call "isPunctuatorChar" "end" "->" false call "isOperatorChar" "(" ")" call "isOperatorChar" "end" "->" false if break "" if end loop end 333 call "scan" "end" "->" [object Object],[object Object],[object Object],[object Object] call "parse" "(" [object Object],[object Object],[object Object],[object Object] ")" - 1 "->" -1 call "next" "(" ")" call "next" "end" "->" call "pushScope" "(" [object Object] ")" new Scope new end call "pushScope" "end" "->" call "parseStatementList" "(" ")" loop 340 ! [object Object] "->" false call "peek" "(" 17 ")" call "peek" "end" "->" false call "parseStatement" "(" ")" call "peek" "(" 2 ")" call "peek" "end" "->" false call "peek" "(" 3 ")" call "peek" "end" "->" false call "peek" "(" 5 ")" call "peek" "end" "->" false call "peek" "(" 11 ")" call "peek" "end" "->" false

Dynamic code analysis for JavaScript


npm install iroh or alternativelly the browser distribution from here.


  • Runtime call tree graphs
  • Runtime type checking
  • Runtime code quality
  • Runtime test cases
  • Realtime code visualizations
  • Intercept eval, setTimeout etc.
  • Intercept and manipulate code/data on the fly
  • Visual learning

About Iroh

If you aren't familiar with the term dynamic analysis, then you can read about it here.

How does it work?

  • Iroh patches your code to be able to record everything happening inside it, but without changing the original program. You can add listeners to the patched code stage and then track and manipulate everything.

  • Iroh also keeps track of the call stack, which makes it possible to view the code's flow and visualize it within any kind of model.


  • Iroh supports strict mode.

  • Since Iroh allows to intercept all calls in your code, even Function.toString calls can be intercepted, which allows to remain JavaScript's original code reification feature. You can do the same for any other ways like String(ƒ) or ƒ + "".

  • External (non-trackable) calls (e.g. eval, Math.random) get traced as external.

  • Patched functions which get called from outside (e.g. setTimeout(ƒ)) get traced as sloppy.

  • The API exposes listeners for most AST node types. For example you can intercept all Calls in your code and determine what happens before (e.g. track it's arguments) and after it's called (e.g. change it's return value based on the called function's name).


  • Iroh cannot record what's happening inside native calls, external or non-patched functions. If you want a function to be intercepted, then make sure to patch it as well.


  • The current main goal is to have full ES5 support. Iroh is already successfully tested with jQuery, acorn and underscore. A subset of ES6 features is already supported.

  • Also node.js support is ongoing since we can intercept require calls.

What is dynamic code analysis?

  • Dynamic analysis is in contrast to static analysis (e.g. used in JavaScript linters). Dynamic analysis allows to collect runtime data and how the code behaves during execution. Static analysis allows to get information based on the source code, but without any runtime informations. With static analysis it's up to impossible to get a sense of how the program will actually behave.

  • For example, Iroh allows you to track, intercept and manipulate all data in your code during execution. You can collect and change types, parameters, return values, allocated objects, variables, expressions, function calls and so on.

Output examples

A simple textual model is used below to represent the code flow.



Since Iroh modifies your code heavily, Function.toString calls would return the modified code instead of the original. See this example how this can be bypassed in just 3 lines of code.