flutter_quality_analyzer 2.2.2 
flutter_quality_analyzer: ^2.2.2 copied to clipboard
CLI analyzer for Flutter/Dart dependencies, security, coverage, and AI health summary.
Flutter Quality Analyzer #
A Dart CLI tool that gives you a complete health report for any Flutter/Dart project โ dependency versions, licenses, security vulnerabilities, discontinued packages, test coverage, and an AI-powered summary.
Features #
| Feature | Flag | |
|---|---|---|
| ๐ฆ | Version check โ current vs latest for every dependency | (always on) |
| ๐ท๏ธ | License detection โ SPDX identifier per package | (always on) |
| ๐ | pub points & popularity score | (always on) |
| โ | Discontinued package detection with replacement hint | (always on) |
| ๐ | Security vulnerability check via OSV API โ free, no key needed | --security |
| ๐งช | Test coverage analysis โ file-level ratio & grade | --coverage |
| ๐ค | AI-powered health summary (Gemini or Groq) | --ai-summary |
| ๐ง | Auto-fix outdated constraints in pubspec.yaml |
--fix |
| ๐๏ธ | Dry-run preview of --fix changes |
--dry-run |
| ๐จ | Colored console output or machine-readable JSON | --format |
Installation #
Global (recommended โ use from any project) #
dart pub global activate flutter_quality_analyzer
Then run from inside any Flutter project:
fqa
If
fqais not found, add~/.pub-cache/binto your PATH:export PATH="$PATH:$HOME/.pub-cache/bin"
As a dev dependency #
dev_dependencies:
flutter_quality_analyzer: ^2.2.0
dart run flutter_quality_analyzer
Usage #
Basic โ version check, licenses, scores #
fqa
fqa --path /path/to/your/flutter_project
Security vulnerability check #
fqa --security
Queries the OSV API โ completely free, no API key required.
Auto-fix outdated packages #
# Preview what would change (safe โ doesn't write anything)
fqa --dry-run
# Apply โ rewrites pubspec.yaml with ^<latestVersion> for all outdated packages
fqa --fix
# Run `dart pub get` after to apply the new constraints
dart pub get
Test coverage analysis #
fqa --coverage
Counts test files vs source files, grades the project: Excellent / Good / Fair / Poor / None.
AI health summary #
# Using Gemini (free key at https://aistudio.google.com/app/apikey)
fqa --ai-summary --gemini-key YOUR_KEY
# Using Groq โ free, fast, no rate-limit issues (llama-3.3-70b-versatile)
fqa --ai-summary --ai-provider groq --groq-key YOUR_KEY
# Gemini with auto-fallback to Groq if rate-limited
fqa --ai-summary --gemini-key YOUR_GEMINI_KEY --groq-key YOUR_GROQ_KEY
# Set Gemini key via environment variable instead
export GEMINI_API_KEY=YOUR_KEY
fqa --ai-summary
Full analysis โ everything at once #
fqa --coverage --security --ai-summary --ai-provider groq --groq-key YOUR_KEY
JSON output (for CI / scripting) #
fqa --security --format json
fqa --coverage --format json > report.json
All flags #
| Flag | Short | Description |
|---|---|---|
--path |
-p |
Path to Flutter project (default: current directory) |
--format |
-f |
Output format: console (default) or json |
--security |
-s |
Check for known CVEs via OSV API |
--coverage |
-c |
Analyze test file coverage |
--ai-summary |
-a |
Generate AI health summary |
--ai-provider |
AI provider: gemini (default) or groq |
|
--gemini-key |
Gemini API key (or set GEMINI_API_KEY env var) |
|
--groq-key |
Groq API key | |
--fix |
Auto-update outdated constraints in pubspec.yaml |
|
--dry-run |
Preview --fix changes without writing to disk |
|
--verbose |
-v |
Enable debug logging |
--help |
-h |
Show usage |
Sample Output #
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Flutter Quality Analyzer v2.2.1 โ
โ Versions ยท Licenses ยท Coverage ยท AI Summary โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[INFO] Project : my_flutter_app
[INFO] Packages : 10 found
[INFO] Fetching versions, licenses & scores from pub.dev...
[INFO] Checking for known vulnerabilities via OSV...
