Skip to main content

org.openrewrite.recipe

License: Moderne Proprietary License

7 recipes

rewrite-all

License: Apache License Version 2.0

3 recipes

  • org.openrewrite.FindCallGraph
    • Find call graph
    • Produces a data table where each row represents a method call.
  • org.openrewrite.FindDuplicateSourceFiles
    • Find duplicate source files
    • Record the presence of LSTs with duplicate paths, indicating that the same file was parsed more than once.
  • org.openrewrite.LanguageComposition
    • Language composition report
    • Counts the number of lines of the various kinds of source code and data formats parsed by OpenRewrite. Comments are not included in line counts. This recipe emits its results as two data tables, making no changes to any source file. One data table is per-file, the other is per-repository.

rewrite-android

License: Moderne Proprietary License

29 recipes

rewrite-apache

License: Moderne Source Available License

118 recipes

rewrite-circleci

License: Moderne Proprietary License

2 recipes

rewrite-codemods

License: Moderne Source Available License

454 recipes

rewrite-codemods-ng

License: Moderne Proprietary License

8 recipes

rewrite-compiled-analysis

License: Moderne Proprietary License

2 recipes

rewrite-concourse

License: Moderne Proprietary License

6 recipes

rewrite-cucumber-jvm

License: Moderne Source Available License

10 recipes

rewrite-dotnet

License: Moderne Proprietary License

6 recipes

rewrite-feature-flags

License: Moderne Source Available License

27 recipes

rewrite-github-actions

License: Moderne Source Available License

54 recipes

rewrite-gitlab

License: Moderne Source Available License

22 recipes

rewrite-hibernate

License: Moderne Source Available License

24 recipes

rewrite-jackson

License: Apache License Version 2.0

39 recipes

rewrite-java-dependencies

License: Apache License Version 2.0

18 recipes

  • org.openrewrite.java.dependencies.AddDependency
    • Add Gradle or Maven dependency
    • For a Gradle project, add a gradle dependency to a build.gradle file in the correct configuration based on where it is used. Or For a maven project, Add a Maven dependency to a pom.xml file in the correct scope based on where it is used.
  • org.openrewrite.java.dependencies.ChangeDependency
    • Change Gradle or Maven dependency
    • Change the group ID, artifact ID, and/or the version of a specified Gradle or Maven dependency.
  • org.openrewrite.java.dependencies.DependencyInsight
    • Dependency insight for Gradle and Maven
    • Finds dependencies, including transitive dependencies, in both Gradle and Maven projects. Matches within all Gradle dependency configurations and Maven scopes.
  • org.openrewrite.java.dependencies.DependencyList
    • Dependency report
    • Emits a data table detailing all Gradle and Maven dependencies. This recipe makes no changes to any source file.
  • org.openrewrite.java.dependencies.DependencyResolutionDiagnostic
    • Dependency resolution diagnostic
    • Recipes which manipulate dependencies must be able to successfully access the artifact repositories and resolve dependencies from them. This recipe produces two data tables used to understand the state of dependency resolution. The Repository accessibility report lists all the artifact repositories known to the project and whether respond to network access. The network access is attempted while the recipe is run and so is representative of current conditions. The Gradle dependency configuration errors lists all the dependency configurations that failed to resolve one or more dependencies when the project was parsed. This is representative of conditions at the time the LST was parsed.
  • org.openrewrite.java.dependencies.FindDependency
    • Find Maven and Gradle dependencies
    • Finds direct dependencies declared in Maven and Gradle build files. This does not search transitive dependencies. To detect both direct and transitive dependencies use org.openrewrite.java.dependencies.DependencyInsight This recipe works for both Maven and Gradle projects.
  • org.openrewrite.java.dependencies.FindRepositoryOrder
    • Maven repository order
    • Determine the order in which dependencies will be resolved for each pom.xml or build.gradle based on its defined repositories and effective settings.
  • org.openrewrite.java.dependencies.RelocatedDependencyCheck
    • Find relocated dependencies
    • Find Maven and Gradle dependencies and Maven plugins that have relocated to a new groupId or artifactId. Relocation information comes from the oga-maven-plugin maintained by Jonathan Lermitage, Filipe Roque and others. This recipe makes no changes to any source file by default. Add changeDependencies=true to change dependencies, but note that you might need to run additional recipes to update imports and adopt other breaking changes.
  • org.openrewrite.java.dependencies.RemoveDependency
    • Remove a Gradle or Maven dependency
    • For Gradle project, removes a single dependency from the dependencies section of the build.gradle. For Maven project, removes a single dependency from the <dependencies> section of the pom.xml.
  • org.openrewrite.java.dependencies.RemoveRedundantDependencies
    • Remove redundant explicit dependencies
    • Remove explicit dependencies that are already provided transitively by a specified dependency. This recipe downloads and resolves the parent dependency's POM to determine its true transitive dependencies, allowing it to detect redundancies even when both dependencies are explicitly declared.
  • org.openrewrite.java.dependencies.UpgradeDependencyVersion
    • Upgrade Gradle or Maven dependency versions
    • For Gradle projects, upgrade the version of a dependency in a build.gradle file. Supports updating dependency declarations of various forms: * String notation: "group:artifact:version" * Map notation: group: 'group', name: 'artifact', version: 'version' It is possible to update version numbers which are defined earlier in the same file in variable declarations. For Maven projects, upgrade the version of a dependency by specifying a group ID and (optionally) an artifact ID using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.java.dependencies.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Gradle or Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom.xml or Gradle build.gradle. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.java.dependencies.search.DoesNotIncludeDependency
    • Does not include dependency for Gradle and Maven
    • A precondition which returns false if visiting a Gradle file / Maven pom which includes the specified dependency in the classpath of some Gradle configuration / Maven scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • org.openrewrite.java.dependencies.search.FindDuplicateClasses
    • Find duplicate classes on the classpath
    • Detects classes that appear in multiple dependencies on the classpath. This is similar to what the Maven duplicate-finder-maven-plugin does. Duplicate classes can cause runtime issues when different versions of the same class are loaded.
  • org.openrewrite.java.dependencies.search.FindMinimumDependencyVersion
    • Find the oldest matching dependency version in use
    • The oldest dependency version in use is the lowest dependency version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Jackson 2.11, but a test source set uses Jackson 2.16. In this case, the oldest Jackson version in use is Java 2.11.
  • org.openrewrite.java.dependencies.search.FindMinimumJUnitVersion
    • Find minimum JUnit version
    • A recipe to find the minimum version of JUnit dependencies. This recipe is designed to return the minimum version of JUnit in a project. It will search for JUnit 4 and JUnit 5 dependencies in the project. If both versions are found, it will return the minimum version of JUnit 4. If a minimumVersion is provided, the recipe will search to see if the minimum version of JUnit used by the project is no lower than the minimumVersion. For example: if the minimumVersion is 4, and the project has JUnit 4.12 and JUnit 5.7, the recipe will return JUnit 4.12. If the project has only JUnit 5.7, the recipe will return JUnit 5.7. Another example: if the minimumVersion is 5, and the project has JUnit 4.12 and JUnit 5.7, the recipe will not return any results.
  • org.openrewrite.java.dependencies.search.ModuleHasDependency
    • Module has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.java.dependencies.search.RepositoryHasDependency
    • Repository has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a repository with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use a springframework dependency, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.

