Scan your repo for hallucinated imports, dead code, architecture drift, dependency risk, and tech debt. Then fix what can be fixed automatically. One command. Zero config.
Used daily across Orion OS, Silverwings, Navisynth, Praxis Human, Mintaka & Thuban itself.
$ npx thuban scan .Click to copy
Watch Thuban scan, detect, and fix a real codebase
Copilot, Cursor, Claude, ChatGPT — they generate code that looks right but silently breaks things.
Import modules that don't exist in your project
Call API methods that were deprecated years ago
Paste utility functions then never call them
Duplicate logic across files that slowly drifts apart
Generate code that looks perfect but crashes in production
Scans every file for phantom imports and fake APIs
Flags deprecated patterns before they break on upgrade
Finds dead functions that inflate your bundle
Detects copy-paste drift before it causes bugs
Fixes what it can, reports what it can't — in seconds
Thuban is the safety layer between AI-generated code and your production environment.
Run one command. Get a health score. Fix what's broken. Move on.
Mother Code is Thuban's unique self-awareness layer. It turns your codebase from a bag of files into a connected, self-documenting system.
// utils/calculateScore.js
function calculateScore(issues, files) {
let score = 100;
issues.forEach(i => {
score -= i.severity * 2;
});
return Math.max(0, score);
}
module.exports = { calculateScore };No context. No purpose. No connections. Just code floating in a folder.
/**
* @thuban-purpose Calculates health score from issues
* @thuban-owner scanner
* @thuban-depends-on hallucination-detector, tech-debt
* @thuban-depended-by cli.js, html-report.js, dashboard
* @thuban-sacred false
* @thuban-last-verified 2026-06-27
*/
function calculateScore(issues, files) {
let score = 100;
issues.forEach(i => {
score -= i.severity * 2;
});
return Math.max(0, score);
}
module.exports = { calculateScore };Now the file knows its purpose, its owner, and what breaks if you change it.
When every file has DNA, Thuban can detect drift — when a file's code no longer matches its declared purpose. It can detect breaking changes — when you edit a file that other files depend on. And it gives new team members instant context — read the header, understand the file.
npx thuban inject .
Add Mother Code DNA to every file in your project
Real output from a real scan. No mockups. No staged demos.
$ npx thuban scan .SCANNING: /my-project Found 1547 files to scan... ╔══════════════════════════════════════════════════════╗ ║ THUBAN SCAN ║ ╠══════════════════════════════════════════════════════╣ ║ Files scanned: 1547 ║ ║ Health score: D+ (52/100) ║ ║ Scan time: 1017ms ║ ╚══════════════════════════════════════════════════════╝ HIGH: 1 Deprecated API (will break on Node upgrade) server.js:24 url.parse() — deprecated since Node 11 → Use new URL() — url.parse() is legacy CODE QUALITY: 86 issues ! cdp-connector.js:21 Hardcoded localhost URL ! takeover.js:45 Hardcoded localhost URL ... 84 more
$ npx thuban fix .DRY RUN — showing what would change (no files modified) SAFE FIX: server.js:24 - const parsed = url.parse(reqUrl); + const parsed = new URL(reqUrl, base); SAFE FIX: cdp-connector.js:21 - const ws = 'ws://localhost:9222'; + const ws = process.env.CDP_URL || 'ws://localhost:9222'; 61 fixes available | 61 safe | 0 unsafe Run with --fix to apply
$ npx thuban fix . --fix --commitFIXED: server.js:24 — replaced url.parse with new URL committed: thuban-fix: update deprecated url.parse FIXED: cdp-connector.js:21 — environment variable for CDP URL committed: thuban-fix: use env var for CDP URL ... 61 fixes applied. 61 git commits created. Don't like a fix? Run: git revert <commit>
$ npx thuban dashboard .Dashboard saved: thuban-report-2026-06-27.html Open it in your browser — share it with your CTO. Score rings, category breakdown, every issue listed, fixable items highlighted.