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
PACKAGE CURRENT LATEST LICENSE PTS POP STATUS
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
dio ^4.0.0 5.9.2 MIT 160 100% โ Outdated
some_old_pkg ^1.0.0 1.0.0 MIT 80 12% โ Discontinued
โโ Use new_pkg instead
bad_pkg ^2.1.0 2.1.0 Apache-2.0 120 45% ๐ VULN (HIGH)
provider ^6.0.5 6.1.5+1 MIT 150 100% โ Up to date
go_router ^13.0.0 17.1.0 BSD-3-Clause 150 100% โ Up to date
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Dependency Summary โโโโโโโโโโโโโโโโโโโโโ
Total checked : 10
โ Up to date : 7
โ Outdated : 1
โ Discontinued : 1
๐ Vulnerable : 1
Run `dart pub upgrade` to update your dependencies.
Or run with --fix to auto-update pubspec.yaml.
โโ Security โโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ bad_pkg โ 1 vuln(s), highest: HIGH
โโ Test Coverage โโโโโโโโโโโโโโโโโโโโโโโโ
Test files : 5
Source files : 12
Ratio : 42%
Grade : Fair
โโ AI Health Summary (Groq) โโโโโโโโโโโโ
Health Score: 72/100 โ project is mostly healthy but has one high-severity
vulnerability and an outdated core networking package.
Top 3 Issues:
1. bad_pkg has a HIGH severity CVE โ upgrade or replace immediately
2. dio is 2 major versions behind (v4 โ v5) with breaking API changes
3. some_old_pkg is discontinued โ migrate to new_pkg
Top 3 Positives:
1. 7 out of 10 dependencies are fully up to date
2. All packages use OSI-approved licenses (MIT, BSD-3-Clause, Apache-2.0)
3. Test coverage exists with 5 test files
One action to take today: run `fqa --fix && dart pub get` to resolve the
outdated constraint, then address the HIGH vulnerability in bad_pkg.
Exit Codes #
| Code | Meaning |
|---|---|
0 |
All dependencies healthy (up to date, no vulns, none discontinued) |
1 |
One or more outdated, discontinued, or vulnerable packages found |
1 |
Fatal error (missing pubspec.yaml, invalid args, etc.) |
CI-friendly โ will fail a pipeline if any issues are found.
Get Free API Keys #
| Provider | Free tier | Link |
|---|---|---|
| Gemini | 15 req/min, 1M tokens/day | https://aistudio.google.com/app/apikey |
| Groq | Generous free tier, fast | https://console.groq.com |
| OSV | Completely free, no key | https://osv.dev |
Project Structure #
flutter_quality_analyzer/
โโโ bin/
โ โโโ flutter_quality_analyzer.dart # CLI entry point
โโโ lib/
โ โโโ src/
โ โโโ models/
โ โ โโโ dependency_info.dart
โ โ โโโ pubspec_data.dart
โ โ โโโ result.dart
โ โ โโโ version_check_result.dart
โ โ โโโ vulnerability_result.dart # OSV vulnerability model
โ โโโ services/
โ โ โโโ pubspec_reader.dart
โ โ โโโ pub_dev_client.dart # version, license, score, discontinued
โ โ โโโ version_checker.dart
โ โ โโโ osv_client.dart # OSV batch security check
โ โ โโโ fix_service.dart # pubspec.yaml auto-fix
โ โ โโโ coverage_analyzer.dart
โ โ โโโ ai_summary_service.dart # provider routing + fallback
โ โ โโโ ai_provider.dart # abstract interface
โ โ โโโ ai_provider_factory.dart
โ โ โโโ gemini_provider.dart
โ โ โโโ groq_provider.dart
โ โโโ reporters/
โ โ โโโ console_reporter.dart
โ โ โโโ json_reporter.dart
โ โ โโโ reporter.dart
โ โโโ utils/
โ โโโ logger.dart
โ โโโ version_utils.dart
โโโ test/
โโโ flutter_quality_analyzer_test.dart
Dependencies #
| Package | Purpose |
|---|---|
args |
CLI argument parsing |
http |
HTTP calls to pub.dev, OSV, and AI APIs |
yaml |
Parsing pubspec.yaml |
pub_semver |
Semver constraint comparison |
ansi_styles |
Terminal colour output |
Features #
- ๐ฆ Reads
dependenciesanddev_dependenciesfrompubspec.yaml - ๐ Fetches latest versions from the pub.dev API
- ๐ Compares version constraints (handles
^,>=,~, etc.) - ๐จ Clean colored terminal output
- โก Concurrent requests (batched, rate-limit safe)
- ๐ง Graceful error handling for network failures