rewrite-java-security

License: Moderne Proprietary License

106 recipes

  • org.openrewrite.csharp.dependencies.DependencyInsight
    • Dependency insight for C#
    • Finds dependencies in *.csproj and packages.config.
  • org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable Nuget dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable. Last updated: 2026-05-11T1202.
  • org.openrewrite.csharp.dependencies.UpgradeDependencyVersion
    • Upgrade C# dependency versions
    • Upgrades dependencies in *.csproj, Directory.Packages.props, and packages.config.
  • org.openrewrite.java.dependencies.AddExplicitTransitiveDependencies
    • Add explicit transitive dependencies
    • Detects when Java source code or configuration files reference types from transitive Maven dependencies and promotes those transitive dependencies to explicit direct dependencies in the pom.xml. This ensures the build is resilient against changes in transitive dependency trees of upstream libraries.
  • org.openrewrite.java.dependencies.DependencyLicenseCheck
    • Find licenses in use in third-party dependencies
    • Locates and reports on all licenses in use.
  • org.openrewrite.java.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Upgrades dependencies versioned according to Semantic Versioning. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List<Vulnerability> objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source. Last updated: 2026-05-11T1202.
  • org.openrewrite.java.dependencies.RemoveUnusedDependencies
    • Remove unused dependencies
    • Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as: Class.forName("java.util.List") that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
  • org.openrewrite.java.dependencies.SoftwareBillOfMaterials
    • Software bill of materials
    • Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
  • org.openrewrite.java.security.FindTextDirectionChanges
    • Find text-direction changes
    • Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/ for more information.
  • org.openrewrite.java.security.FixCwe338
    • Fix CWE-338 with SecureRandom
    • Use a cryptographically strong pseudo-random number generator (PRNG).
  • org.openrewrite.java.security.FixCwe918
    • Remediate server-side request forgery (SSRF)
    • Inserts a guard that validates URLs constructed from user-controlled input do not target internal network addresses, blocking server-side request forgery (SSRF) attacks.
  • org.openrewrite.java.security.ImproperPrivilegeManagement
    • Improper privilege management
    • Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
  • org.openrewrite.java.security.JavaSecurityBestPractices
    • Java security best practices
    • Applies security best practices to Java code.
  • org.openrewrite.java.security.Owasp2025A01
    • Remediate OWASP A01:2025 Broken access control
    • OWASP A01:2025 describes failures related to broken access control.
  • org.openrewrite.java.security.Owasp2025A02
    • Remediate OWASP A02:2025 Security misconfiguration
    • OWASP A02:2025 describes failures related to security misconfiguration. Previously A05:2021, this category moved up to #2 in 2025.
  • org.openrewrite.java.security.Owasp2025A03
    • Remediate OWASP A03:2025 Software supply chain failures
    • OWASP A03:2025 describes failures related to the software supply chain, including vulnerable and outdated components. Expanded from A06:2021 Vulnerable and Outdated Components.
  • org.openrewrite.java.security.Owasp2025A04
    • Remediate OWASP A04:2025 Cryptographic failures
    • OWASP A04:2025 describes failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data. Previously A02:2021.
  • org.openrewrite.java.security.Owasp2025A05
    • Remediate OWASP A05:2025 Injection
    • OWASP A05:2025 describes failures related to user-supplied data being used to influence program state to operate outside of its intended bounds. Previously A03:2021.
  • org.openrewrite.java.security.Owasp2025A07
    • Remediate OWASP A07:2025 Identification and authentication failures
    • OWASP A07:2025 describes failures related to identification and authentication, including weak credential management, missing brute force protections, session fixation, hardcoded credentials, insecure "remember me", and missing multi-factor authentication. Same position as A07:2021 (no prior aggregator existed).
  • org.openrewrite.java.security.OwaspA01
    • Remediate OWASP A01:2021 Broken access control
    • OWASP A01:2021 describes failures related to broken access control.
  • org.openrewrite.java.security.OwaspA02
    • Remediate OWASP A02:2021 Cryptographic failures
    • OWASP A02:2021 describes failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data. This recipe seeks to remediate these vulnerabilities.
  • org.openrewrite.java.security.OwaspA03
    • Remediate OWASP A03:2021 Injection
    • OWASP A03:2021 describes failures related to user-supplied data being used to influence program state to operate outside of its intended bounds. This recipe seeks to remediate these vulnerabilities.
  • org.openrewrite.java.security.OwaspA05
    • Remediate OWASP A05:2021 Security misconfiguration
    • OWASP A05:2021 describes failures related to security misconfiguration.
  • org.openrewrite.java.security.OwaspA06
    • Remediate OWASP A06:2021 Vulnerable and outdated components
    • OWASP A06:2021 describes failures related to vulnerable and outdated components.
  • org.openrewrite.java.security.OwaspA08
    • Remediate OWASP A08:2021 Software and data integrity failures
    • OWASP A08:2021 software and data integrity failures.
  • org.openrewrite.java.security.OwaspTopTen
    • Remediate vulnerabilities from the OWASP Top Ten
    • OWASP publishes a list of the most impactful common security vulnerabilities. These recipes identify and remediate vulnerabilities from the OWASP Top Ten.
  • org.openrewrite.java.security.PartialPathTraversalVulnerability
    • Partial path traversal vulnerability
    • Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()). To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out"). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/; however, println(new File("/var", "/").getCanonicalPath()) will print /var.
  • org.openrewrite.java.security.RegularExpressionDenialOfService
    • Regular Expression Denial of Service (ReDOS)
    • ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack here for more details.
  • org.openrewrite.java.security.SecureRandom
    • Secure random
    • Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.
  • org.openrewrite.java.security.SecureRandomPrefersDefaultSeed
    • SecureRandom seeds are not constant or predictable
    • Remove SecureRandom#setSeed(*) method invocations having constant or predictable arguments.
  • org.openrewrite.java.security.SecureTempFileCreation
    • Use secure temporary file creation
    • java.io.File.createTempFile() has exploitable default file permissions. This recipe migrates to the more secure java.nio.file.Files.createTempFile().
  • org.openrewrite.java.security.UseFilesCreateTempDirectory
    • Use Files#createTempDirectory
    • Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.
  • org.openrewrite.java.security.XmlParserXXEVulnerability
    • XML parser XXE vulnerability
    • Avoid exposing dangerous features of the XML parser by updating certain factory settings.
  • org.openrewrite.java.security.ZipSlip
    • Zip slip
    • Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.
  • org.openrewrite.java.security.marshalling.InsecureJmsDeserialization
    • Insecure JMS deserialization
    • JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload when ObjectMessage#getObject is called. Deserialization of untrusted data can lead to security flaws.
  • org.openrewrite.java.security.marshalling.SecureJacksonDefaultTyping
    • Secure the use of Jackson default typing
    • See the blog post on this subject.
  • org.openrewrite.java.security.marshalling.SecureSnakeYamlConstructor
    • Secure the use of SnakeYAML's constructor
    • See the paper on this subject.
  • org.openrewrite.java.security.search.FindCommandInjection
    • Find OS command injection vectors
    • Finds calls to Runtime.exec(String) which passes the command through a shell interpreter, enabling command injection via metacharacters like ;, |, and &&. Use the String[] overload instead to avoid shell interpretation.
  • org.openrewrite.java.security.search.FindExpressionLanguageInjection
    • Find Expression Language injection vectors
    • Finds calls to Expression Language (EL) evaluation methods which, when the expression is built from user input, can allow arbitrary code execution. Use parameterized expressions or input validation instead.
  • org.openrewrite.java.security.search.FindHardcodedAuthenticationCredentials
    • Find hardcoded authentication credentials
    • Finds hardcoded passwords flowing into Spring Security user builders: InMemoryUserDetailsManagerConfigurer (inMemoryAuthentication().withUser(...).password(...)) and the User.UserBuilder.password(...) API. Uses taint analysis so credentials assigned to a variable, field, or constant before being passed to .password(...) are also detected.
  • org.openrewrite.java.security.search.FindHardcodedIv
    • Find hardcoded initialization vectors
    • Finds IvParameterSpec constructed with hardcoded byte arrays or string literals. A static IV makes CBC and other modes deterministic, enabling chosen-plaintext attacks. IVs should be generated randomly using SecureRandom for each encryption operation.
  • org.openrewrite.java.security.search.FindHttpResponseSplitting
    • Find HTTP response splitting vectors
    • Finds calls to HttpServletResponse.addHeader(), setHeader(), and addCookie() which, when header values are derived from user input without CRLF sanitization, can allow HTTP response splitting attacks. Full taint-based detection requires rewrite-program-analysis; this recipe identifies the sink call sites for manual review.
  • org.openrewrite.java.security.search.FindInadequateKeySize
    • Find inadequate cryptographic key sizes
    • Finds cryptographic key generation with inadequate key sizes. RSA keys should be at least 2048 bits, DSA keys at least 2048 bits, EC keys at least 256 bits, and symmetric keys (AES) at least 128 bits. NIST recommends RSA-2048+ and AES-128+ as minimum for all new applications.
  • org.openrewrite.java.security.search.FindInsecureRememberMeConfig
    • Find insecure Spring Security RememberMe configuration
    • Finds Spring Security RememberMe configurations with insecure settings: useSecureCookie(false) (allows cookie transmission over HTTP), alwaysRemember(true) (bypasses user opt-in), or tokenValiditySeconds(...) set longer than 30 days (extends the window in which a stolen remember-me cookie can be replayed).
  • org.openrewrite.java.security.search.FindInsecureSessionFixationConfig
    • Find Spring Security configurations that disable session fixation protection
    • Finds Spring Security configurations that disable session fixation protection by calling sessionFixation().none(). Without session fixation protection, an attacker who obtains a victim's session identifier before authentication can reuse it to hijack the authenticated session. Spring Security defaults to changeSessionId(); applications should keep that default or use migrateSession().
  • org.openrewrite.java.security.search.FindJacksonDefaultTypeMapping
    • Find Jackson default type mapping enablement
    • ObjectMapper#enableTypeMapping(..) can lead to vulnerable deserialization.
  • org.openrewrite.java.security.search.FindLongSessionTimeout
    • Find long or disabled HTTP session timeout
    • Finds calls to HttpSession.setMaxInactiveInterval(int) whose integer-literal argument exceeds 30 minutes or is zero/negative (which disables session expiration). Long-lived or non-expiring sessions increase the window for session hijacking and replay (CWE-613).
  • org.openrewrite.java.security.search.FindPermissiveCorsConfiguration
    • Find permissive CORS configuration
    • Finds overly permissive CORS configurations that allow all origins, which can expose the application to cross-domain attacks.
  • org.openrewrite.java.security.search.FindPredictableSalt
    • Find predictable cryptographic salts
    • Finds PBEParameterSpec and PBEKeySpec constructed with hardcoded salt byte arrays. A predictable salt undermines the purpose of salting, making rainbow table and precomputation attacks feasible. Salts should be generated randomly using SecureRandom.
  • org.openrewrite.java.security.search.FindProcessControl
    • Find process control vectors
    • Finds calls to System.loadLibrary(), System.load(), and Runtime.load() which, when the library path or name is derived from user input, can allow an attacker to load arbitrary native code. Ensure library names are not externally controlled.
  • org.openrewrite.java.security.search.FindResourceInjection
    • Find resource injection vectors
    • Detects resource injection vulnerabilities where user-controlled input flows to resource access operations — file paths, JNDI lookups, class loading, and native library loading. Uses taint analysis from rewrite-program-analysis for source-to-sink tracking with sanitizer support, plus structural detection as fallback.
  • org.openrewrite.java.security.search.FindRsaWithoutOaep
    • Find RSA encryption without OAEP padding
    • Finds uses of RSA encryption with PKCS#1 v1.5 padding or no padding specification. RSA without OAEP padding is vulnerable to padding oracle attacks. Use RSA/ECB/OAEPWithSHA-256AndMGF1Padding or equivalent OAEP mode instead.
  • org.openrewrite.java.security.search.FindScriptEngineInjection
    • Find script engine code injection vectors
    • Finds calls to ScriptEngine.eval() which can execute arbitrary code if the script string is influenced by user input. Consider sandboxing or removing dynamic script evaluation.
  • org.openrewrite.java.security.search.FindSensitiveApiEndpoints
    • Find sensitive API endpoints
    • Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
  • org.openrewrite.java.security.search.FindSqlInjection
    • Find potential SQL injection
    • Finds SQL query methods where the query string is constructed via string concatenation, which may indicate SQL injection vulnerabilities. Use parameterized queries or prepared statements instead.
  • org.openrewrite.java.security.search.FindUnsafeReflection
    • Find unsafe reflection vectors
    • Finds calls to Class.forName() which, when the class name is derived from user input, can allow an attacker to instantiate arbitrary classes. Review these call sites to ensure the class name is not externally controlled.
  • org.openrewrite.java.security.search.FindUnsignedJwt
    • Find unsigned JWT usage
    • Finds construction or parsing of Nimbus PlainJWT — an unsecured JWT that has no signature or MAC. Unsecured JWTs allow an attacker to forge tokens because their payloads are not integrity-protected. Use a signed (SignedJWT) or encrypted (EncryptedJWT) JWT instead.
  • org.openrewrite.java.security.search.FindUserWithDefaultPasswordEncoder
    • Find User.withDefaultPasswordEncoder() usage
    • Flags any call to User.withDefaultPasswordEncoder() from Spring Security. The factory is documented as for non-production demos only: it stores credentials in memory with a fixed encoder and is unsafe for real workloads.
  • org.openrewrite.java.security.search.FindVulnerableJacksonJsonTypeInfo
    • Find vulnerable uses of Jackson @JsonTypeInfo
    • Identify where attackers can deserialize gadgets into a target field.
  • org.openrewrite.java.security.search.FindWeakCryptoAlgorithm
    • Find weak cryptographic algorithms
    • Finds uses of broken or risky cryptographic algorithms such as MD5, SHA-1, DES, DESede (3DES), RC2, RC4, and Blowfish in calls to Cipher.getInstance(), MessageDigest.getInstance(), Mac.getInstance(), KeyGenerator.getInstance(), and SecretKeyFactory.getInstance().
  • org.openrewrite.java.security.search.FindWeakDigestInPasswordEncoder
    • Find weak message digests used inside custom PasswordEncoder implementations
    • Finds calls to MessageDigest.getInstance("...") whose algorithm is unsuitable for password storage, scoped to classes implementing org.springframework.security.crypto.password.PasswordEncoder. Unsalted and non-iterated digests (MD2, MD4, MD5, SHA-1, SHA-224/256/384/512) are unsuitable for password hashing regardless of how they are wrapped. Delegate to BCryptPasswordEncoder, Argon2PasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder instead of implementing PasswordEncoder yourself.
  • org.openrewrite.java.security.search.FindWeakPasswordEncoderStrength
    • Find weak password encoder strength
    • Finds Spring Security BCryptPasswordEncoder instantiations with a strength (work factor) below 10. The default and OWASP-recommended minimum is 10; lower values make stolen password hashes substantially cheaper to brute-force.
  • org.openrewrite.java.security.search.FindWeakPasswordHashing
    • Find weak password hashing
    • Finds uses of MessageDigest.getInstance() with algorithms unsuitable for password hashing (MD5, SHA-1, SHA-256, SHA-384, SHA-512). Passwords should be hashed with a purpose-built password hashing function such as bcrypt, scrypt, Argon2, or PBKDF2 that includes a salt and a tunable work factor.
  • org.openrewrite.java.security.search.FindWeakSpringPasswordEncoder
    • Find weak Spring Security password encoders
    • Finds uses of Spring Security password encoders that are unsuitable for production password storage: NoOpPasswordEncoder (plaintext), StandardPasswordEncoder (deprecated SHA-256), MessageDigestPasswordEncoder (raw message digest), Md4PasswordEncoder (MD4, broken), and LdapShaPasswordEncoder (deprecated). Use an adaptive function such as BCryptPasswordEncoder, Argon2PasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder instead.
  • org.openrewrite.java.security.search.FindXPathInjection
    • Find XPath injection vectors
    • Finds calls to XPath.evaluate() and XPath.compile() which, when the expression is built from user input, can allow XPath injection attacks. Use parameterized XPath expressions or input validation instead.
  • org.openrewrite.java.security.secrets.FindArtifactorySecrets
    • Find Artifactory secrets
    • Locates Artifactory secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindAwsSecrets
    • Find AWS secrets
    • Locates AWS secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindAzureSecrets
    • Find Azure secrets
    • Locates Azure secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindBasicAuthSecrets
    • Find HTTP Basic authentication secrets
    • Locates HTTP Basic authentication credentials stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindBearerTokenSecrets
    • Find Bearer token secrets
    • Locates HTTP Bearer tokens (RFC 6750) stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindDiscordSecrets
    • Find Discord secrets
    • Locates Discord secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindFacebookSecrets
    • Find Facebook secrets
    • Locates Facebook secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindGenericSecrets
    • Find generic secrets
    • Locates generic secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindGitHubSecrets
    • Find GitHub secrets
    • Locates GitHub secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindGoogleSecrets
    • Find Google secrets
    • Locates Google secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindHerokuSecrets
    • Find Heroku secrets
    • Locates Heroku secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindJwtSecrets
    • Find JWT secrets
    • Locates JWTs stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindMailChimpSecrets
    • Find MailChimp secrets
    • Locates MailChimp secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindMailgunSecrets
    • Find Mailgun secrets
    • Locates Mailgun secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindNpmSecrets
    • Find NPM secrets
    • Locates NPM secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindPasswordInUrlSecrets
    • Find passwords used in URLs
    • Locates URLs that contain passwords in plain text.
  • org.openrewrite.java.security.secrets.FindPayPalSecrets
    • Find PayPal secrets
    • Locates PayPal secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindPgpSecrets
    • Find PGP secrets
    • Locates PGP secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindPicaticSecrets
    • Find Picatic secrets
    • Locates Picatic secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindRsaSecrets
    • Find RSA private keys
    • Locates RSA private keys stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSecrets
    • Find secrets
    • Locates secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSecretsByPattern
    • Find secrets with regular expressions
    • A secret is a literal that matches any one of the provided patterns.
  • org.openrewrite.java.security.secrets.FindSendGridSecrets
    • Find SendGrid secrets
    • Locates SendGrid secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSlackSecrets
    • Find Slack secrets
    • Locates Slack secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSquareSecrets
    • Find Square secrets
    • Locates Square secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSshSecrets
    • Find SSH secrets
    • Locates SSH secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindStripeSecrets
    • Find Stripe secrets
    • Locates Stripe secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindTelegramSecrets
    • Find Telegram secrets
    • Locates Telegram secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindTwilioSecrets
    • Find Twilio secrets
    • Locates Twilio secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindTwitterSecrets
    • Find Twitter secrets
    • Locates Twitter secrets stored in plain text in code.
  • org.openrewrite.java.security.servlet.CookieSetHttpOnly
    • Cookies missing HttpOnly flag
    • Check for use of cookies without the HttpOnly flag. Cookies should be marked as HttpOnly to prevent client-side scripts from accessing them, reducing the risk of cross-site scripting (XSS) attacks.
  • org.openrewrite.java.security.servlet.CookieSetSecure
    • Insecure cookies
    • Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.
  • org.openrewrite.java.security.spring.CsrfProtection
    • Enable CSRF attack prevention
    • Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.
  • org.openrewrite.java.security.spring.InsecureSpringServiceExporter
    • Secure Spring service exporters
    • The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
  • org.openrewrite.java.security.spring.PreventClickjacking
    • Prevent clickjacking
    • The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
  • org.openrewrite.java.security.spring.RemoveEnableWebSecurityDebug
    • Remove debug mode from Spring Security
    • Removes the debug attribute from @EnableWebSecurity annotations to prevent sensitive security information from being logged in production.
  • org.openrewrite.python.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable PyPI dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List<Vulnerability> objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source.
  • org.openrewrite.recipe.rewrite-java-security.InlineDeprecatedMethods
    • Inline deprecated delegating methods
    • Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
  • org.openrewrite.text.FindHardcodedLoopbackAddresses
    • Find hard-coded loopback IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes 127.0.0.0 to 127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used 127.0.0.1.
  • org.openrewrite.text.FindHardcodedPrivateIPAddresses
    • Find hard-coded private IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 It is not detecting the localhost subnet 127.0.0.0 to 127.255.255.255.
  • org.openrewrite.text.RemoveHardcodedIPAddressesFromComments
    • Remove hard-coded IP addresses from comments
    • Removes hard-coded IPv4 addresses from comments when they match private IP ranges or loopback addresses. This targets IP addresses that are commented out in various comment formats: Private IP ranges: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 Loopback IP range: * 127.0.0.0 to 127.255.255.255 Supported comment formats: * C-style line comments (//) * C-style block comments (/* */) * Shell/Python style comments (#) * XML comments (<!-- -->) * YAML comments (#) * Properties file comments (# or !) For line comments, the entire line is removed. For block comments, only the IP address is removed.