$ npx thuban scan https://github.com/company/their-apiCloning repository... Cloned successfully SCANNING: their-api Found 892 files to scan... ╔══════════════════════════════════════════════════════╗ ║ Health score: C (68/100) ║ ╚══════════════════════════════════════════════════════╝ 14 AI hallucination risks 23 deprecated APIs 42 code quality issues (temporary clone removed — nothing stored)
$ npx thuban compare ./our-app https://github.com/competitor/app┌──────────────────────┬──────────────────────┬──────────────────────┐ │ METRIC │ our-app │ competitor-app │ ├──────────────────────┼──────────────────────┼──────────────────────┤ │ Health Score │ B (85/100) │ D+ (52/100) │ │ Grade │ B │ D+ │ │ Files Scanned │ 301 │ 1547 │ │ Total Issues │ 3 │ 87 │ │ Hallucinations │ 0 │ 14 │ │ Circular Deps │ 0 │ 4 │ │ Mother Code DNA │ 92% │ 0% │ └──────────────────────┴──────────────────────┴──────────────────────┘ VERDICT: our-app is healthier 33 point difference — significant gap
Side-by-side health comparison with a verdict. Built for AI-code failure modes traditional linters miss.
Every day, CTOs sign contracts with vendors they've never audited. Teams refactor code with no way to prove it improved. Agencies deliver projects with no objective quality proof. Developers inherit repos and have no idea how bad the situation is.
Thuban Compare solves this in one command. Point it at any two codebases — local folders, GitHub repos, or a mix of both — and get a full side-by-side health report with a clear verdict. No setup. No configuration. No meetings. Just data.
Built for a class of problem traditional linters were never designed to catch.
npx thuban compare [codebase A] [codebase B]The entire process takes under 2 seconds. Both scans run locally on your machine. No API calls. No cloud. No data leaves your laptop.
| Metric | your-app | vendor-api |
|---|---|---|
| Health Score | B (85/100) | D+ (52/100) |
| Files Scanned | 301 | 1,547 |
| Total Issues | 3 | 87 |
| AI Hallucinations | 0 | 14 |
| Critical Issues | 0 | 6 |
| Circular Dependencies | 0 | 4 |
| Orphan Files | 2 | 31 |
| Mother Code DNA | 92% | 0% |
| Drift Issues | 1 | 18 |
| Scan Time | 99ms | 977ms |
CTO about to sign a £200k contract? Scan their repo first. See if their code is production-grade or held together with duct tape.
Prove refactoring ROI. Run compare on last month’s snapshot vs today. Show the board a 40-point health improvement.
Compare your code against any open-source repo. Know exactly where you stand. Use the report in investor decks and pitches.
Agency delivering code? Run compare against industry standard. Hand the client a side-by-side proof of quality. Close the deal.
npx thuban compare ./my-app https://github.com/company/their-appWorks with any mix of local folders and GitHub URLs. Results in under 2 seconds.
Thuban reads your files, applies text replacements, and writes them back. Here is every fix it makes, with exact before/after.
npx thuban fix . --fix--commit, it creates a git commit so you can git revert any fixNothing is deleted. Nothing is uploaded. No API calls. It's a local find-and-replace engine with safety guards.
+ /** + * @thuban-purpose Express server configuration + * @thuban-owner api + * @thuban-depends-on express, auth-middleware + */ const express = require('express'); // unchanged
console.log() calls. Keeps console.error() and console.warn().- console.log('debug: user data', userData); console.error('Failed to connect'); // kept
--unsafe flag — changes runtime behaviour)- const parsed = url.parse(reqUrl); + const parsed = new URL(reqUrl); - const buf = new Buffer('hello'); + const buf = Buffer.from('hello'); - const sys = require('sys'); + const sys = require('util');
- const api = 'http://localhost:8080/api'; + const api = (process.env.SERVICE_URL_8080 || 'http://localhost:8080/api');
19 commands. Zero dependencies. Works on any codebase — JavaScript, TypeScript, Python, Go, Rust, Java, Kotlin, C# and more.
Find phantom imports, invented APIs, and deprecated patterns that AI coding tools leave behind. Built specifically to catch the failure modes AI coding tools create.
Only in ThubanGet a clear 0-100 score across Security, Architecture, Code Quality, Dependencies, and Mother Code coverage. Grade A through F.
One command fixes hundreds of issues automatically. Inject annotations, remove debug logs, update deprecated APIs, break circular deps.
Inject contextual DNA into every file. Your codebase becomes self-aware — every file knows what it does, what depends on it, and what breaks if it changes.
Only in ThubanBeautiful HTML reports you can email to your CTO. Score rings, category breakdowns, fixable items grid. Dark theme. Print-friendly.
