Cyclomatic complexity is a crucial metric for assessing the complexity of your code. It measures the number of different paths through a function, and in essence, it tells you how complicated and tangled your code might be. A high cyclomatic complexity often indicates code that is hard to understand, challenging to maintain, and prone to bugs.
Today, we are excited to announce the capability to identify functions with “unacceptable” values of cyclomatic complexity across all major programming languages supported by DeepSource. Issues are raised on such functions so that you are aware of parts in your codebase that are a maintenance nightmare and can take proactive steps to ensure that they are refactored to more maintainable implementations.
Whenever a function is reported to have an elevated cyclomatic complexity, it is not only associated with a complexity value but is also assigned a risk level
. This risk level serves as a handy indicator to guide you in deciding which functions in your codebase should be refactored on priority.
Risk Level | Cyclomatic Complexity Range | Recommended Action |
---|---|---|
low | 1 - 5 | No action needed. |
medium | 6 - 15 | Review and monitor. |
high | 16 - 25 | Review and refactor. Recommended to add comments if the function absolutely needs to be kept as it is. |
very-high | 26 - 50 | Refactor to reduce the complexity. |
critical | > 50 | Must refactor this. This can make the code untestable and very difficult to understand. |
We acknowledge that the interpretation of cyclomatic complexity can be subjective, and hence these risk levels are also used to specify the threshold above which you would like a function to be flagged as having an “unacceptable” value of cyclomatic complexity.
DeepSource by default has a particular risk level set as the threshold based on the nature of each programming language. However, this threshold can be changed per language analyzer by adding the cyclomatic_complexity_threshold
meta option in your .deepsource.toml
file.
To learn more about the default thresholds and how to configure them, you can visit the respective analyzer documentation.