---
title: Tech Debt Tracker
category: product
entity_type: skill
price: $15
canonical: https://forgehouse.ai/skills/tech-debt-tracker/
lang: en
hreflang_alt: https://forgehouse.ai/tr/skiller/tech-debt-tracker/
last_updated: 2026-06-20
---

# Tech Debt Tracker

> Systematic tech debt scanning and prioritization.

Scan a codebase for technical debt across six categories: dead code, deprecated dependencies, TODO/FIXME comments, performance anti-patterns, security gaps and test gaps, and turn the findings into a P0-to-P3 prioritized action plan. It treats debt as compound interest: today's one-hour fix becomes tomorrow's four-hour debugging session, so security debt is always P0 and the Pareto 20% gets the focus.

## Use cases
- Prioritizing the backlog before sprint planning
- Producing a code-health report after an audit or retrospective
- Onboarding a new engineer with code health made visible
- Running a root-cause deep dive after a production incident
- Calculating ROI before committing to a major refactor
- Tracking the compound interest of debt over time via git history

## Benefits
- See every debt item ranked P0-P3 with a clear action and time estimate
- Always surface security debt as top priority before it ships
- Focus on the 20% of debt causing 80% of developer friction
- Watch debt trend up or down over months instead of guessing

## What’s included
- Six scan categories with ready-to-run grep, npm and tsc commands
- A P0-P3 priority scale with explicit assignment rules per category
- Tech-debt-as-user-story and compound-interest-tracking patterns
- A CI workflow to fail PRs on unused code and high-severity audit findings
- A report output format with prioritized tables and a debt score
- Mental models: Strangler Fig, Boy Scout Rule, Pareto, Blast Radius: applied to debt

## Who it’s for
Engineering teams who want a systematic, prioritized view of code health instead of a scattered pile of TODOs.

## How it runs
Six scan categories, four priority tiers, zero judgment calls. Dead code, stale TODOs, N+1 queries, unguarded routes and untested APIs are found mechanically, ranked by fixed rules, and tracked across git history to show whether debt is compounding.
1. Runs six scan categories in sequence: dead code (tsc noUnusedLocals plus export-import cross grep), deprecated dependencies (npm outdated and npm audit filtered to high and critical), TODO/FIXME comments enriched with git blame age, performance anti-patterns (N+1 await-in-loop, sync blocking calls, unbounded selects), security debt (API routes without auth checks, any types, hardcoded secrets), and test gaps (API routes with no matching test file).
2. Assigns priority by fixed rules, not judgment calls: security findings are always P0, critical dependency CVEs are P0 and high are P1, N+1 queries are P1, dead code is P2 or P3, TODOs older than 3 months escalate to P2, untested API routes are P1.
3. Produces the report in a fixed shape: total findings with the P0-P3 split, a P0 table with file, line, description and suggested fix, then P1 and below, closing with a debt score and the single most urgent action.
4. Tracks compound interest: counts TODO/FIXME across git history to show whether debt is growing or shrinking, and flags any P0 unresolved for 6+ months as requiring immediate intervention.
5. Checks blast radius before recommending deletion: greps which modules import a dead export and reads breaking-change lists before a dependency bump, so a low-severity item with a wide radius still gets priority.
6. Feeds the results onward: P3 items route to the cleanup pass, P0 findings propose a build block at the verification gate, and P0/P1 items land in the next sprint plan.

## FAQ
### Does this work outside a JavaScript/TypeScript codebase?
The grep-based scans for dead code and TODO/FIXME comments are language-agnostic, but the ready-to-run commands lean on npm and tsc, and the CI workflow fails PRs on npm audit findings. On a Python or Go repo you keep the six-category model and P0-P3 rules but swap in your own tooling commands.

### How does it decide what is P0 versus P3 instead of just dumping a list?
Each of the six categories has explicit assignment rules: security debt is always P0, and the rest is ranked by the compound-interest logic that a one-hour fix today becomes a four-hour debugging session later. The Pareto lens then narrows focus to the 20% of items causing most of the friction.

### Will it fix the debt it finds automatically?
No. It scans, scores and produces a prioritized action plan with time estimates, plus a CI gate that blocks new unused code, but the actual refactoring is done by your team. It tells you where to spend the hour, it does not spend it for you.

## Price
$15, one-time, no subscription. VAT included.

Related guide: [AI code review and developer workflow](https://forgehouse.ai/guides/ai-code-review/)