Mobile Repo Doctor

Repository:: flutter-project
Stack:: flutter
Scan Date:: Mar 12, 2026, 11:26 AM
Duration:: 0.0s
Files:: 11
Total Size:: 3.6 KB

87 Good (A)

Size

79/100

Speed

95/100

Stability

100/100

Hygiene

74/100

Executive Summary

flutter-project scored 87/100 (Good). Found 1 critical issue requiring immediate attention. 3 quick wins available that can be fixed today. Stability is in good shape (100/100).

Top Issues (5)

CRITICAL Sensitive file detected: .env

The file ".env" appears to contain sensitive data (matched name: ".env").

Category: hygiene Confidence: likely Impact: Potential exposure of secrets or credentials.

Evidence (1 location)

.env — Sensitive file name: .env

MEDIUM Archive file in repository: data.zip

The archive file "data.zip" (21 B) is checked into the repository.

Category: hygiene Confidence: confirmed Impact: Archive occupies 21 B in the repository.

Evidence (1 location)

data.zip — Archive (.zip)

MEDIUM 1 dependency override(s) in pubspec.yaml

The pubspec "pubspec.yaml" contains 1 dependency_overrides, which force specific versions and bypass normal resolution.

Category: flutter Confidence: confirmed Impact: Review 1 dependency overrides for necessity.

Evidence (1 location)

pubspec.yaml — 1 dependency_overrides entries

MEDIUM 1 declared asset path(s) missing on disk in pubspec.yaml

1 asset(s) declared in pubspec.yaml under flutter.assets could not be found in the repository file index.

Category: flutter Confidence: confirmed Impact: 1 missing asset path(s)

Evidence (1 location)

pubspec.yaml — Missing: assets/missing_image.png

MEDIUM 1 declared font asset(s) missing on disk in pubspec.yaml

1 font asset(s) declared in pubspec.yaml under flutter.fonts could not be found in the repository file index.

Category: flutter Confidence: confirmed Impact: 1 missing font asset(s)

Evidence (1 location)

pubspec.yaml — Family "Roboto": missing fonts/Roboto-Regular.ttf

Quick Wins (3)

CRITICAL Sensitive file detected: .env Potential exposure of secrets or credentials. Remove ".env" from version control, rotate any exposed credentials, and add the file to .gitignore.

MEDIUM 1 declared asset path(s) missing on disk in pubspec.yaml 1 missing asset path(s) Remove stale entries from flutter.assets in pubspec.yaml, or add the missing files to the expected paths.

MEDIUM 1 declared font asset(s) missing on disk in pubspec.yaml 1 missing font asset(s) Add the missing font files to the declared paths, or remove stale font entries from pubspec.yaml.

Category Breakdown

Size

79/100

MEDIUM Potentially unused asset: unused_logo.png

MEDIUM Potentially unused asset: heavy.svg

MEDIUM Potentially unused asset: missing_image.png

INFO Top 11 largest files in the repository

Speed

95/100

INFO Found 1 heavy dependency

Stability

100/100

MEDIUM 1 dependency override(s) in pubspec.yaml

MEDIUM 1 heavy SVG(s) for runtime rendering (medium)

MEDIUM 1 declared asset path(s) missing on disk in pubspec.yaml

MEDIUM 1 declared font asset(s) missing on disk in pubspec.yaml

INFO 1 Flutter package(s) detected

Hygiene

74/100

CRITICAL Sensitive file detected: .env

MEDIUM Archive file in repository: data.zip

LOW Sensitive file detected: android/app/google-services.json

LOW 1 deeply nested directory (low, max depth 11)

LOW Root pubspec.yaml has no committed pubspec.lock

INFO 1 generated .g.dart file(s) (expected for Flutter)

INFO Module inventory: 1 module(s) detected

Detailed Findings

17 findings

CRITICAL Sensitive file detected: .env

The file ".env" appears to contain sensitive data (matched name: ".env").

Why it matters: Secrets, API keys, and credentials checked into a repository can be extracted by anyone with access and remain in git history even after deletion.

Impact: Potential exposure of secrets or credentials. Confidence: likely

Evidence (1 location)

.env — Sensitive file name: .env

Remove ".env" from version control, rotate any exposed credentials, and add the file to .gitignore.

hygiene-sensitive-file Horizon: today Category: hygiene

MEDIUM Archive file in repository: data.zip

The archive file "data.zip" (21 B) is checked into the repository.

Why it matters: Archive files are opaque binaries that cannot be diffed. They bloat the repository permanently (even after deletion, they remain in git history).

