Rule catalog¶
pyscn ships 32 rules across 7 categories. Every rule has a page that describes what it detects, why it's a problem, a bad example, and how to fix it.
Click a rule name to open its page.
Unreachable Code¶
Dead code that can never execute. Detected through control-flow graph reachability analysis.
| Rule | Severity |
|---|---|
unreachable-after-return |
Critical |
unreachable-after-raise |
Critical |
unreachable-after-break |
Critical |
unreachable-after-continue |
Critical |
unreachable-after-infinite-loop |
Warning |
unreachable-branch |
Warning |
Duplicate Code¶
Copy-paste or near-copy-paste code fragments across the project.
| Rule | Severity |
|---|---|
duplicate-code-identical |
Warning |
duplicate-code-renamed |
Warning |
duplicate-code-modified |
Info (opt-in) |
duplicate-code-semantic |
Warning |
Complexity¶
Functions that are too branchy to test or reason about reliably.
| Rule | Severity |
|---|---|
high-cyclomatic-complexity |
By threshold |
Class Design¶
Classes that depend on too many things or do too many unrelated jobs.
| Rule | Severity |
|---|---|
high-class-coupling |
By threshold |
low-class-cohesion |
By threshold |
Dependency Injection¶
Constructor and collaborator patterns that hurt testability.
| Rule | Severity |
|---|---|
too-many-constructor-parameters |
Warning |
global-state-dependency |
Error |
module-variable-dependency |
Warning |
singleton-pattern-dependency |
Warning |
concrete-type-hint-dependency |
Info |
concrete-instantiation-dependency |
Warning |
service-locator-pattern |
Warning |
Module Structure¶
Import graph problems: cycles, long chains, layer violations.
| Rule | Severity |
|---|---|
circular-import |
By cycle size |
deep-import-chain |
Info |
layer-violation |
By architecture rule |
low-package-cohesion |
Warning |
Mock Data¶
Placeholder data accidentally shipped to production.
| Rule | Severity |
|---|---|
mock-keyword-in-code |
Info / Warning |
mock-domain-in-string |
Warning |
mock-email-address |
Warning |
placeholder-phone-number |
Warning |
placeholder-uuid |
Warning |
placeholder-comment |
Info |
repetitive-string-literal |
Info |
test-credential-in-code |
Warning |
Selecting rules on the command line¶
Most users run all rules with pyscn analyze. For CI, filter by analyzer category:
pyscn check --select deadcode # only unreachable-code rules
pyscn check --select clones # only duplicate-code rules
pyscn check --select complexity # only high-cyclomatic-complexity
pyscn check --select deps # circular-import + deep-import-chain + layer-violation
pyscn check --select di # all dependency-injection rules (opt-in)
pyscn check --select mockdata # all mock-data rules (opt-in)
pyscn check --select complexity,deadcode,deps # combine
See pyscn check for the full flag list.
Severity meanings¶
| Severity | Intent |
|---|---|
| Critical | Almost always a bug. Prefer fixing before merging. |
| Error | High-risk pattern. Usually should fail CI. |
| Warning | Worth reviewing. Default fail threshold for pyscn check. |
| Info | Informational. Surfaces only when min_severity = "info" or equivalent. |
| By threshold | Severity depends on a numeric threshold (see the rule's Options). |