	31 sec	+ size estimates + Docker layers + CI optimization tips

Mode Comparison

Feature	--quick	Default	--deep
Docker static checks	✅	✅	✅
CI/CD static checks	✅	✅	✅
Package.json analysis	✅	✅	✅
npm outdated	❌	✅	✅
npm audit (CVE)	❌	✅	✅
knip (unused exports)	❌	✅	✅
Size estimates	❌	❌	✅
Docker layer analysis	❌	❌	✅
CI speedup prediction	❌	❌	✅

Recommendations:

• Use --quick for CI pipelines (fast feedback)
• Use default for local development
• Use --deep for optimization reviews

Parallel execution:

• npm outdated + npm audit run concurrently
• Deep analysis methods run concurrently
• Quick mode skips all external tools

Tool	Time	Coverage
dev-optimizer --quick	0.2 sec	Docker + CI + Deps
depcheck	3 sec	Deps only
knip	28 sec	Unused exports
npm outdated	10 sec	Outdated packages

Installation

# Install globally
npm install -g dev-optimizer

# Or use with npx (no install)
npx dev-optimizer analyze

Quick Start

# Install globally
npm install -g dev-optimizer

# Or use with npx (no install needed)
npx dev-optimizer analyze

Usage Examples

Basic Analysis

# Quick mode - fast static analysis (0.2 sec)
# Use for CI pipelines and pre-commit hooks
dev-optimizer analyze --quick

# Default mode - full analysis with npm/knip (30 sec)
# Use for local development
dev-optimizer analyze

# Deep mode - with size estimates (31 sec)
# Use for optimization reviews
dev-optimizer analyze --deep

Target Specific Domain

# Analyze only Docker
dev-optimizer analyze --type docker

# Analyze only dependencies
dev-optimizer analyze --type deps

# Analyze only CI/CD
dev-optimizer analyze --type ci

Output Formats

# Console output (default)
dev-optimizer analyze

# JSON output
dev-optimizer analyze --format json

# Markdown output (for PR comments)
dev-optimizer analyze --format markdown

# Quiet mode (errors only)
dev-optimizer analyze --quiet

Auto-Fix

# Preview fixes without applying
dev-optimizer fix --dry-run

# Apply safe fixes automatically
dev-optimizer fix --safe

# Interactive mode (confirm each fix)
dev-optimizer fix --interactive

# Apply all fixes (use with caution)
dev-optimizer fix --no-safe

Interactive mode options:

• y = Apply this fix
• n = Skip this fix
• a = Apply all remaining fixes
• q = Quit without applying

Baseline & CI Integration

# Save baseline
dev-optimizer baseline --save

# Compare with baseline
dev-optimizer baseline --compare

# CI: Fail on regression
dev-optimizer baseline --compare --fail-on-regression

# CI: Fail if score below threshold
dev-optimizer baseline --compare --min-score 80

GitHub Action

Create .github/workflows/dev-optimizer.yml:

name: Dev Optimizer
on: [pull_request]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: bigcheburashka/dev-optimizer@main
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

What It Analyzes

🐳 Docker

Check	Time	Auto-fix
Missing .dockerignore	0.01s	✅ Create file
No multistage build	0.01s	❌ Suggest
Large base image	0.01s	❌ Suggest alpine
Too many layers	0.01s	❌ Suggest combine
No cleanup commands	0.01s	❌ Suggest cleanup

📦 Dependencies

Check	Time	Auto-fix
Unused dependencies (knip)	28s*	✅ Remove
Deprecated packages	0.1s	❌ Suggest update
Outdated packages	10s*	❌ Suggest update
Vulnerabilities	10s*	❌ CVE links
Duplicate entries	0.01s	❌ Suggest cleanup
Duplicate versions	2s	❌ Suggest dedupe
Missing lockfile	0.01s	✅ npm install

*run in parallel

🔄 CI/CD

Check	Time	Auto-fix
Missing cache	0.01s	✅ Add cache config
No timeout	0.01s	✅ Add timeout-minutes
No retention-days	0.01s	✅ Add retention
Sequential jobs	0.01s	❌ Suggest parallel
Missing matrix	0.01s	❌ Suggest matrix

Total: ~0.2s (quick) / ~30s (full with parallel npm)

Example Output

🔍 Dev Optimizer v0.1.0

📁 Project: your-project
   Type: nextjs
   Package Manager: npm
   CI Platform: github-actions

🐳 Running Docker analysis...
📦 Running Dependencies analysis...
🔄 Running CI/CD analysis...