rewrite-jenkins

License: Moderne Source Available License

18 recipes

rewrite-joda

License: Moderne Source Available License

12 recipes

rewrite-kubernetes

License: Moderne Proprietary License

46 recipes

rewrite-liberty

License: Apache License Version 2.0

13 recipes

rewrite-logging-frameworks

License: Moderne Source Available License

120 recipes

rewrite-micrometer

License: Moderne Source Available License

7 recipes

rewrite-micronaut

License: Apache License Version 2.0

39 recipes

rewrite-migrate-java

License: Moderne Source Available License

458 recipes

rewrite-migrate-kotlin

License: Moderne Proprietary License

30 recipes

rewrite-migrate-python

License: Moderne Proprietary License

113 recipes

rewrite-netty

License: Apache License Version 2.0

10 recipes

rewrite-nodejs

License: Moderne Proprietary License

45 recipes

rewrite-okhttp

License: Moderne Source Available License

10 recipes

rewrite-openapi

License: Apache License Version 2.0

16 recipes

rewrite-prethink

License: Moderne Source Available License

5 recipes

  • org.openrewrite.prethink.ExportContext
    • Export context files
    • Export DataTables to CSV files in .moderne/context/ along with a markdown description file. The markdown file describes the context and includes schema information for each data table.
  • org.openrewrite.prethink.UpdateAgentConfig
    • Update agent configuration files
    • Update coding agent configuration files (CLAUDE.md, .cursorrules, etc.) to include references to Moderne Prethink context files in .moderne/context/.
  • org.openrewrite.prethink.UpdateGitignore
    • Update .gitignore for Prethink context
    • Updates .gitignore to allow committing the .moderne/context/ directory while ignoring other files in .moderne/. Only modifies .gitignore when context files exist in .moderne/context/. Transforms .moderne/ into .moderne/* with an exception for !.moderne/context/.
  • org.openrewrite.prethink.UpdatePrethinkContext
    • Update Prethink context
    • Generate FINOS CALM architecture diagram and update agent configuration files. This recipe expects CALM-related data tables (ServiceEndpoints, DatabaseConnections, ExternalServiceCalls, MessagingConnections, etc.) to be populated by other recipes in a composite.
  • org.openrewrite.prethink.calm.GenerateCalmArchitecture
    • Generate CALM architecture
    • Generate a FINOS CALM (Common Architecture Language Model) JSON file from discovered service endpoints, database connections, external service calls, and messaging connections.

