v0.2.2-beta
· Case study · 02

PeerTube, scanned.

ngcompass analysed PeerTube 2,961 files, 8,814 checks, in 5.5 seconds on a single workstation. Here's what it found.

PeerTubegithub.com/Chocobozzz/PeerTube← All case studies
About the project

Federated.
Real-time.
Open source.

Decentralised, federated, ActivityPub-powered video platform written in TypeScript with an Angular front-end. PeerTube is a focused single-app codebase (no monorepo splits) heavy on video playback, real-time updates, and admin tooling — a great contrast to large enterprise monorepos. The numbers below are exactly what the CLI reported on the unmodified develop branch.

2,961

Files discovered

339 scanned · 2,661 clean

5.5s

Wall-clock duration

541/s files · 1,610/s checks

8,814

Checks executed

6 of 27 rules fired

335

Findings reported

323 errors · 12 warnings

One command

Run it. Get a report.

No configuration, no preset selection, no allowlists. The default recommended preset, against the unmodifiedmainbranch of PeerTube.

peertube · ngcompass

Writing report...

2,961 files · 8,814 checks · 5.5s

2,661 files no issues · 300 files with violations

× 335 violations (323 errors, 12 warnings) FAILED

Throughput

Fast enough to run on every PR.

Single-process, single-machine. No clustering, no remote workers, no warm cache.

5.5s

Total time

541

Files / second

1,610

Checks / second

Wall-clock timeline5.5s
discover · 1.1splan · 1.5sanalyse · 2.9s
Measured on

Intel Core i7-10750H (6 cores · 12 threads @ 2.6 GHz), 16 GB DDR4 · 2933 MT/s. No CI fleet, no cluster, no GPU, no warm cache.

Findings · by rule

Where the violations live.

6 rules triggered out of 27 active. Two patterns — missing OnPush change detection and method calls in templates — account for 96% of all findings.

  1. 01prefer-on-push-component-change-detection297

    Components using default change detection instead of OnPush.

  2. 02template-no-call-expression26

    Method calls in template bindings re-run on every change detection pass.

  3. 03no-bypass-sanitization6

    DomSanitizer bypass calls that can expose unsafe content.

  4. 04rxjs-no-nested-subscribe4

    Nested subscribe() chains that fragment stream lifetimes.

  5. 05template-no-unsafe-bindings1

    Unsafe bindings like innerHTML that bind raw content.

  6. 06signal-prefer-model1

    Input/Output pairs that could migrate to model().

Error · 323Warning · 12
The shape of the report

How the findings break down.

Severity split

335

total findings

Errors

323

96% of findings · fail the build

Warnings

12

4% of findings · advisory

Files · clean vs flagged

89.9%

clean

Clean

2,661

89.9% of files

Flagged

300

10.1% of files

What it means

4 signals from one run.

  • OnPush is the biggest opportunity

    297 components run on Angular's default change detection — 89% of all findings. Migrating these to OnPush is the single highest-impact refactor for rendering performance.

  • Security needs attention

    Seven sanitizer-bypass and unsafe-binding findings across 339 components. Each one is a potential XSS vector worth reviewing — small absolute number, high individual impact.

  • Lean, fast codebase

    5.5 seconds for the full analysis. Only 6 of 27 rules triggered — PeerTube's codebase is already disciplined on RxJS teardown, signal effects, and modern API adoption.

  • Ideal for a CI baseline

    Errors and warnings are concentrated in two clear patterns. A team could fix OnPush incrementally, lock the rest behind a SARIF-gated GitHub Action, and never regress.

Try it yourself

Reproduce this run in 30 seconds.

Clone PeerTube, install ngcompass, and run the same command. No config, no telemetry, no upload — the same report ends up next to the source.

Install ngcompassBrowse all 27 rules