- ๐๏ธ Extensible architecture (ready for license detection, test coverage, AI summaries)
Project Structure #
flutter_quality_analyzer/
โโโ bin/
โ โโโ flutter_quality_analyzer.dart # Entry point / CLI arg parsing
โโโ lib/
โ โโโ flutter_quality_analyzer.dart # Barrel exports
โ โโโ src/
โ โโโ models/
โ โ โโโ dependency_info.dart # Single dependency from pubspec
โ โ โโโ pubspec_data.dart # Parsed pubspec.yaml content
โ โ โโโ result.dart # Generic Result<T> type
โ โ โโโ version_check_result.dart
โ โโโ services/
โ โ โโโ pubspec_reader.dart # Reads + parses pubspec.yaml
โ โ โโโ pub_dev_client.dart # HTTP client for pub.dev API
โ โ โโโ version_checker.dart # Orchestrates checks, concurrency
โ โโโ reporters/
โ โ โโโ console_reporter.dart # Formatted terminal output
โ โโโ utils/
โ โโโ logger.dart # Leveled logger (INFO/WARN/ERROR/DEBUG)
โ โโโ version_utils.dart # Pure version string helpers
โโโ test/
โ โโโ flutter_quality_analyzer_test.dart
โโโ pubspec.yaml
โโโ analysis_options.yaml
โโโ README.md
Setup & Run #
1. Get dependencies #
cd flutter_quality_analyzer
dart pub get
2. Run against a Flutter project #
# Analyze the current directory
dart run bin/flutter_quality_analyzer.dart
# Analyze a specific project
dart run bin/flutter_quality_analyzer.dart --path /path/to/flutter_project
# Enable verbose/debug logs
dart run bin/flutter_quality_analyzer.dart --path /path/to/project --verbose
# Show help
dart run bin/flutter_quality_analyzer.dart --help
3. Run tests #
dart test
4. Compile to a standalone executable (optional) #
dart compile exe bin/flutter_quality_analyzer.dart -o fqa
./fqa --path /path/to/project
Sample Output #
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Flutter Quality Analyzer v1.0.0 โ
โ Dependency Health Check Tool โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
[INFO] Project: my_flutter_app
[INFO] Found 8 dependencies to analyze.
[INFO] Fetching latest versions from pub.dev...
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
PACKAGE CURRENT LATEST STATUS
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
dio ^4.0.0 5.4.3 โ Outdated
get ^4.6.5 4.6.6 โ Outdated
shared_preferences ^2.2.2 2.2.2 โ Up to date
provider ^6.1.1 6.1.2 โ Outdated
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโ Summary โโโโโโโโโโโโโโโโโโโโโโโโโโ
Total checked : 4
โ Up to date : 1
โ Outdated : 3
Run `dart pub upgrade` to update your dependencies.
Exit Codes #
| Code | Meaning |
|---|---|
| 0 | All dependencies up to date |
| 1 | One or more outdated deps found |
| 1 | Fatal error (missing pubspec etc) |
This makes the tool CI-friendly โ it will fail a pipeline if outdated deps exist.
Future Scope #
The architecture is designed for these upcoming features:
| Feature | Where to add |
|---|---|
| License detection | lib/src/services/license_checker.dart + new model |
| Test coverage | lib/src/services/coverage_analyzer.dart |
| AI-based summary | lib/src/services/ai_summary_service.dart |
| JSON reporter | lib/src/reporters/json_reporter.dart |
| HTML reporter | lib/src/reporters/html_reporter.dart |
All reporters can share a common Reporter abstract interface.
Dependencies Used #
| Package | Purpose |
|---|---|
args |
CLI argument parsing |
http |
HTTP calls to pub.dev API |
yaml |
Parsing pubspec.yaml |
pub_semver |
Proper semver constraint comparison |
ansi_styles |
Terminal color output |
Metadata
1
likes
160
points
342
downloads
Documentation
Publisher
unverified uploader
Weekly Downloads
Metadata
CLI analyzer for Flutter/Dart dependencies, security, coverage, and AI health summary.
Repository (GitHub)
View/report issues
License
MIT (license)
Dependencies
ansi_styles, args, http, pub_semver, yaml