rewrite-quarkus

License: Apache License Version 2.0

24 recipes

rewrite-reactive-streams

License: Moderne Proprietary License

25 recipes

rewrite-rewrite

License: Moderne Source Available License

41 recipes

rewrite-spring

License: Moderne Source Available License

318 recipes

rewrite-spring-to-quarkus

License: Moderne Source Available License

67 recipes

rewrite-sql

License: Moderne Proprietary License

11 recipes

rewrite-static-analysis

License: Moderne Source Available License

181 recipes

  • org.openrewrite.recipe.rewrite-static-analysis.InlineDeprecatedMethods
    • Inline deprecated delegating methods
    • Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
  • org.openrewrite.staticanalysis.AbstractClassPublicConstructor
    • Constructors of an abstract class should not be declared public
    • Constructors of abstract classes can only be called in constructors of their subclasses. Therefore the visibility of public constructors are reduced to protected. Declaring them public is misleading since it implies they could be invoked directly, which is never possible.
  • org.openrewrite.staticanalysis.AddSerialAnnotationToSerialVersionUID
    • Add @Serial annotation to serialVersionUID
    • Annotate any serialVersionUID fields with @Serial to indicate it's part of the serialization mechanism.
  • org.openrewrite.staticanalysis.AddSerialVersionUidToSerializable
    • Add serialVersionUID to a Serializable class when missing
    • A serialVersionUID field is strongly recommended in all Serializable classes. If this is not defined on a Serializable class, the compiler will generate this value. If a change is later made to the class, the generated value will change and attempts to deserialize the class will fail. Explicitly declaring this field gives you control over binary compatibility across versions.
  • org.openrewrite.staticanalysis.AnnotateNullableMethods
    • Annotate methods which may return null with @Nullable
    • Add @Nullable to non-private methods that may return null. By default org.jspecify.annotations.Nullable is used, but through the nullableAnnotationClass option a custom annotation can be provided. Both @Target(TYPE_USE) and declaration annotations (e.g. javax.annotation.CheckForNull) are supported. Methods that already carry a known nullable annotation (matched by simple name) are skipped to avoid duplication. This recipe scans for methods that do not already have a @Nullable annotation and checks their return statements for potential null values. It also identifies known methods from standard libraries that may return null, such as methods from Map, Queue, Deque, NavigableSet, and Spliterator. The return of streams, or lambdas are not taken into account.
  • org.openrewrite.staticanalysis.AnnotateNullableParameters
    • Annotate null-checked method parameters with @Nullable
    • Add @Nullable to parameters of public methods that are explicitly checked for null. By default org.jspecify.annotations.Nullable is used, but through the nullableAnnotationClass option a custom annotation can be provided. Both @Target(TYPE_USE) and declaration annotations (e.g. javax.annotation.CheckForNull) are supported. Parameters that already carry a known nullable annotation are skipped to avoid duplication. This recipe scans for methods that do not already have parameters annotated with a nullable annotation and checks their usages for potential null checks. Additional null-checking methods can be specified via the additionalNullCheckingMethods option.
  • org.openrewrite.staticanalysis.AnnotateRequiredParameters
    • Annotate required method parameters with @NonNull
    • Add @NonNull to parameters of public methods that are explicitly checked for null and throw an exception if null. By default org.jspecify.annotations.NonNull is used, but through the nonNullAnnotationClass option a custom annotation can be provided. When providing a custom nonNullAnnotationClass that annotation should be meta annotated with @Target(TYPE_USE). This recipe scans for methods that do not already have parameters annotated with @NonNull annotation and checks for null validation patterns that throw exceptions, such as if (param == null) throw new IllegalArgumentException().
  • org.openrewrite.staticanalysis.AtomicPrimitiveEqualsUsesGet
    • Atomic Boolean, Integer, and Long equality checks compare their values
    • AtomicBoolean#equals(Object), AtomicInteger#equals(Object) and AtomicLong#equals(Object) are only equal to their instance. This recipe converts a.equals(b) to a.get() == b.get(). These atomic classes do not override equals from Object, so calling it compares object identity rather than the wrapped value, which is almost never the intended behavior.
  • org.openrewrite.staticanalysis.AvoidBoxedBooleanExpressions
    • Avoid boxed boolean expressions
    • Under certain conditions the java.lang.Boolean type is used as an expression, and it may throw a NullPointerException if the value is null. Using Boolean.TRUE.equals(...) guards against unboxing a null reference in control flow positions like if conditions and ternary operators.
  • org.openrewrite.staticanalysis.BigDecimalDoubleConstructorRecipe
    • new BigDecimal(double) should not be used
    • Use of new BigDecimal(double) constructor can lead to loss of precision. Use BigDecimal.valueOf(double) instead. For example writing new BigDecimal(0.1) does not create a BigDecimal which is exactly equal to 0.1, but it is equal to 0.1000000000000000055511151231257827021181583404541015625. This is because 0.1 cannot be represented exactly as a double (or, for that matter, as a binary fraction of any finite length). BigDecimal.valueOf avoids this by converting through a string representation, preserving the value you actually intended.
  • org.openrewrite.staticanalysis.BigDecimalRoundingConstantsToEnums
    • BigDecimal rounding constants to RoundingMode enums
    • Convert BigDecimal rounding constants to the equivalent RoundingMode enum. The integer-based rounding constants on BigDecimal are deprecated and lack type safety; the RoundingMode enum makes the rounding behavior self-documenting and prevents invalid values.
  • org.openrewrite.staticanalysis.BooleanChecksNotInverted
    • Boolean checks should not be inverted
    • Ensures that boolean checks are not unnecessarily inverted. Also fixes double negative boolean expressions. Negating a comparison and then inverting it adds cognitive overhead; using the direct operator (e.g., >= instead of !(... < ...)) is clearer and easier to reason about.
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes
    • Modernize BufferedWriter creation & prevent file descriptor leaks
    • The code new BufferedWriter(new FileWriter(f)) creates a BufferedWriter that does not close the underlying FileWriter when it is closed. This can lead to file descriptor leaks as per CWE-755. Use Files.newBufferedWriter to create a BufferedWriter that closes the underlying file descriptor when it is closed.
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithFileAndBooleanArgumentsRecipe
    • Convert new BufferedWriter(new FileWriter(File, boolean)) to Files.newBufferedWriter(Path, StandardOpenOption)
    • Convert new BufferedWriter(new FileWriter(f, b)) to Files.newBufferedWriter(f.toPath(), b ? StandardOpenOption.APPEND : StandardOpenOption.CREATE).
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithFileArgumentRecipe
    • Convert new BufferedWriter(new FileWriter(File)) to Files.newBufferedWriter(Path)
    • Convert new BufferedWriter(new FileWriter(f)) to Files.newBufferedWriter(f.toPath()).
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithStringAndBooleanArgumentsRecipe
    • Convert new BufferedWriter(new FileWriter(String, boolean)) to Files.newBufferedWriter(Path, StandardOpenOption)
    • Convert new BufferedWriter(new FileWriter(s, b)) to Files.newBufferedWriter(new java.io.File(s).toPath(), b ? StandardOpenOption.APPEND : StandardOpenOption.CREATE).
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithStringArgumentRecipe
    • Convert new BufferedWriter(new FileWriter(String)) to Files.newBufferedWriter(Path)
    • Convert new BufferedWriter(new FileWriter(s)) to Files.newBufferedWriter(new java.io.File(s).toPath()).
  • org.openrewrite.staticanalysis.CaseInsensitiveComparisonsDoNotChangeCase
    • CaseInsensitive comparisons do not alter case
    • Remove String#toLowerCase() or String#toUpperCase() from String#equalsIgnoreCase(..) comparisons. Changing case before a case-insensitive comparison is redundant and allocates unnecessary intermediate String objects.
  • org.openrewrite.staticanalysis.CatchClauseOnlyRethrows
    • Catch clause should do more than just rethrow
    • A catch clause that only rethrows the caught exception is unnecessary. Letting the exception bubble up as normal achieves the same result with less code. Such catch blocks add visual noise and indentation without changing program behavior.
  • org.openrewrite.staticanalysis.ChainStringBuilderAppendCalls
    • Chain StringBuilder.append() calls
    • String concatenation within calls to StringBuilder.append() causes unnecessary memory allocation. Except for concatenations of String literals, which are joined together at compile time. Replaces inefficient concatenations with chained calls to StringBuilder.append(). Using + inside append() defeats the purpose of the StringBuilder, since the concatenation creates a temporary String before appending.
  • org.openrewrite.staticanalysis.CodeCleanup
    • Code cleanup
    • Automatically cleanup code, e.g. remove unnecessary parentheses, simplify expressions.
  • org.openrewrite.staticanalysis.CollectionToArrayShouldHaveProperType
    • 'Collection.toArray()' should be passed an array of the proper type
    • Using Collection.toArray() without parameters returns an Object[], which requires casting. It is more efficient and clearer to use Collection.toArray(new T[0]) instead. The parameterless form can cause a ClassCastException at runtime when the returned Object[] is cast to a more specific array type.
  • org.openrewrite.staticanalysis.CombineSemanticallyEqualCatchBlocks
    • Combine semantically equal catch blocks
    • Combine catches in a try that contain semantically equivalent blocks. No change will be made when a caught exception exists if combining catches may change application behavior or type attribution is missing. Merging duplicate catch bodies into multi-catch blocks reduces repetition and makes the exception handling strategy easier to follow.
  • org.openrewrite.staticanalysis.CommonDeclarationSiteTypeVariances
    • Properly use declaration-site type variance for well-known types
    • When using a method parameter like Function<IN, OUT>, it should rather be Function<? super IN, ? extends OUT>. This recipe checks for method parameters of well-known types.
  • org.openrewrite.staticanalysis.CommonStaticAnalysis
    • Common static analysis issues
    • Resolve common static analysis issues (also known as SAST issues).
  • org.openrewrite.staticanalysis.CompareEnumsWithEqualityOperator
    • Enum values should be compared with "=="
    • Replaces Enum equals(java.lang.Object) with Enum == java.lang.Object. An !Enum equals(java.lang.Object) will change to !=. Using == for enum comparison is null-safe, catches type mismatches at compile time, and is idiomatic since each enum constant is guaranteed to be a singleton.
  • org.openrewrite.staticanalysis.ControlFlowIndentation
    • Control flow statement indentation
    • Program flow control statements like if, while, and for can omit curly braces when they apply to only a single statement. This recipe ensures that any statements which follow that statement are correctly indented to show they are not part of the flow control statement. Misleading indentation can give the false impression that a line executes conditionally when it actually runs unconditionally, which is a common source of logic errors.
  • org.openrewrite.staticanalysis.CovariantEquals
    • Covariant equals
    • Checks that classes and records which define a covariant equals() method also override method equals(Object). Covariant equals() means a method that is similar to equals(Object), but with a covariant parameter type (any subtype of Object). Without a proper equals(Object) override, collections and other framework code that rely on the standard signature will silently use Object.equals, leading to incorrect behavior.
  • org.openrewrite.staticanalysis.DeclarationSiteTypeVariance
    • Properly use declaration-site type variance
    • Currently, Java requires use-site type variance, so if someone has Function<IN, OUT> method parameter, it should rather be Function<? super IN, ? extends OUT>. Unfortunately, it is not easy to notice that ? super and ? extends is missing, so this recipe adds it where that would improve the situation.
  • org.openrewrite.staticanalysis.DefaultComesLast
    • Default comes last
    • Ensure the default case comes last after all the cases in a switch statement. Placing default at the end follows a widely expected convention, making it easy to find the fallback behavior at a glance.
