#1
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
3.9K starsJun 13, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add spotbugs/spotbugsAlternatives
Spoon alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Spoon
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
99
Quality
90
Trust
1.9K
Stars
#2
An extensible multilanguage static code analyzer.
5.4K starsJun 12, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pmd/pmd#3
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2.4K starsMar 26, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add find-sec-bugs/find-sec-bugs#4
TypeScript Compiler API wrapper for static analysis and programmatic code changes.
6.1K starsApr 12, 2026 pushdevelopmentTypeScriptStatic Analysis
$ npx skills add dsherret/ts-morph#5
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 16, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#6
A tool to enforce Swift style and conventions.
20K starsJun 13, 2026 pushdevelopmentSwiftStatic Analysis
$ npx skills add realm/SwiftLint#7
⚡A CLI tool for code structural search, lint and rewriting. Written in Rust
15K starsJun 15, 2026 pushdevelopmentRustStatic Analysis
$ npx skills add ast-grep/ast-grep#8
A PHP parser written in PHP
17K starsFeb 26, 2026 pushdevelopmentPHPStatic Analysis
$ npx skills add nikic/PHP-Parser#9
PySonar2: a semantic indexer for Python with interprocedual type inference
1.4K starsMar 2, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add yinwang0/pysonar2#10
A vulnerability scanner for container images and filesystems
12K starsJun 12, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grype#11
Program for determining types of files for Windows, Linux and MacOS.
11K starsJun 14, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add horsicq/Detect-It-Easy#12
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
8.8K starsJun 14, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add bridgecrewio/checkov#13
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
9.1K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/syft#14
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
5.9K starsJun 11, 2026 pushdevelopmentPHPStatic Analysis
$ npx skills add vimeo/psalm#15
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
5.5K starsJun 11, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add mgechev/revive#16
Static code analysis for Kotlin
7.0K starsJun 14, 2026 pushdevelopmentKotlinStatic Analysis
$ npx skills add detekt/detektHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Spoon if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.