Drop one file into your repo. Every PR gets a grade comment. Block merges below threshold. Dashboard artifact on every run.
Block bad code before it enters your repo. 3-second scan on every commit catches hallucinated APIs instantly. Install once, forget forever.
Only in ThubanTranslate tech debt into pounds and hours. Show your CTO exactly what bad code costs per month — and what Thuban saves. ROI in one command.
CTO FavouriteFind AI-pasted functions that exist but are never called. Dead code inflates your bundle, confuses devs, and hides bugs. Thuban finds every ghost.
Only in ThubanPer-function risk assessment for AI-generated code. Scores every function 0-100% using 12 signals. Know exactly which code needs human review before it ships.
Only in ThubanFind similar code blocks scattered across files. Thuban clusters duplicates and recommends shared utilities. Kill redundancy before it kills you.
One JSON file that describes your entire project — languages, architecture, sacred files, entry points, onboarding guide. New devs productive in minutes.
Onboarding KillerFull dependency graph with circular detection, orphan files, critical path analysis. Know what breaks before you change it.
Code evolves. Annotations become stale. Thuban detects when files have drifted from their declared purpose and flags the gap.
Watch mode monitors your codebase in real-time. Save a file, get instant feedback. Hallucination check on every keystroke.
Dry-run preview before any changes. Safe/unsafe separation. Git commit mode for easy rollback. Thuban never changes runtime behaviour without your explicit opt-in.
Senate ApprovedSnapshot your current issues. Future scans only flag NEW problems. Perfect for CI — don't fail on legacy debt, only fail on new mistakes being merged.
CI EssentialEvery detection has a unique rule ID (HALL_API001, DEPR_API003). Suppress false positives with a simple // thuban-ignore HALL_API001 comment. Full transparency.
Paste any public GitHub URL and Thuban clones, scans, scores, and cleans up automatically. No need to clone repos manually. Evaluate any codebase in 30 seconds.
Only in ThubanCompare two codebases side by side — local or remote. Health score, issues, dependencies, DNA coverage, and a verdict with gap analysis. Perfect for evaluating vendors, benchmarking against competitors, or measuring before vs after a refactor.
Only in ThubanThuban runs entirely on your machine. Your code never leaves. The subscription unlocks features — not server time.
Thuban scans files using Node.js on your local filesystem. No API calls, no cloud processing, no servers. As your codebase grows to 10,000 or 100,000 files, the only cost is your own CPU time. We never see your code.
thuban fix . shows you exactly what would change — no files are touched until you explicitly add --fix. Preview every patch before it lands.
DNA injection and debug log removal are safe — they never change runtime behaviour. Deprecated API swaps and URL wrapping are unsafe — they require the --unsafe flag. You choose.
Use --commit and every fix becomes a labelled git commit. Don't like it? git revert HEAD. One command to undo.
Why does this matter commercially?
You pay for the license. You run the compute. Your codebase grows from 500 files to 50,000 files — your subscription stays the same.
Thuban gets faster as hardware improves, and there is zero marginal cost to us per scan. That means we can keep prices low and never throttle you.
Whether you're shipping solo or leading a team, Thuban catches what your tools miss.
You're building fast with Copilot, Cursor, or Claude. Thuban catches the phantom APIs and ghost functions before your users do. Run npx thuban scan . before every deploy.
Thuban translates your codebase health into hours and pounds. Get a board-ready PDF showing exactly where the risk is and what it costs. Run thuban executive . and forward it.
Install the pre-commit gate once. Every commit is checked for hallucinated code in 3 seconds. Block bad code before it enters your repo. Run thuban gate --fix and forget about it.
Existing tools check syntax. Thuban checks whether your AI-generated code is real.