  • org.openrewrite.staticanalysis.EmptyBlock
    • Remove empty blocks
    • Remove empty blocks that effectively do nothing. Empty blocks are ambiguous -- they may indicate incomplete implementation or accidentally deleted code -- and removing them makes the intent of the surrounding code explicit.
  • org.openrewrite.staticanalysis.EqualsAvoidsNull
    • Equals avoids null
    • Checks that any combination of String literals is on the left side of an equals() comparison. Also checks for String literals assigned to some field (such as someString.equals(anotherString = "text")). And removes redundant null checks in conjunction with equals comparisons. Placing the literal on the left side prevents NullPointerExceptions, since a literal can never be null and its equals method handles null arguments safely.
  • org.openrewrite.staticanalysis.EqualsToContentEquals
    • Use String.contentEquals(CharSequence) instead of String.equals(CharSequence.toString())
    • Use String.contentEquals(CharSequence) instead of String.equals(CharSequence.toString()).
  • org.openrewrite.staticanalysis.ExplicitCharsetOnStringGetBytes
    • Set charset encoding explicitly when calling String#getBytes
    • This makes the behavior of the code platform neutral. It will not override any existing explicit encodings, even if they don't match the default encoding option. Relying on the platform default charset can produce different results across environments, leading to subtle data corruption bugs.
  • org.openrewrite.staticanalysis.ExplicitInitialization
    • Explicit initialization
    • Checks if any class or object member is explicitly initialized to default for its type value: - null for object references - zero for numeric types and char - and false for boolean Removes explicit initializations where they aren't necessary. Since the JVM already guarantees these defaults, restating them adds visual noise and can obscure fields that are intentionally initialized to non-default values.
  • org.openrewrite.staticanalysis.ExplicitLambdaArgumentTypes
    • Use explicit types on lambda arguments
    • Adds explicit types on lambda arguments, which are otherwise optional. This can make the code clearer and easier to read. This does not add explicit types on arguments when the lambda has one or two parameters and does not have a block body, as things are considered more readable in those cases. For example, stream.map((a, b) -> a.length); will not have explicit types added.
  • org.openrewrite.staticanalysis.ExplicitThis
    • Use explicit this.field and this.method()
    • Add explicit 'this.' prefix to field and method access.
  • org.openrewrite.staticanalysis.ExternalizableHasNoArgsConstructor
    • Externalizable classes have no-arguments constructor
    • Externalizable classes handle both serialization and deserialization and must have a no-args constructor for the deserialization process. Without a public no-argument constructor, the JVM cannot instantiate the object during deserialization and will throw an InvalidClassException at runtime.
  • org.openrewrite.staticanalysis.FallThrough
    • Fall through
    • Checks for fall-through in switch statements, adding break statements in locations where a case contains Java code but does not have a break, return, throw, or continue statement. Unintentional fall-through is a common source of bugs, as execution silently continues into the next case branch.
  • org.openrewrite.staticanalysis.FinalClass
    • Finalize classes with private constructors
    • Adds the final modifier to classes that expose no public or package-private constructors. If a class cannot be instantiated from the outside, marking it final communicates that it was not designed for inheritance and prevents accidental subclassing.
  • org.openrewrite.staticanalysis.FinalizeLocalVariables
    • Finalize local variables
    • Adds the final modifier keyword to local variables which are not reassigned.
  • org.openrewrite.staticanalysis.FinalizeMethodArguments
    • Finalize method arguments
    • Adds the final modifier keyword to method parameters.
  • org.openrewrite.staticanalysis.FinalizePrivateFields
    • Finalize private fields
    • Adds the final modifier keyword to private instance variables which are not reassigned.
  • org.openrewrite.staticanalysis.FixStringFormatExpressions
    • Fix String#format and String#formatted expressions
    • Fix String#format and String#formatted expressions by replacing \n newline characters with %n and removing any unused arguments. Note this recipe is scoped to only transform format expressions which do not specify the argument index. Using %n ensures the correct platform-specific line separator, and removing unused arguments eliminates dead code that may mask a mismatch between the format string and its parameters.
  • org.openrewrite.staticanalysis.ForLoopControlVariablePostfixOperators
    • for loop counters should use postfix operators
    • Replace for loop control variables using pre-increment (++i) or pre-decrement (--i) operators with their post-increment (i++) or post-decrement (i++) notation equivalents.
  • org.openrewrite.staticanalysis.ForLoopIncrementInUpdate
    • for loop counters incremented in update
    • The increment should be moved to the loop's increment clause if possible. Placing the counter update in the loop body rather than the update clause obscures the loop's control flow and makes it harder to reason about termination.
  • org.openrewrite.staticanalysis.HiddenField
    • Hidden field
    • Refactor local variables or parameters which shadow a field defined in the same class. Shadowing a field with a local variable of the same name makes it easy to accidentally reference the wrong one, leading to confusing bugs.
  • org.openrewrite.staticanalysis.HideUtilityClassConstructor
    • Hide utility class constructor
    • Ensures utility classes (classes containing only static methods or fields in their API) do not have a public constructor. Instantiating a utility class is almost certainly a mistake, and a private constructor makes that intent clear while preventing misuse.
  • org.openrewrite.staticanalysis.IndexOfChecksShouldUseAStartPosition
    • Use indexOf(String, int)
    • Replaces indexOf(String) in binary operations if the compared value is an int and not less than 1. Using the two-argument indexOf(String, int) form with a start position avoids redundantly scanning the beginning of the string when you already know the match must occur after a certain index.
  • org.openrewrite.staticanalysis.IndexOfReplaceableByContains
    • indexOf() replaceable by contains()
    • Checking if a value is included in a String or List using indexOf(value)>-1 or indexOf(value)>=0 can be replaced with contains(value). Using contains() expresses the intent more directly and avoids the mental overhead of interpreting index comparisons.
  • org.openrewrite.staticanalysis.IndexOfShouldNotCompareGreaterThanZero
    • indexOf should not compare greater than zero
    • Replaces String#indexOf(String) > 0 and List#indexOf(Object) > 0 with >=1. Checking indexOf against >0 ignores the first element, whereas >-1 is inclusive of the first element. For clarity, >=1 is used, because >0 and >=1 are semantically equal. Using >0 may appear to be a mistake with the intent of including all elements. If the intent is to check whether a value in included in a String or List, the String#contains(String) or List#contains(Object) methods may be better options altogether.
  • org.openrewrite.staticanalysis.InlineVariable
    • Inline variable
    • Inline variables when they are immediately used to return or throw. Supports both variable declarations and assignments to local variables. A variable that is declared only to be returned or thrown on the very next line adds an unnecessary level of indirection without improving readability.
  • org.openrewrite.staticanalysis.InstanceOfPatternMatch
    • Changes code to use Java 17's instanceof pattern matching
    • Adds pattern variables to instanceof expressions wherever the same (side effect free) expression is referenced in a corresponding type cast expression within the flow scope of the instanceof. Currently, this recipe supports if statements and ternary operator expressions. Pattern matching for instanceof collapses the type check, cast, and variable declaration into a single expression, reducing boilerplate and eliminating the risk of an incorrect cast.
  • org.openrewrite.staticanalysis.InterruptedExceptionHandling
    • Restore interrupted state in catch blocks
    • When InterruptedException is caught, Thread.currentThread().interrupt() should be called to restore the thread's interrupted state. Failing to do so can suppress the interruption signal and prevent proper thread cancellation.
  • org.openrewrite.staticanalysis.IsEmptyCallOnCollections
    • Use Collection#isEmpty() instead of comparing size()
    • Also check for not isEmpty() when testing for not equal to zero size. Using isEmpty() communicates intent more clearly than comparing size() to zero, and for some collection implementations isEmpty() can be more efficient since size() may require traversal.
  • org.openrewrite.staticanalysis.JavaApiBestPractices
    • Java API best practices
    • Use the Java standard library in a way that is most idiomatic.
  • org.openrewrite.staticanalysis.LambdaBlockToExpression
    • Simplify lambda blocks to expressions
    • Single-line statement lambdas returning a value can be replaced with expression lambdas. Expression-form lambdas are more concise and consistent with a functional programming style, making the code easier to scan.
  • org.openrewrite.staticanalysis.LowercasePackage
    • Rename packages to lowercase
    • By convention all Java package names should contain only lowercase letters, numbers, and dashes. This recipe converts any uppercase letters in package names to be lowercase. Consistent package naming prevents confusion and potential issues on case-insensitive file systems.
  • org.openrewrite.staticanalysis.MaskCreditCardNumbers
    • Mask credit card numbers
    • When encountering string literals which appear to be credit card numbers, mask the last eight digits with the letter 'X'.
  • org.openrewrite.staticanalysis.MemberNameCaseInsensitiveDuplicates
    • Members should not have names differing only by capitalization
    • Looking at the set of methods and fields in a class and all of its parents, no two members should have names that differ only in capitalization. This rule will not report if a method overrides a parent method. Members with near-identical names are easily confused, leading to bugs where the wrong field or method is referenced.
  • org.openrewrite.staticanalysis.MethodNameCasing
    • Standardize method name casing
    • Fixes method names that do not follow standard naming conventions. For example, String getFoo_bar() would be adjusted to String getFooBar() and int DoSomething() would be adjusted to int doSomething(). Following a consistent casing convention for method names improves code readability and helps developers quickly distinguish methods from classes or constants.
  • org.openrewrite.staticanalysis.MinimumSwitchCases
    • switch statements should have at least 3 case clauses
    • switch statements are useful when many code paths branch depending on the value of a single expression. For just one or two code paths, the code will be more readable with if statements. Using switch for trivial branching adds unnecessary syntactic overhead and obscures the simplicity of the logic.
  • org.openrewrite.staticanalysis.MissingOverrideAnnotation
    • Add missing @Override to overriding and implementing methods
    • Adds @Override to methods overriding superclass methods or implementing interface methods. Annotating methods improves readability by showing the author's intent to override. Additionally, when annotated, the compiler will emit an error when a signature of the overridden method does not match the superclass method.
  • org.openrewrite.staticanalysis.ModifierOrder
    • Modifier order
    • Modifiers should be declared in the correct order as recommended by the JLS. Ordering modifiers consistently reduces cognitive load for developers who are accustomed to the standard sequence.
  • org.openrewrite.staticanalysis.MoveConditionsToWhile
    • Convert while (true) with initial if break to loop condition
    • Simplifies while (true) loops where the first statement is an if statement that only contains a break. The condition is inverted and moved to the loop condition for better readability.
  • org.openrewrite.staticanalysis.MultipleVariableDeclarations
    • No multiple variable declarations
    • Places each variable declaration in its own statement and on its own line. Using one variable declaration per line encourages commenting and can increase readability. Multi-variable declarations also make it harder to track individual types and initializers, increasing the risk of subtle errors.
  • org.openrewrite.staticanalysis.NeedBraces
    • Fix missing braces
