DevBolt
Processed in your browser. Your data never leaves your device.

How do I measure code complexity online?

Paste your JavaScript or TypeScript code and click Analyze to see cyclomatic complexity, cognitive complexity, nesting depth, and maintainability index for every function. Each function gets a risk rating with actionable refactoring recommendations. All analysis runs in your browser — your code never leaves your device.

Analyze simple function
Input
function add(a: number, b: number) {
  return a + b;
}
Output
Function: add
  Cyclomatic: 1 (low)
  Cognitive: 0 (low)
  Nesting: 0
  Maintainability: A

Overall Grade: A
No issues found

Code Complexity Analyzer

Paste JavaScript or TypeScript code to analyze cyclomatic complexity, cognitive complexity, nesting depth, and maintainability index per function. 100% client-side — your code never leaves your browser.

Samples:
Ctrl+Enter to analyze

Tips & Best Practices

Pro Tip

Aim for cyclomatic complexity under 10 per function

Functions with complexity above 10 are hard to test and maintain. Each branch (if/else, switch case, ternary, catch) adds a test case you need to write. A function with complexity 15 needs at minimum 15 test paths. Extract helper functions or use early returns to reduce branching.

Common Pitfall

Low complexity doesn't mean good code — it means testable code

A function that calls 20 external services sequentially has low cyclomatic complexity (no branches) but is a maintenance nightmare. Complexity metrics measure one dimension of code quality. Combine with nesting depth, cognitive complexity, and function length for a complete picture.

Real-World Example

Use complexity to prioritize refactoring in legacy codebases

Sort functions by complexity to find the highest-risk code. Functions with complexity 25+ are the ones that cause the most bugs and take the longest to modify. Refactor these first — the ROI on reducing a function from complexity 30 to three functions of complexity 8 is enormous.

Security Note

High complexity correlates with more vulnerabilities

Research shows that functions with cyclomatic complexity above 15 are 2-3x more likely to contain security bugs. Complex branching logic hides edge cases where input validation is skipped or authorization checks are bypassed. High complexity code deserves extra security review.

Frequently Asked Questions

What is cyclomatic complexity and why does it matter?
Cyclomatic complexity (CC) measures the number of independent paths through a function — essentially how many decision points (if, else if, case, loops, ternary, logical operators) exist. A CC of 1-5 means the function is simple and easy to test. 6-10 is moderate and may benefit from refactoring. Above 10 is complex and hard to test thoroughly — each path needs at least one test case. Above 20 is very high risk and should be split into smaller functions. This is especially important for AI-generated code, which often produces long functions with many branches.
What is cognitive complexity and how is it different from cyclomatic?
Cognitive complexity measures how hard code is for a human to understand, as defined by SonarSource. Unlike cyclomatic complexity which counts all paths equally, cognitive complexity adds nesting penalties — an if inside a for inside another if scores much higher than three sequential if statements. This better reflects the mental effort needed to follow the code. A function with CC=10 might have cognitive complexity of 5 (flat structure) or 25 (deeply nested). DevBolt shows both metrics so you can identify functions that are both hard to test and hard to read.
What is the maintainability index and how is the grade calculated?
The maintainability index (MI) is a composite metric originally developed at Carnegie Mellon and adopted by Microsoft Visual Studio. It combines cyclomatic complexity, lines of code, and Halstead volume (a measure of code vocabulary) into a single 0-100 score. Higher is better: 80-100 is grade A (highly maintainable), 60-79 is grade B, 40-59 is grade C, 20-39 is grade D, and below 20 is grade F. DevBolt uses a simplified version of this formula optimized for JavaScript and TypeScript functions.
Is this tool accurate enough for production use?
DevBolt's Code Complexity Analyzer uses pattern-based static analysis to identify functions and calculate metrics. It handles standard JavaScript and TypeScript function declarations, arrow functions, class methods, and common patterns. The metrics are approximations — for precise results in CI/CD pipelines, use ESLint's complexity rule, SonarQube, or CodeClimate. This tool is ideal for quick code reviews, evaluating AI-generated code quality, and learning about complexity metrics without installing anything.

Related Inspect Tools

X/

XPath Tester

Test XPath expressions against XML data with real-time evaluation — select elements, filter by attributes, navigate axes, and use XPath functions

SQL Playground

Run SQL queries in your browser with a full SQLite database powered by WebAssembly — practice JOINs, CTEs, window functions, aggregations, and more

JWT

JWT Decoder

Decode and inspect JSON Web Tokens instantly

.*

Regex Tester

Test regular expressions with real-time match highlighting