---

The Problem

You refactor a utility function. Tests pass. You push.

Three weeks later a completely different feature silently breaks in production — because it called your function from a file with zero test coverage, depending on a side effect you changed without knowing.

Find All References exists but it's manual, one function at a time, and has no coverage context.

BlastRadius solves this automatically, before every commit.

---

What It Does

1. Reads your git diff to find which functions changed in your working tree
2. Walks the call graph — finds every file that imports or calls those functions
3. Overlays test coverage — reads your Istanbul/nyc/Vitest report and annotates each caller
4. Scores the risk — produces a 0–100 commit risk score
5. Shows the blast map — interactive force-directed graph of your full impact radius
6. Runs 20 deep checks — dead code, circular deps, complexity spikes, API breaks, and more

---

Installation

From VS Code Marketplace

ext install RipanKumarDeb.blastradius

Or open VS Code → Extensions (Ctrl+Shift+X) → search BlastRadius → Install.

From VSIX (manual)

code --install-extension blastradius-3.0.0.vsix

Requirements

Requirement	Version
VS Code	1.85 or higher
Node.js	18 or higher
Git	Any recent version

---

Quick Start

1. Open any git project in VS Code

BlastRadius activates automatically on startup. Look for the radio tower icon (📡) in the Activity Bar.

2. Run your tests to generate coverage

# Jest / Vitest
npx jest --coverage
npx vitest run --coverage

# nyc / c8
npx nyc npm test

BlastRadius auto-detects coverage/coverage-summary.json.

3. Make an uncommitted change

Edit any source file and save. BlastRadius analyses in the background and updates within 2 seconds.

4. Read your risk score

The sidebar shows your risk score, affected files, and uncovered callers. The status bar shows a live badge at the bottom of the window.

---

Features

Core Analysis

Feature	Description
Git Diff Analysis	Detects changed functions in your working tree using git diff HEAD
Call Graph Traversal	Finds every file that imports or calls your changed functions
Coverage Overlay	Reads Istanbul/nyc JSON and annotates each caller with its coverage %
Risk Scoring (0–100)	Weighted score based on uncovered callers, breadth, centrality, unknowns
Depth-2 Graph	Also finds callers-of-callers — the full transitive blast radius

Editor Integration

Feature	Description
CodeLens Badges	Inline risk indicators above every changed function: 🔴 2 uncovered callers
Diagnostics	Squiggly underlines on changed functions with uncovered callers
Code Actions	Lightbulb quick-fixes: generate tests, open map, export report, add to watchlist
Status Bar Badge	Live risk score at the bottom: ⚠ BlastRadius 74/100 · 3 files
Auto-refresh	Re-analyses automatically 1.8 seconds after any file save

Panels & Reports

Feature	Description
Blast Map	D3 force-directed graph — drag nodes, filter by risk tier, click to open files
Risk History	Canvas line chart of risk scores over time with trend indicator
HTML Report	Full standalone export with donut chart, sparkline, and tables
CI JSON Export	Machine-readable .blastradius-report.json for CI/CD pipelines

Integrations

Feature	Description
Pre-commit Hook	Installs a git hook that warns (or blocks) HIGH-risk commits
PR Description	Auto-generates a complete GitHub PR body with risk table and test checklist
Watchlist	Mark critical functions — any change adds a 15-point risk penalty

---

Deep Insights — 20 Checks

Run BlastRadius: Deep Insights (20 Checks) for a full dashboard analysis.

🔍 Code Health

#	Check	What It Finds
F1	Dead Code Detector	Exported functions with zero callers anywhere in the codebase
F4	Circular Dependency Finder	Import cycles detected via DFS on the full import graph
F6	Complexity Spike Detector	Functions whose cyclomatic complexity increased since HEAD
F11	JSDoc Gap Detector	Changed functions missing /** */ documentation blocks
F14	Async Race Detector	Async functions accessing module-scope mutable state
F15	Duplicate Logic Finder	Similar function bodies elsewhere that may need the same fix

🧬 Git Intelligence

#	Check	What It Finds
F2	Co-Change Coupling	Files that historically always change together (≥60% of commits)
F3	API Break Detector	Exported function signatures that changed incompatibly vs HEAD
F5	Twin Function Finder	Sibling functions with similar names you may have forgotten to update
F9	Semver Suggester	Recommends PATCH / MINOR / MAJOR based on your change type
F12	Rollback Guide	Copyable git revert commands for the recent commits touching your files
F18	File Ownership Map	Who last touched each file in the blast radius (git blame)