    • Adds missing braces around code such as single-line if, for, while, and do-while block bodies. Omitting braces can lead to dangling-statement bugs when additional lines are later added to a block without realizing they fall outside the control structure.
  • org.openrewrite.staticanalysis.NestedEnumsAreNotStatic
    • Nested enums are not static
    • Remove static modifier from nested enum types since they are implicitly static. The redundant modifier adds visual noise and may mislead readers into thinking there is a non-static alternative.
  • org.openrewrite.staticanalysis.NewStringBuilderBufferWithCharArgument
    • Change StringBuilder and StringBuffer character constructor argument to String
    • Instantiating a StringBuilder or a StringBuffer with a Character results in the int representation of the character being used for the initial size. This is almost never the developer's intent and silently produces a buffer with an arbitrary capacity instead of the expected initial content.
  • org.openrewrite.staticanalysis.NoDoubleBraceInitialization
    • No double brace initialization
    • Replace List, Map, and Set double brace initialization with an initialization block. Double brace initialization creates an anonymous inner class that holds a hidden reference to the enclosing instance, which can cause memory leaks and serialization issues.
  • org.openrewrite.staticanalysis.NoEmptyCollectionWithRawType
    • Use Collections#emptyList(), emptyMap(), and emptySet()
    • Replaces Collections#EMPTY_... with methods that return generic types. The raw-typed constant fields bypass generics checks, which can hide type mismatches that only surface as ClassCastException at runtime.
  • org.openrewrite.staticanalysis.NoEqualityInForCondition
    • Use comparison rather than equality checks in for conditions
    • Testing for loop termination using an equality operator (== and !=) is dangerous, because it could set up an infinite loop. Using a relational operator instead makes it harder to accidentally write an infinite loop.
  • org.openrewrite.staticanalysis.NoFinalizedLocalVariables
    • Don't use final on local variables
    • Remove the final modifier keyword from local variables regardless of whether they are used within a local class or an anonymous class.
  • org.openrewrite.staticanalysis.NoFinalizer
    • Remove finalize() method
    • Finalizers are deprecated. Use of finalize() can lead to performance issues, deadlocks, hangs, and other undesirable behavior.
  • org.openrewrite.staticanalysis.NoPrimitiveWrappersForToStringOrCompareTo
    • No primitive wrappers for #toString() or #compareTo(..)
    • Primitive wrappers should not be instantiated only for #toString() or #compareTo(..) invocations. Allocating a wrapper object just to call a method that has a static equivalent is wasteful; the static versions avoid the unnecessary object creation.
  • org.openrewrite.staticanalysis.NoRedundantJumpStatements
    • Jump statements should not be redundant
    • Jump statements such as return and continue let you change the default flow of program execution, but jump statements that direct the control flow to the original direction are just a waste of keystrokes.
  • org.openrewrite.staticanalysis.NoToStringOnStringType
    • Unnecessary String#toString
    • Remove unnecessary String#toString invocations on objects which are already a string. Calling toString() on something that is already a String is redundant and clutters the code.
  • org.openrewrite.staticanalysis.NoValueOfOnStringType
    • Unnecessary String#valueOf(..)
    • Replace unnecessary String#valueOf(..) method invocations with the argument directly. This occurs when the argument to String#valueOf(arg) is a string literal, such as String.valueOf("example"). Or, when the String#valueOf(..) invocation is used in a concatenation, such as "example" + String.valueOf("example"). The wrapping call is redundant since Java already performs the conversion implicitly in these contexts.
  • org.openrewrite.staticanalysis.NullableOnMethodReturnType
    • Move @Nullable method annotations to the return type
    • This is the way the cool kids do it.
  • org.openrewrite.staticanalysis.ObjectFinalizeCallsSuper
    • finalize() calls super
    • Overrides of Object#finalize() should call super. Skipping the super call can prevent parent classes from releasing critical system resources during garbage collection.
  • org.openrewrite.staticanalysis.OnlyCatchDeclaredExceptions
    • Replace catch(Exception) with specific declared exceptions thrown in the try block
    • Replaces catch(Exception e) blocks with a multi-catch block (catch (SpecificException1 | SpecificException2 e)) containing only the exceptions declared thrown by method or constructor invocations within the try block that are not already caught by more specific catch clauses. Catching a broad Exception type can unintentionally swallow runtime exceptions that indicate programming errors, making bugs harder to detect and diagnose.
  • org.openrewrite.staticanalysis.OperatorWrap
    • Operator wrapping
    • Fixes line wrapping policies on operators.
  • org.openrewrite.staticanalysis.PreferEqualityComparisonOverDifferenceCheck
    • Prefer direct comparison of numbers
    • Replace a - b == 0 with a == b, a - b != 0 with a != b, a - b < 0 with a < b, and similar transformations for all comparison operators to improve readability and avoid overflow issues.
  • org.openrewrite.staticanalysis.PreferIncrementOperator
    • Prefer increment/decrement and compound assignment operators
    • Prefer the use of increment and decrement operators (++, --, +=, -=) over their more verbose equivalents.
  • org.openrewrite.staticanalysis.PreferSystemGetPropertyOverGetenv
    • Prefer System.getProperty("user.home") over System.getenv("HOME")
    • Replaces System.getenv("HOME") with System.getProperty("user.home") for better portability.
  • org.openrewrite.staticanalysis.PrimitiveWrapperClassConstructorToValueOf
    • Use primitive wrapper valueOf method
    • The constructor of all primitive types has been deprecated in favor of using the static factory method valueOf available for each of the primitive type wrappers. Using valueOf enables object caching for frequently used values, reducing unnecessary heap allocations. Note that this changes identity semantics: valueOf may return cached instances (such as Boolean.TRUE or Integer values in [-128, 127]), so code that compares boxed values with ==/!=, relies on System.identityHashCode, or synchronizes on the boxed value may behave differently after this change.
  • org.openrewrite.staticanalysis.RedundantFileCreation
    • Redundant file creation
    • Remove unnecessary intermediate creations of files.
  • org.openrewrite.staticanalysis.ReferentialEqualityToObjectEquals
    • Replace referential equality operators with Object equals method invocations when the operands both override Object.equals(Object obj)
    • Using == or != compares object references, not the equality of two objects. This modifies code where both sides of a binary operation (== or !=) override Object.equals(Object obj) except when the comparison is within an overridden Object.equals(Object obj) method declaration itself. The resulting transformation must be carefully reviewed since any modifications change the program's semantics. When a class defines its own notion of equality through equals, using reference comparison is almost always a bug that causes logically identical objects to be treated as different.
  • org.openrewrite.staticanalysis.RemoveCallsToObjectFinalize
    • Remove Object.finalize() invocations
    • Remove calls to Object.finalize(). This method is called during garbage collection and calling it manually is misleading. Explicit finalize invocations can trigger resource cleanup prematurely while the object is still in use, leading to unpredictable behavior.
  • org.openrewrite.staticanalysis.RemoveCallsToSystemGc
    • Remove garbage collection invocations
    • Removes calls to System.gc() and Runtime.gc(). When to invoke garbage collection is best left to the JVM. Manual GC calls produce unpredictable results across different JVM implementations and can cause unnecessary application pauses.
  • org.openrewrite.staticanalysis.RemoveEmptyJavaDocParameters
    • Remove JavaDoc @param, @return, and @throws with no description
    • Removes @param, @return, and @throws with no description from JavaDocs.
  • org.openrewrite.staticanalysis.RemoveExtraSemicolons
    • Remove extra semicolons
    • Removes not needed semicolons. Semicolons are considered not needed: * Optional semicolons at the end of try-with-resources, * after the last enum value if no field or method is defined, * no statement between two semicolon. Stray semicolons are typically typos or remnants of refactoring and can mislead readers into thinking a statement is present.
  • org.openrewrite.staticanalysis.RemoveHashCodeCallsFromArrayInstances
    • hashCode() should not be called on array instances
    • Replace hashCode() calls on arrays with Arrays.hashCode() because the results from hashCode() are not helpful. Arrays inherit hashCode() from Object, which returns an identity-based value unrelated to the array contents, so two arrays with identical elements will produce different hash codes.
  • org.openrewrite.staticanalysis.RemoveInstanceOfPatternMatch
    • Removes from code Java 14's instanceof pattern matching
    • Adds an explicit variable declaration at the beginning of if statement instead of instanceof pattern matching.
  • org.openrewrite.staticanalysis.RemoveJavaDocAuthorTag
    • Remove author tags from JavaDocs
    • Removes author tags from JavaDocs to reduce code maintenance.
  • org.openrewrite.staticanalysis.RemoveMethodsOnlyCallSuper
    • Remove methods that only call super
    • Methods that override a parent method but only call super with the same arguments are redundant and should be removed.
  • org.openrewrite.staticanalysis.RemoveRedundantNullCheckBeforeInstanceof
    • Remove redundant null checks before instanceof
    • Removes redundant null checks before instanceof operations since instanceof returns false for null. Removing the extra check simplifies the conditional and makes the null-safety guarantee of instanceof more visible to readers.
  • org.openrewrite.staticanalysis.RemoveRedundantNullCheckBeforeLiteralEquals
    • Remove redundant null checks before literal equals
    • Removes redundant null checks before equals() comparisons when the receiver is a literal string, since literals can never be null and equals() returns false for null arguments.
  • org.openrewrite.staticanalysis.RemoveRedundantTypeCast
    • Remove redundant casts
    • Removes unnecessary type casts. Does not currently check casts in lambdas and class constructors. Redundant casts add visual noise and can obscure the actual type relationships in the code, making it harder to follow the data flow.
  • org.openrewrite.staticanalysis.RemoveSystemOutPrintln
    • Remove System.out#println statements
    • Print statements are often left accidentally after debugging an issue. This recipe removes all System.out#println and System.err#println statements from the code. Production code should use a proper logging framework which provides consistent formatting, configurable log levels, and centralized output control.
  • org.openrewrite.staticanalysis.RemoveToStringCallsFromArrayInstances
    • Remove toString() calls on arrays
    • The result from toString() calls on arrays is largely useless. The output does not actually reflect the contents of the array. Arrays.toString(array) should be used instead as it gives the contents of the array. Since arrays do not override toString() from Object, calling it produces only the type name and memory address, which is rarely what was intended.
  • org.openrewrite.staticanalysis.RemoveUnneededAssertion
    • Remove unneeded assertions
    • Remove unneeded assertions like assert true, assertTrue(true), or assertFalse(false).
  • org.openrewrite.staticanalysis.RemoveUnneededBlock
    • Remove unneeded block
    • Flatten blocks into inline statements when possible. Unnecessary nested blocks add indentation and scope boundaries that obscure the control flow, often indicating code that should be extracted into its own method.
  • org.openrewrite.staticanalysis.RemoveUnusedLabels
    • Remove unused labels
    • Remove labels that are not referenced by any break or continue statement.
  • org.openrewrite.staticanalysis.RemoveUnusedLocalVariables
    • Remove unused local variables
    • If a local variable is declared but not used, it is dead code and should be removed. Unused variables increase cognitive load for readers who must determine whether the variable matters, and they may signal incomplete implementations or missed refactoring.
  • org.openrewrite.staticanalysis.RemoveUnusedPrivateFields
    • Remove unused private fields
    • If a private field is declared but not used in the program, it can be considered dead code and should therefore be removed. Dead fields clutter the class, increase its memory footprint, and can mislead developers into thinking they are part of the class's behavior.