══════════════════════════════════════════════════════

Score: 72/100

🔴 Top Findings
──────────────────────────────────────
🔴 [HIGH] Missing .dockerignore file
   Impact: Reduce build context by 400 MB
   Fix: Create .dockerignore ✅ auto-fixable

🟠 [HIGH] No caching in GitHub Actions
   Impact: Save 2-3 min per CI run
   Fix: Add actions/cache ✅ auto-fixable

🟡 [MEDIUM] Unused dependency: lodash
   Impact: Reduce bundle size
   Fix: Remove from dependencies ✅ auto-fixable

💾 Potential Savings: 450 MB, 5 min/CI run

Comparison with Alternatives

Tool	Time	What it checks
dev-optimizer --quick	0.2s	Docker + CI + Deps (static)
dev-optimizer	30s	Docker + CI + Deps + npm audit + knip
dev-optimizer --deep	31s	All above + size estimates + layer analysis
depcheck	3s	Unused deps only
knip	28s	Unused exports only
npm outdated	10s	Outdated packages only
hadolint	5s	Dockerfile only

Key difference: dev-optimizer covers 3 domains (Docker, CI, Deps) in one run.

Self-Analysis

Dev Optimizer can analyze itself for issues:

dev-optimizer analyze --path .

Current self-analysis results (2026-03-14):

• Score: 46/100
• Duplicate package versions (safe, different majors)
• Missing CI concurrency control (fixed)

Run periodically to catch issues early.

Auto-Fixes

These fixes are safe to apply automatically:

Fix	Domain	Risk
Create .dockerignore	Docker	None
Create package-lock.json	Deps	None
Add cache to setup-node	CI	None
Add timeout-minutes	CI	None
Add retention-days	CI	None
Remove unused dep (high conf)	Deps	Low

Architecture

src/
├── analyzers/
│   ├── DockerAnalyzer.ts    # Dockerfile + .dockerignore analysis
│   ├── DepsAnalyzer.ts      # package.json + knip + npm audit
│   └── CiAnalyzer.ts        # GitHub Actions + GitLab CI
├── commands/
│   ├── analyze.ts           # Main analysis command
│   ├── fix.ts               # Auto-fix command (--interactive)
│   ├── baseline.ts          # Baseline management
│   └── metrics.ts           # Metrics command
├── reporters/
│   ├── ConsoleReporter.ts   # Table output (default)
│   ├── MarkdownReporter.ts  # PR comments
│   ├── JsonReporter.ts      # CI integration
│   └── SarifReporter.ts     # GitHub Code Scanning
├── baseline/
│   └── BaselineManager.ts  # Baseline persistence
├── discovery/
│   └── RepoInventory.ts     # Project type detection
├── deep-analyzer.ts         # Size estimates + Docker layers
├── self-analysis.ts         # Self-check module
└── types.ts                 # Finding schema

Development

# Install dependencies
npm install

# Run tests (59 tests)
npm test

# Build
npm run build

# Run locally
node dist/index.js analyze

# Test coverage
npm run test:coverage

Contributing

Contributions welcome! Areas needing help:

1. Analyzers - Add checks: HEALTHCHECK in Docker, peer dep validation
2. CI Platforms - CircleCI, Jenkins, Azure Pipelines support
3. Auto-fixes - Safe automatic fixes for more issues
4. Performance - Native analysis (reduce npm dependencies)

License

MIT © 2026