⚡ Action Items

#	Check	What It Does
F7	Mock Gap Finder	Test mocks whose argument count no longer matches the real function
F8	Minimum Test Path	Fewest test files to add to cover 80% of uncovered callers (set cover)
F10	Env Dependency Scanner	process.env, feature flags, config lookups in affected code
F17	Changelog Generator	Structured CHANGELOG.md entry from your commits since last tag
F19	Test Failure Predictor	Ranks existing test files by likelihood of failing after your change
F20	Focused Test Runner	Exact jest/vitest/pytest command to run only relevant tests

👥 Team

#	Check	What It Finds
F13	Bundle Impact Estimator	Estimated bundle size growth if changed files reach an entry point
F16	Import Chain Depth	How many hops each affected file is from the app entry point

---

Understanding the Risk Score

Score	Level	Meaning
0 – 24	🟢 LOW	All callers are well-tested. Safe to merge.
25 – 59	🟡 MEDIUM	Some callers have partial coverage. Review before merging.
60 – 100	🔴 HIGH	Uncovered call sites found. Add tests before merging.

Score factors

Uncovered callers    up to 30 pts  (10 pts per uncovered file, max 3)
Impact breadth       up to 20 pts  (2 pts per affected file, max 10)
Partial coverage     up to 20 pts  (4 pts per file below 70%, max 5)
Centrality           up to 20 pts  (callers per changed function × 2)
Unknown coverage     up to 10 pts  (2 pts per file with no data)
Watchlist penalty    up to 30 pts  (15 pts per watched function changed)

---

Configuration

Open VS Code Settings (Ctrl+,) and search blastradius.

Setting	Type	Default	Description
blastradius.autoRefresh	boolean	true	Re-analyse automatically when files change (1.8s debounce)
blastradius.enableDepth2	boolean	true	Include depth-2 transitive callers in the blast radius
blastradius.blockOnHigh	boolean	false	Pre-commit hook blocks commits when risk is HIGH
blastradius.coveragePath	string	""	Custom path to coverage JSON — auto-detected when blank
blastradius.maxFilesToScan	number	500	Maximum workspace files scanned for call graph analysis
blastradius.fileExtensions	array	["ts","tsx","js","jsx","py","go","java","cs"]	File extensions included in the call graph scan
blastradius.riskThresholds	object	{"high":60,"medium":25}	Score thresholds for HIGH and MEDIUM risk levels

Example settings.json

{
  "blastradius.autoRefresh": true,
  "blastradius.enableDepth2": true,
  "blastradius.blockOnHigh": false,
  "blastradius.coveragePath": "coverage/coverage-summary.json",
  "blastradius.maxFilesToScan": 300,
  "blastradius.fileExtensions": ["ts", "tsx", "js", "jsx"],
  "blastradius.riskThresholds": { "high": 60, "medium": 25 }
}

---

Commands

All commands are available from the Command Palette (Ctrl+Shift+P / Cmd+Shift+P).

Command	Description
BlastRadius: Analyze Impact	Run analysis and open the Blast Map
BlastRadius: Refresh	Force re-analyse the current workspace
BlastRadius: Open Blast Map	Open the interactive impact graph WebView
BlastRadius: Deep Insights (20 Checks)	Run all 20 deep analysis checks
BlastRadius: Show Risk History	Open the risk score history chart
BlastRadius: Export HTML Report	Save a full analysis report as .html
BlastRadius: Export CI JSON	Save .blastradius-report.json for CI/CD
BlastRadius: Copy PR Description	Copy a GitHub PR body to clipboard
BlastRadius: Generate Test Stubs	Generate Jest test stubs for uncovered callers
BlastRadius: Copy Focused Test Command	Copy the jest/vitest/pytest command for predicted failing tests
BlastRadius: Install Pre-commit Hook	Install .git/hooks/pre-commit risk checker
BlastRadius: Uninstall Pre-commit Hook	Remove the BlastRadius pre-commit hook
BlastRadius: Add to Watchlist	Mark a function as critical (+15 risk pts when changed)
BlastRadius: Remove from Watchlist	Remove a function from the watchlist
BlastRadius: Clear Watchlist	Remove all watchlist entries
BlastRadius: Clear History	Wipe all stored risk history

---

Coverage Support

BlastRadius auto-detects coverage files in this priority order:

Tool	File location
Jest	coverage/coverage-summary.json
Vitest	coverage/coverage-summary.json
nyc	.nyc_output/coverage-summary.json
c8	coverage/coverage-summary.json
Istanbul	coverage/coverage-final.json

To use a custom location set blastradius.coveragePath in settings.