  • org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods
    • Remove unused private methods
    • private methods that are never executed are dead code and should be removed. Keeping unreachable methods around adds maintenance burden and can give a false impression of the class's capabilities.
  • org.openrewrite.staticanalysis.RenameExceptionInEmptyCatch
    • Rename caught exceptions in empty catch blocks to ignored
    • Renames caught exceptions in empty catch blocks to ignored. ignored will be incremented by 1 if a namespace conflict exists.
  • org.openrewrite.staticanalysis.RenameLocalVariablesToCamelCase
    • Reformat local variable names to camelCase
    • Reformat local variable and method parameter names to camelCase to comply with Java naming convention. The recipe will not rename variables declared in for loop controls or catches with a single character. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed (unless the name starts with one). If a special character is removed the next valid alphanumeric will be capitalized. Currently, does not support renaming members of classes. The recipe will not rename a variable if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank. Consistent naming conventions improve readability and reduce friction when navigating unfamiliar code.
  • org.openrewrite.staticanalysis.RenameMethodsNamedHashcodeEqualOrToString
    • Rename methods named hashcode, equal, or tostring
    • Methods should not be named hashcode, equal, or tostring. Any of these are confusing as they appear to be intended as overridden methods from the Object base class, despite being case-insensitive. These near-miss names are almost certainly spelling mistakes that silently introduce a new method instead of overriding the intended one.
  • org.openrewrite.staticanalysis.RenamePrivateFieldsToCamelCase
    • Reformat private field names to camelCase
    • Reformat private field names to camelCase to comply with Java naming convention. The recipe will not rename fields with default, protected or public access modifiers. The recipe will not rename private constants. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed. If a special character is removed the next valid alphanumeric will be capitalized. The recipe will not rename a field if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank. Consistent naming conventions improve code readability and help developers quickly understand the purpose and scope of fields.
  • org.openrewrite.staticanalysis.ReorderAnnotationAttributes
    • Reorder annotation attributes alphabetically
    • Reorder annotation attributes to be alphabetical. Positional arguments (those without explicit attribute names) are left in their original position.
  • org.openrewrite.staticanalysis.ReorderAnnotations
    • Reorder annotations alphabetically
    • Consistently order annotations by comparing their simple name.
  • org.openrewrite.staticanalysis.ReplaceApacheCommonsLang3ValidateNotNullWithObjectsRequireNonNull
    • Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
    • Replace org.apache.commons.lang3.Validate.notNull(..) with Objects.requireNonNull(..).
  • org.openrewrite.staticanalysis.ReplaceClassIsInstanceWithInstanceof
    • Replace A.class.isInstance(a) with a instanceof A
    • There should be no A.class.isInstance(a), it should be replaced by a instanceof A. Using instanceof enables the compiler to catch type incompatibilities at compile time rather than silently passing at runtime, which helps detect dead code early.
  • org.openrewrite.staticanalysis.ReplaceCollectionToArrayArgWithEmptyArray
    • Use Empty Array for Collection.toArray()
    • Changes new array creation with Collection#toArray(T[]) to use an empty array argument, which is better for performance. According to the Collection#toArray(T[]) documentation: > If the collection fits in the specified array, it is returned therein. However, although it's not intuitive, allocating a right-sized array ahead of time to pass to the API appears to be generally worse for performance according to benchmarking and JVM developers due to a number of implementation details in both Java and the virtual machine. H2 achieved significant performance gains by switching to empty arrays instead pre-sized ones.
  • org.openrewrite.staticanalysis.ReplaceDeprecatedRuntimeExecMethods
    • Replace deprecated Runtime#exec() methods
    • Replace Runtime#exec(String) methods to use exec(String[]) instead because the former is deprecated after Java 18 and is no longer recommended for use by the Java documentation.
  • org.openrewrite.staticanalysis.ReplaceDuplicateStringLiterals
    • Replace duplicate String literals
    • Replaces String literals with a length of 5 or greater repeated a minimum of 3 times. Qualified String literals include final Strings, method invocations, and new class invocations. Adds a new private static final String or uses an existing equivalent class field. A new variable name will be generated based on the literal value if an existing field does not exist. The generated name will append a numeric value to the variable name if a name already exists in the compilation unit. Centralizing repeated string values into constants makes refactoring safer and reduces the risk of inconsistent updates.
  • org.openrewrite.staticanalysis.ReplaceLambdaWithMethodReference
    • Use method references in lambda
    • Replaces the single statement lambdas o -> o instanceOf X, o -> (A) o, o -> System.out.println(o), o -> o != null, o -> o == null with the equivalent method reference. Method references are often more concise and readable than their lambda equivalents, making the code's intent clearer at a glance.
  • org.openrewrite.staticanalysis.ReplaceOptionalIsPresentWithIfPresent
    • Replace Optional#isPresent() with Optional#ifPresent()
    • Replace Optional#isPresent() with Optional#ifPresent(). Please note that this recipe is only suitable for if-blocks that lack an Else-block and have a single condition applied.
  • org.openrewrite.staticanalysis.ReplaceRedundantFormatWithPrintf
    • Replace redundant String format invocations that are wrapped with PrintStream operations
    • Replaces PrintStream.print(String.format(format, ...args)) with PrintStream.printf(format, ...args) (and for println, appends a newline to the format string).
  • org.openrewrite.staticanalysis.ReplaceStackWithDeque
    • Replace java.util.Stack with java.util.Deque
    • From the Javadoc of Stack: > A more complete and consistent set of LIFO stack operations is provided by the Deque interface and its implementations, which should be used in preference to this class. Stack inherits from Vector, which carries unnecessary synchronization overhead in single-threaded contexts and exposes non-stack operations like random index access.
  • org.openrewrite.staticanalysis.ReplaceStringBuilderWithString
    • Replace StringBuilder#append with String
    • Replace StringBuilder.append() with String if you are only concatenating a small number of strings and the code is simple and easy to read, as the compiler can optimize simple string concatenation expressions into a single String object, which can be more efficient than using StringBuilder.
  • org.openrewrite.staticanalysis.ReplaceStringConcatenationWithStringValueOf
    • Replace String concatenation with String.valueOf()
    • Replace inefficient string concatenation patterns like "" + ... with String.valueOf(...). This improves code readability and may have minor performance benefits. The empty string prefix "" + is an indirect way to convert a value to a String, while String.valueOf() clearly communicates the conversion intent.
  • org.openrewrite.staticanalysis.ReplaceTextBlockWithString
    • Replace text block with regular string
    • Replace text block with a regular multi-line string. Text blocks that fit on a single line without concatenation or escaped newlines gain no readability benefit from the triple-quote syntax and are clearer as plain string literals.
  • org.openrewrite.staticanalysis.ReplaceThreadRunWithThreadStart
    • Replace calls to Thread.run() with Thread.start()
    • Thread.run() should not be called directly.
  • org.openrewrite.staticanalysis.ReplaceValidateNotNullHavingSingleArgWithObjectsRequireNonNull
    • Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
    • Replace org.apache.commons.lang3.Validate.notNull(Object) with Objects.requireNonNull(Object).
  • org.openrewrite.staticanalysis.ReplaceValidateNotNullHavingVarargsWithObjectsRequireNonNull
    • Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
    • Replace org.apache.commons.lang3.Validate.notNull(Object, String, Object[]) with Objects.requireNonNull(Object, String).
  • org.openrewrite.staticanalysis.ReplaceWeekYearWithYear
    • Week Year (YYYY) should not be used for date formatting
    • For most dates Week Year (YYYY) and Year (yyyy) yield the same results. However, on the last week of December and the first week of January, Week Year could produce unexpected results. This is a common source of off-by-one-year bugs that typically only manifest around New Year's Eve, making them difficult to catch during development and testing.
  • org.openrewrite.staticanalysis.SillyEqualsCheck
    • Silly equality checks should not be made
    • Detects .equals() calls that compare incompatible types and will always return false. Replaces .equals(null) with == null and array .equals() with Arrays.equals(). Flags comparisons between unrelated types or between arrays and non-arrays.
  • org.openrewrite.staticanalysis.SimplifyArraysAsList
    • Simplify Arrays.asList(..) with varargs
    • Simplifies Arrays.asList() method calls that use explicit array creation to use varargs instead. For example, Arrays.asList(new String[]\{"a", "b", "c"\}) becomes Arrays.asList("a", "b", "c"). Explicitly constructing an array to pass to a varargs parameter adds visual clutter without changing behavior, since the compiler generates the array automatically.
  • org.openrewrite.staticanalysis.SimplifyBooleanExpression
    • Simplify boolean expression
    • Checks for overly complicated boolean expressions, such as if (b == true), b || true, !false, etc. Needlessly complex boolean logic makes code harder to reason about and increases the chance of introducing errors during future modifications.
  • org.openrewrite.staticanalysis.SimplifyBooleanExpressionWithDeMorgan
    • Simplify boolean expressions using De Morgan's laws
    • Applies De Morgan's laws to simplify boolean expressions with negation. Transforms !(a && b) to !a || !b and !(a || b) to !a && !b. Distributing negations inward eliminates the outer ! and makes each individual condition's polarity immediately visible, which aids comprehension.
  • org.openrewrite.staticanalysis.SimplifyBooleanReturn
    • Simplify boolean return
    • Simplifies Boolean expressions by removing redundancies. For example, a && true simplifies to a. Wrapping a boolean expression in an if-then-else just to return true or false adds unnecessary control flow that obscures the straightforward intent of the expression.
  • org.openrewrite.staticanalysis.SimplifyCompoundStatement
    • Simplify compound statement
    • Fixes or removes useless compound statements. For example, removing b &= true, and replacing b &= false with b = false.
  • org.openrewrite.staticanalysis.SimplifyConsecutiveAssignments
    • Simplify consecutive assignments
    • Combine consecutive assignments into a single statement where possible.
  • org.openrewrite.staticanalysis.SimplifyConstantIfBranchExecution
    • Simplify constant if branch execution
    • Checks for if expressions that are always true or false and simplifies them. Branches that can never execute are dead code that misleads readers and may mask logic errors introduced during refactoring.
  • org.openrewrite.staticanalysis.SimplifyDurationCreationUnits
    • Simplify java.time.Duration units
    • Simplifies java.time.Duration units to be more human-readable.
  • org.openrewrite.staticanalysis.SimplifyElseBranch
    • Simplify else branch if it only has a single if
    • Simplify else branch if it only has a single if.
  • org.openrewrite.staticanalysis.SimplifyForLoopBoundaryComparison
    • Simplify for loop boundary comparisons
    • Replace <= with < in for loop conditions by adjusting the comparison operands. For example, i <= n - 1 simplifies to i < n, and i <= n becomes i < n + 1.
  • org.openrewrite.staticanalysis.SimplifyTernaryRecipes
    • Simplify ternary expressions
    • Simplifies various types of ternary expressions to improve code readability. Ternaries that simply select between true and false are redundant wrappers around the condition itself and add unnecessary complexity.
  • org.openrewrite.staticanalysis.SimplifyTernaryRecipes$SimplifyTernaryFalseTrueRecipe
    • Replace booleanExpression ? false : true with !booleanExpression
    • Replace ternary expressions like booleanExpression ? false : true with !booleanExpression.
  • org.openrewrite.staticanalysis.SimplifyTernaryRecipes$SimplifyTernaryTrueFalseRecipe
    • Replace booleanExpression ? true : false with booleanExpression
