Auditing WoW Addons
Expert guidance for comprehensive addon quality analysis.
Related Commands
- c-audit - Full audit workflow
- c-clean - Dead code cleanup
- c-lint - Syntax and style
- c-review - Full review (includes audit)
MCP Tools
| Task | MCP Tool |
|------|----------|
| Security Analysis | addon.security(addon="MyAddon") |
| Complexity Analysis | addon.complexity(addon="MyAddon") |
| Deprecation Scan | addon.deprecations(addon="MyAddon") |
| Dead Code Detection | addon.deadcode(addon="MyAddon") |
Capabilities
- Security Analysis — Combat lockdown, secret values, taint, unsafe eval
- Complexity Analysis — Deep nesting, long functions, magic numbers, duplicates
- Deprecation Scanning — 100+ deprecated APIs with migration paths
- Dead Code Detection — Unused functions, orphaned files, dead exports
Analysis Categories
Security (addon.security)
| Category | Description | Severity |
|----------|-------------|----------|
| combat_violation | Protected API without InCombatLockdown() guard | Error |
| secret_leak | Logging/storing secret values (12.0+) | Error |
| taint_risk | Unsafe global modifications | Warning |
| unsafe_eval | loadstring/RunScript with variable input | Warning |
| addon_comm | Unvalidated message parsing | Info |
Complexity (addon.complexity)
| Category | Threshold | Description |
|----------|-----------|-------------|
| deep_nesting | > 5 levels | Excessive if/for/while nesting |
| long_function | > 100 lines | Functions too long to understand |
| long_file | > 500 lines | Files that should be split |
| magic_number | pattern-based | Unexplained numeric literals |
| duplicate_code | > 10 lines | Near-identical code blocks |
Deprecations (addon.deprecations)
| Category | Example APIs | Since |
|----------|--------------|-------|
| addons | GetAddOnInfo → C_AddOns.GetAddOnInfo | 11.0 |
| spells | GetSpellInfo → C_Spell.GetSpellInfo | 11.0 |
| items | GetItemInfo → C_Item.GetItemInfo | 11.0 |
| containers | GetContainerItemInfo → C_Container | 10.0 |
| unit | UnitHealth (returns secret for enemies) | 12.0 |
Dead Code (addon.deadcode)
| Category | Description |
|----------|-------------|
| unused_function | Functions defined but never called |
| orphaned_file | Lua files not in TOC |
| dead_export | Exported values never used |
| unused_library | Libraries in Libs/ never used |
Workflow
Quick Audit
1. addon.security → Critical issues (combat, secrets)
2. addon.deprecations (min_severity=error) → Breaking changes
3. Report critical findings
Full Audit
1. addon.security → All security issues
2. addon.complexity → All maintainability issues
3. addon.deprecations → All deprecated APIs
4. addon.deadcode → All dead code
5. Comprehensive report with priority order
Interpreting Results
Priority Order
-
Critical (Fix immediately):
- Combat lockdown violations (will cause bugs)
- Secret value leaks (12.0+ breaking)
- Deprecated APIs with
severity: error
-
High (Fix before release):
- Taint risks
- Deprecated APIs with
severity: warning - Orphaned files
-
Medium (Fix when convenient):
- Deep nesting (maintainability)
- Long functions
- Magic numbers
-
Low (Consider fixing):
- Code duplicates
- Suspicious dead code
Best Practices
- Run before release — Catch breaking changes early
- Start with critical — Security and deprecations first
- Filter by severity — Use
include_suspicious=falsefor focused results - Check 12.0 readiness — Secret value APIs are breaking changes
- Review complexity — High complexity = high bug risk