---

Language Support

Language	Call Graph	Coverage	Complexity	Env Scan
TypeScript	✅	✅	✅	✅
TSX (React)	✅	✅	✅	✅
JavaScript	✅	✅	✅	✅
JSX (React)	✅	✅	✅	✅
Python	✅	⚙️	✅	✅
Go	✅	⚙️	✅	✅
Java	✅	⚙️	✅	⚙️
C#	✅	⚙️	✅	⚙️

✅ Full support · ⚙️ Partial support (coverage requires language-specific setup)

---

Pre-commit Hook

The hook reads .blastradius-report.json (generated by Export CI JSON) and either warns or blocks.

# Install
# → BlastRadius: Install Pre-commit Hook (from command palette)

# Export report so the hook has data to read
# → BlastRadius: Export CI JSON

# Bypass the block when needed
BLASTRADIUS_FORCE=1 git commit -m "emergency fix"

To enable blocking mode, set blastradius.blockOnHigh: true in settings, then re-export the CI JSON.

---

CI/CD Integration

Export the JSON report and use it in your pipeline:

# GitHub Actions example
- name: Run tests
  run: npx jest --coverage

- name: Check BlastRadius risk
  run: |
    RISK=$(node -e "console.log(require('./.blastradius-report.json').riskScore)")
    echo "BlastRadius risk score: $RISK"
    if [ "$RISK" -gt "75" ]; then
      echo "::warning::BlastRadius: HIGH risk score $RISK/100"
    fi

# Shell — fail CI if risk exceeds threshold
SCORE=$(jq '.riskScore' .blastradius-report.json)
[ "$SCORE" -gt 75 ] && echo "Risk too high: $SCORE" && exit 1

---

How It Works

┌─────────────────────────────────────────────────────────────────┐
│                         Your edit + save                         │
└───────────────────────────────┬─────────────────────────────────┘
                                │
              ┌─────────────────▼─────────────────┐
              │         git diff HEAD              │
              │   Detects changed files + lines    │
              └─────────────────┬─────────────────┘
                                │
              ┌─────────────────▼─────────────────┐
              │       Function name extraction     │
              │   Regex patterns over changed lines│
              └──────┬──────────────────────┬──────┘
                     │                      │
       ┌─────────────▼──────┐  ┌────────────▼───────────┐
       │  Depth-1 scan      │  │  Depth-2 transitive    │
       │  Direct callers    │  │  Callers of callers    │
       └─────────────┬──────┘  └────────────┬───────────┘
                     │                      │
              ┌──────▼──────────────────────▼──────┐
              │         Coverage overlay            │
              │   Istanbul JSON → per-file pct      │
              └─────────────────┬──────────────────┘
                                │
              ┌─────────────────▼─────────────────┐
              │           Risk scoring             │
              │   Weighted formula → 0–100 score   │
              └──┬───────────────┬──────────────┬──┘
                 │               │              │
         ┌───────▼───┐   ┌───────▼───┐   ┌─────▼──────┐
         │  Sidebar  │   │ Blast Map │   │  CodeLens  │
         │  TreeView │   │  WebView  │   │ Diagnostics│
         └───────────┘   └───────────┘   └────────────┘

---

Project Structure

blastradius/
├── src/
│   ├── extension.ts                    # Entry point — registers all commands and providers
│   ├── types.ts                        # Shared TypeScript interfaces
│   ├── analyzers/
│   │   ├── analyzer.ts                 # Main orchestrator — coordinates all analysis steps
│   │   ├── gitAnalyzer.ts              # git diff parsing, function name extraction
│   │   ├── callGraphBuilder.ts         # Depth-1 and depth-2 call graph traversal
│   │   ├── coverageReader.ts           # Istanbul/nyc coverage JSON parser
│   │   ├── riskScorer.ts               # Risk score formula and warning generator
│   │   ├── historyTracker.ts           # Persists risk history in globalState
│   │   ├── deepAnalyzer.ts             # Static checks: dead code, circular, complexity…
│   │   ├── gitIntelligence.ts          # Git checks: coupling, API breaks, twins, owners…
│   │   └── deepInsightsOrchestrator.ts # Runs all 20 checks in parallel via Promise.allSettled
│   ├── algorithms/
│   │   └── recommendations.ts          # Set cover, bundle impact, test predictor, runner…
│   ├── providers/
│   │   ├── sidebarProvider.ts          # TreeDataProvider for the Activity Bar sidebar
│   │   ├── codeLensProvider.ts         # Inline risk badges above changed functions
│   │   ├── diagnosticsProvider.ts      # Squiggly warnings on changed function lines
│   │   └── codeActionsProvider.ts      # Lightbulb quick-fix actions on diagnostics
│   ├── panels/
│   │   ├── blastMapPanel.ts            # D3 force-directed graph WebView
│   │   ├── historyPanel.ts             # Canvas risk history chart WebView
│   │   └── insightsPanel.ts            # 4-tab Deep Insights dashboard WebView
│   ├── integrations/
│   │   ├── gitHook.ts                  # Pre-commit hook installer / uninstaller
│   │   ├── prAndCI.ts                  # PR description generator + CI JSON export
│   │   └── watchlist.ts                # Critical function watchlist manager
│   └── reports/
│       └── htmlReport.ts               # Full standalone HTML report generator
├── media/
│   └── icon.png                        # Extension icon (128×128)
├── out/
│   └── extension.js                    # Compiled bundle (generated — do not edit)
├── package.json                        # Extension manifest
├── tsconfig.json                       # TypeScript config
├── esbuild.js                          # Build script
├── .vscodeignore                       # Files excluded from VSIX
├── LICENSE                             # MIT License
├── CHANGELOG.md                        # Version history
└── README.md                           # This file