    • Replace ternary expressions like booleanExpression ? true : false with booleanExpression.
  • org.openrewrite.staticanalysis.SingleLineCommentSpacing
    • Add space after // in single-line comments
    • Ensures there is exactly one space after // in single-line comments when missing.
  • org.openrewrite.staticanalysis.SortedSetStreamToLinkedHashSet
    • Sorted set stream should be collected to LinkedHashSet
    • Converts set.stream().sorted().collect(Collectors.toSet()) to set.stream().sorted().collect(LinkedHashSet::new).
  • org.openrewrite.staticanalysis.StaticAccessViaInstance
    • Static members should be accessed via the class name
    • Accessing static fields or calling static methods on an instance reference is misleading. Static members should be accessed using the declaring class name instead.
  • org.openrewrite.staticanalysis.StaticMethodNotFinal
    • Static methods need not be final
    • Static methods do not need to be declared final because they cannot be overridden. Redundant modifiers add noise to the code and can suggest a misunderstanding of the language's dispatch model.
  • org.openrewrite.staticanalysis.StringLiteralEquality
    • Use String.equals() on String literals
    • String.equals() should be used when checking value equality on String literals. Using == or != compares object references, not the actual value of the Strings. This only modifies code where at least one side of the binary operation (== or !=) is a String literal, such as "someString" == someVariable;. This is to prevent inadvertently changing code where referential equality is the user's intent. Reference equality on strings is fragile because it depends on JVM string interning behavior, which can vary across runtimes and is not guaranteed for dynamically constructed strings.
  • org.openrewrite.staticanalysis.TernaryOperatorsShouldNotBeNested
    • Ternary operators should not be nested
    • Nested ternary operators can be hard to read quickly. Prefer simpler constructs for improved readability. If supported, this recipe will try to replace nested ternaries with switch expressions. Deeply nested conditional expressions obscure the branching logic and make it easy to misread which value corresponds to which condition.
  • org.openrewrite.staticanalysis.TypecastParenPad
    • Typecast parenthesis padding
    • Fixes whitespace padding between a typecast type identifier and the enclosing left and right parentheses. For example, when configured to remove spacing, ( int ) 0L; becomes (int) 0L;.
  • org.openrewrite.staticanalysis.URLEqualsHashCodeRecipes
    • URL Equals and Hash Code
    • Uses of equals() and hashCode() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • org.openrewrite.staticanalysis.URLEqualsHashCodeRecipes$URLEqualsRecipe
    • URL Equals
    • Uses of equals() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • org.openrewrite.staticanalysis.URLEqualsHashCodeRecipes$URLHashCodeRecipe
    • URL Hash Code
    • Uses of hashCode() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • org.openrewrite.staticanalysis.UnnecessaryCatch
    • Remove catch for a checked exception if the try block does not throw that exception
    • A refactoring operation may result in a checked exception that is no longer thrown from a try block. This recipe will find and remove unnecessary catch blocks.
  • org.openrewrite.staticanalysis.UnnecessaryCloseInTryWithResources
    • Unnecessary close in try-with-resources
    • Remove unnecessary AutoCloseable#close() statements in try-with-resources. Try-with-resources already guarantees that each declared resource is closed when the block exits, so an explicit close() call is redundant and can be confusing.
  • org.openrewrite.staticanalysis.UnnecessaryExplicitTypeArguments
    • Unnecessary explicit type arguments
    • When explicit type arguments are inferable by the compiler, they may be removed.
  • org.openrewrite.staticanalysis.UnnecessaryParentheses
    • Remove unnecessary parentheses
    • Removes unnecessary parentheses from code where extra parentheses pairs are redundant. Redundant parentheses add visual noise and can obscure the actual structure of an expression, making code harder to read at a glance.
  • org.openrewrite.staticanalysis.UnnecessaryPrimitiveAnnotations
    • Remove @Nullable and @CheckForNull annotations from primitives
    • Primitives can't be null anyway, so these annotations are not useful in this context. Leaving them in place gives the false impression that a null value is possible, which can confuse readers and static analysis tools alike.
  • org.openrewrite.staticanalysis.UnnecessaryReturnAsLastStatement
    • Unnecessary return as last statement in void method
    • Removes return from a void method if it's the last statement. A trailing return in a void method has no effect on control flow and is just noise that distracts from the meaningful logic.
  • org.openrewrite.staticanalysis.UnnecessaryThrows
    • Unnecessary throws
    • Remove unnecessary throws declarations. This recipe will only remove unused, checked exceptions if: - The declaring class or the method declaration is final. - The method declaration is static or private. - The method overrides a method declaration in a super class and the super class does not throw the exception. - The method is public or protected and the exception is not documented via a JavaDoc as a @throws tag. Declaring exceptions that are never thrown misleads callers into writing unnecessary error-handling code and obscures the method's true behavior.
  • org.openrewrite.staticanalysis.UnwrapElseAfterReturn
    • Unwrap else block after return or throw statement
    • Unwraps the else block when the if block ends with a return or throw statement, reducing nesting and improving code readability.
  • org.openrewrite.staticanalysis.UnwrapRepeatableAnnotations
    • Unwrap @Repeatable annotations
    • Java 8 introduced the concept of @Repeatable annotations, making the wrapper annotation unnecessary. Using the repeatable form directly reduces nesting and makes the individual annotations easier to scan.
  • org.openrewrite.staticanalysis.UpperCaseLiteralSuffixes
    • Upper case literal suffixes
    • Using upper case literal suffixes for declaring literals is less ambiguous, e.g., 1l versus 1L. A lowercase l is easily mistaken for the digit 1 in many fonts, which can lead to incorrect assumptions about the value.
  • org.openrewrite.staticanalysis.UseAsBuilder
    • Chain calls to builder methods
    • Chain calls to builder methods that are on separate lines into one chain of builder calls.
  • org.openrewrite.staticanalysis.UseCollectionInterfaces
    • Use Collection interfaces
    • Use Deque, List, Map, ConcurrentMap, Queue, and Set instead of implemented collections. Replaces the return type of public method declarations and the variable type public variable declarations. Programming to an interface rather than a concrete collection type decouples callers from a specific implementation, making it easier to swap data structures later without breaking dependent code.
  • org.openrewrite.staticanalysis.UseDiamondOperator
    • Use the diamond operator
    • The diamond operator (<>) should be used. Java 7 introduced the diamond operator to reduce the verbosity of generics code. For instance, instead of having to declare a List's type in both its declaration and its constructor, you can now simplify the constructor declaration with <>, and the compiler will infer the type. Repeating type arguments that the compiler can already deduce is unnecessary boilerplate that clutters the code.
  • org.openrewrite.staticanalysis.UseForEachRemoveInsteadOfSetRemoveAll
    • Replace java.util.Set#removeAll(java.util.Collection) with java.util.Collection#forEach(Set::remove)
    • Using java.util.Collection#forEach(Set::remove) rather than java.util.Set#removeAll(java.util.Collection) may improve performance due to a possible O(n^2) complexity.
  • org.openrewrite.staticanalysis.UseJavaStyleArrayDeclarations
    • No C-style array declarations
    • Change C-Style array declarations int i[]; to int[] i;. Keeping the brackets with the type groups all type information in one place, so readers do not have to inspect both the type and the variable name to determine whether something is an array.
  • org.openrewrite.staticanalysis.UseLambdaForFunctionalInterface
    • Use lambda expressions instead of anonymous classes
    • Instead of anonymous class declarations, use a lambda where possible. Using lambdas to replace anonymous classes can lead to more expressive and maintainable code, improve code readability, reduce code duplication, and achieve better performance in some cases.
  • org.openrewrite.staticanalysis.UseListSort
    • Replace invocations of Collections#sort(List, Comparator) with List#sort(Comparator)
    • The java.util.Collections#sort(..) implementation defers to the java.util.List#sort(Comparator), replaced it with the java.util.List#sort(Comparator) implementation for better readability.
  • org.openrewrite.staticanalysis.UseMapContainsKey
    • Use Map#containsKey
    • map.keySet().contains(a) can be simplified to map.containsKey(a).
  • org.openrewrite.staticanalysis.UseObjectNotifyAll
    • Replaces Object.notify() with Object.notifyAll()
    • Object.notifyAll() and Object.notify() both wake up sleeping threads, but Object.notify() only rouses one while Object.notifyAll() rouses all of them. Since Object.notify() might not wake up the right thread, Object.notifyAll() should be used instead. See this for more information. Using notify() in a multi-waiter scenario risks leaving threads permanently stalled when the wrong one is awakened.
  • org.openrewrite.staticanalysis.UsePortableNewlines
    • Use %n instead of \n in format strings
    • Format strings should use %n rather than \n to produce platform-specific line separators. Hard-coded \n characters produce incorrect line endings on Windows, whereas %n adapts to the runtime platform automatically.
  • org.openrewrite.staticanalysis.UseStandardCharset
    • Use StandardCharset constants
    • Replaces Charset.forName(java.lang.String) with the equivalent StandardCharset constant. Using the predefined constants is both compile-time safe and avoids the need to handle UnsupportedEncodingException for charsets that are guaranteed to exist on every JVM.
  • org.openrewrite.staticanalysis.UseStringReplace
    • Use String::replace() when first parameter is not a real regular expression
    • When String::replaceAll is used, the first argument should be a real regular expression. If it’s not the case, String::replace does exactly the same thing as String::replaceAll without the performance drawback of the regex.
  • org.openrewrite.staticanalysis.UseSystemLineSeparator
    • Use System.lineSeparator()
    • Replace calls to System.getProperty("line.separator") with System.lineSeparator().
  • org.openrewrite.staticanalysis.UseTryWithResources
    • Use try-with-resources
    • Refactor try/finally blocks to use try-with-resources when the finally block only closes an AutoCloseable resource. Try-with-resources guarantees that resources are closed even when exceptions occur, eliminating an entire class of resource-leak bugs that manual finally blocks are prone to.
  • org.openrewrite.staticanalysis.WhileInsteadOfFor
    • Prefer while over for loops
    • When only the condition expression is defined in a for loop, and the initialization and increment expressions are missing, a while loop should be used instead to increase readability. A for loop with empty init and update sections signals iteration mechanics that do not exist, whereas while clearly communicates a simple conditional loop.
  • org.openrewrite.staticanalysis.WriteOctalValuesAsDecimal
    • Write octal values as decimal
    • Developers may not recognize octal values as such, mistaking them instead for decimal values. Because a leading zero silently switches the literal to base-8, what looks like 010 actually represents 8, which is a common source of subtle numeric bugs.
  • org.openrewrite.staticanalysis.java.MoveFieldAnnotationToType
    • Move annotation to type instead of field
    • Annotations that could be applied to either a field or a type are better applied to the type, because similar annotations may be more restrictive, leading to compile errors like 'scoping construct cannot be annotated with type-use annotation' when migrating later.
  • org.openrewrite.staticanalysis.maven.MavenJavadocNonAsciiRecipe
    • Remove non-ASCII characters from Javadoc
    • Maven's javadoc-plugin configuration does not support non-ASCII characters. What makes it tricky is the error is very ambiguous and doesn't help in any way. This recipe removes those non-ASCII characters.

rewrite-static-analysis-python

License: Moderne Proprietary License

87 recipes

rewrite-struts

License: Moderne Proprietary License

22 recipes

rewrite-terraform

License: Moderne Proprietary License

135 recipes

rewrite-testing-frameworks

License: Moderne Source Available License

251 recipes

rewrite-third-party

License: Apache License Version 2.0

1566 recipes