| Feature | Thuban | ESLint | SonarQube |
|---|---|---|---|
| AI hallucination detection | ✓ | ✗ | ✗ |
| Ghost code detection | ✓ | ✗ | Partial |
| AI risk scoring per function | ✓ | ✗ | ✗ |
| Tech debt cost in £ / hours | ✓ | ✗ | Partial |
| Pre-commit hallucination gate | ✓ | ✗ | ✗ |
| Copy-paste drift detection | ✓ | ✗ | ✓ |
| Codebase passport / identity | ✓ | ✗ | ✗ |
| Zero config / npx command | ✓ | Needs .eslintrc | Server required |
| CTO executive PDF report | ✓ | ✗ | Partial |
| Auto-fix | ✓ | ✓ | Limited |
| Safe/unsafe fix separation | ✓ | ✗ | ✗ |
| Baseline / delta scanning | ✓ | Limited | Partial |
| Scan any GitHub repo (no clone) | ✓ | ✗ | ✗ |
| Side-by-side codebase comparison | ✓ | ✗ | ✗ |
| Rule IDs + inline suppression | ✓ | ✓ | ✓ |
| Price | Free / £19/mo | Free | $150+/mo |
Thuban runs daily across 7 live ventures. These are real scans, real issues caught, real fixes shipped.
No signup. No config files. No cloud account. Just run it.
Point Thuban at any directory. It scans every file, maps dependencies, checks for hallucinations, and scores your health.
npx thuban scan .
Get a clear grade (A-F), issue count, and a visual HTML dashboard. See exactly what's wrong and what can be auto-fixed.
npx thuban dashboard .
Preview all fixes in dry-run mode first. Then apply safe fixes only, or use --unsafe for runtime changes. Every fix can be auto-committed for easy rollback.
npx thuban fix . --fix --commit
Every command works the same way: npx thuban [command] [path]
Run these in order to see what Thuban does:
npx thuban scan . Scan your projectnpx thuban fix . Preview what can be fixednpx thuban fix . --fix Apply all safe fixesnpx thuban dashboard . Open visual HTML reportthuban scan .
Full health scan — score, issues, hallucinations, grade
thuban hallucinate .
Find phantom APIs, invented methods, fake imports PRO
thuban ghosts .
Find dead code — functions that exist but nobody calls PRO
thuban ai-score .
AI risk score per function — which code needs human review PRO
thuban clones .
Copy-paste drift — find duplicate code that should be shared PRO
thuban drift .
Detect files that have drifted from their declared purpose PRO
thuban deps .
Map dependencies, detect circular imports, find orphans
thuban diff .
Scan only git-changed files — fast CI check
thuban debt .
Detailed tech debt breakdown with severity scores
thuban fix .
Preview what can be fixed — safe, no changes made PRO
thuban fix . --fix
Apply all safe fixes automatically PRO
thuban fix . --fix --commit
Each fix = 1 git commit — revert any with git revert PRO
thuban gate --fix
Install pre-commit hook — block hallucinated code automatically PRO
thuban inject .
Inject Mother Code DNA annotations into every file PRO
thuban baseline .
Snapshot current issues — future scans only flag NEW problems TEAM
thuban watch .
Live sentinel — monitors your codebase in real-time PRO
thuban dashboard .
Generate beautiful HTML dashboard with score rings PRO
thuban executive .
CTO-ready PDF report — forward it to your board PRO
thuban cost .
Tech debt cost in £ and hours — ROI in one command PRO
thuban passport .
Generate codebase identity file — new devs productive in minutes PRO
thuban health .
Quick health check with summary scores
thuban report .
Full combined report — scan + deps + drift in one go
--fix
Apply fixes (default is dry-run preview)
--unsafe
Allow runtime-changing fixes (circular deps, deprecated API swaps)
--commit
Auto-commit each fix as a separate git commit for easy rollback
--json
Output as JSON for CI/CD pipelines
--baseline
Only report NEW issues vs saved baseline
--verbose
Detailed output with extra context
How many phantom APIs are already in your codebase?
No credit card required. Free tier works forever.
Try it right now
For professional developers
or £149/year (save 35%)
For teams up to 10
or £799/year (save 33%)
For organisations at scale
Before you raise, launch, scale, or spend another £20k on developers — find out what your codebase actually is.
npx thuban inject . to add it.npx download from npm. Optional anonymous usage stats (file count, score, grade — never code) can be enabled with thuban telemetry --on but are off by default.--fix to apply changes. Add --commit and each fix becomes a separate git commit you can revert with one command. Safe fixes (like updating deprecated APIs) never change runtime behaviour. Unsafe fixes (like restructuring circular deps) require the explicit --unsafe flag.npx thuban scan . — that's it. No install, no config files, no signup. Thuban downloads, scans your project, and shows your health score in under 30 seconds.Zero install. Zero config. Zero signup. Just paste this into your terminal.