---

Contributing

Contributions are welcome. Here is how to get started:

1. Fork and clone

git clone https://github.com/ripankumardeb/blastradius.git
cd blastradius
npm install

2. Build in watch mode

npm run watch

3. Run in VS Code

Press F5 in VS Code to open an Extension Development Host window with BlastRadius loaded.

4. Make your change

• New analyzers go in src/analyzers/
• New UI panels go in src/panels/
• New integrations go in src/integrations/
• Register new commands in src/extension.ts and package.json

5. Build and package

npm run build
npm run package

6. Submit a pull request

Open a PR at github.com/ripankumardeb/blastradius describing what you changed and why.

Code style

• TypeScript strict mode is on — no any without justification
• Each analyzer is a pure function — no global state, no side effects
• Every new feature needs an entry in the DeepInsights interface
• Keep WebView HTML self-contained — no external CSS frameworks

Reporting bugs

Open an issue at github.com/ripankumardeb/blastradius/issues with:

• VS Code version
• BlastRadius version
• Project language (TypeScript / Python / Go / etc.)
• Steps to reproduce
• What you expected vs what happened

---

FAQ

Q: Does BlastRadius send my code anywhere? No. All analysis runs entirely locally. No data leaves your machine. The extension reads git, your source files, and your coverage JSON — nothing is transmitted.

Q: How accurate is the call graph? BlastRadius uses regex-based static analysis, not a full language server. It is fast and works across all supported languages, but may miss indirect patterns like dynamic dispatch or reflection. For TypeScript and JavaScript, accuracy is very high.

Q: Why does my risk score seem high when everything is tested? Check that you have run your tests recently and coverage/coverage-summary.json is up to date. Also check the blastradius.coveragePath setting if your coverage file is in a non-standard location.

Q: Can I use BlastRadius in a monorepo? Yes. Open the monorepo root as your workspace. Set blastradius.maxFilesToScan to a higher number if needed, and set blastradius.coveragePath to the correct coverage file for the package you are editing.

Q: The Blast Map is blank or won't load. The D3 library loads from cdnjs.cloudflare.com. Check your internet connection or corporate proxy settings. If you are offline, open an issue and we can add an offline fallback.

Q: How do I stop BlastRadius from blocking my commits? Set blastradius.blockOnHigh to false in settings (the default), then re-export the CI JSON. Or bypass a single commit with BLASTRADIUS_FORCE=1 git commit -m "...".

---

Changelog

See CHANGELOG.md for the full version history.

1.0.0

• Added Deep Insights dashboard with 20 analysis checks
• Dead code detector, circular dependency finder, complexity spike detector
• Co-change coupling analysis, API breaking change detector, twin function finder
• Semver suggester, file ownership map, rollback guide
• Mock gap finder, minimum test path (set cover algorithm)
• Bundle impact estimator, import chain depth, changelog generator
• Test failure predictor, focused test runner command
• Env dependency scanner, JSDoc gap detector, async race detector
• Duplicate logic finder
• Added CodeLens inline risk badges
• Added Diagnostics (squiggly warnings)
• Added Code Actions quick-fix menu
• Added Risk History chart panel
• Added full HTML report export
• Added pre-commit hook installer
• Added PR description generator
• Added Watchlist for critical functions
• Added CI JSON export
• Added depth-2 transitive call graph
• Initial release
• Git diff analysis, call graph traversal, coverage overlay
• Risk scoring (0–100), sidebar panel, Blast Map WebView
• Status bar badge, auto-refresh, test stub generator

---

License

MIT © Ripan Kumar Deb

See LICENSE for the full text.

---