Impact: Archive occupies 21 B in the repository. Confidence: confirmed

Evidence (1 location)

data.zip — Archive (.zip)

Remove `data.zip` from the repository. Alternatives: (1) extract the needed files from the archive, commit them individually, then delete the archive; (2) publish the contents as a package on a registry (npm, Maven, CocoaPods); (3) move the archive to cloud storage (S3, GCS) and download it at build time; (4) track it with Git LFS (`git lfs track "data.zip"`) to keep it out of the main object store.

hygiene-archive-in-repo Horizon: this_sprint Category: hygiene

MEDIUM Potentially unused asset: unused_logo.png

Asset "assets/unused_logo.png" declared in pubspec.yaml does not appear to be referenced in any .dart file.

Why it matters: Unused assets are bundled uncompressed into the APK/IPA, directly increasing download size without providing any value to the user.

Impact: Reduced bundle size if removed Confidence: likely

Evidence (1 location)

pubspec.yaml — Declared asset: assets/unused_logo.png

Search for references with: grep -r "unused_logo.png" lib/ — if no results, remove "assets/unused_logo.png" from pubspec.yaml and delete the file.

flutter-unused-asset Horizon: this_sprint Category: assets

MEDIUM Potentially unused asset: heavy.svg

Asset "assets/heavy.svg" declared in pubspec.yaml does not appear to be referenced in any .dart file.

Why it matters: Unused assets are bundled uncompressed into the APK/IPA, directly increasing download size without providing any value to the user.

Impact: Reduced bundle size if removed Confidence: likely

Evidence (1 location)

pubspec.yaml — Declared asset: assets/heavy.svg

Search for references with: grep -r "heavy.svg" lib/ — if no results, remove "assets/heavy.svg" from pubspec.yaml and delete the file.

flutter-unused-asset Horizon: this_sprint Category: assets

MEDIUM Potentially unused asset: missing_image.png

Asset "assets/missing_image.png" declared in pubspec.yaml does not appear to be referenced in any .dart file.

Why it matters: Unused assets are bundled uncompressed into the APK/IPA, directly increasing download size without providing any value to the user.

Impact: Reduced bundle size if removed Confidence: likely

Evidence (1 location)

pubspec.yaml — Declared asset: assets/missing_image.png

Search for references with: grep -r "missing_image.png" lib/ — if no results, remove "assets/missing_image.png" from pubspec.yaml and delete the file.

flutter-unused-asset Horizon: this_sprint Category: assets

MEDIUM 1 dependency override(s) in pubspec.yaml

The pubspec "pubspec.yaml" contains 1 dependency_overrides, which force specific versions and bypass normal resolution.

Why it matters: Dependency overrides mask version conflicts and can hide incompatibilities that surface only in production or when the overrides are removed.

Impact: Review 1 dependency overrides for necessity. Confidence: confirmed

Evidence (1 location)

pubspec.yaml — 1 dependency_overrides entries

Resolve the underlying version conflicts so that dependency_overrides are no longer needed, or document why each override is required.

flutter-dependency-overrides Horizon: this_sprint Category: flutter

MEDIUM 1 heavy SVG(s) for runtime rendering (medium)

1 SVG file(s) contain constructs that are expensive to render at runtime via flutter_svg.

Why it matters: Complex SVG constructs (filters, masks, embedded images) are re-evaluated on every frame by flutter_svg, causing jank and increased GPU/CPU usage.

Impact: Total rendering weight score: 8 (threshold per file: 3). Confidence: likely

Evidence (1 location)

assets/heavy.svg — 2 filter(s), 1 mask(s), 51 paths

Consider converting these SVGs to PNG or WebP for better rendering performance. If an SVG is used at multiple sizes, keeping it as vector may be preferable — in that case, try simplifying the heavy constructs.

flutter-heavy-svg Horizon: this_sprint Category: flutter

MEDIUM 1 declared asset path(s) missing on disk in pubspec.yaml

1 asset(s) declared in pubspec.yaml under flutter.assets could not be found in the repository file index.

Why it matters: Declared but missing assets cause runtime errors or build failures. Flutter will fail to bundle assets it cannot locate, leading to broken images or crashes.

Impact: 1 missing asset path(s) Confidence: confirmed

Evidence (1 location)

pubspec.yaml — Missing: assets/missing_image.png

Remove stale entries from flutter.assets in pubspec.yaml, or add the missing files to the expected paths.

flutter-missing-declared-asset-path Horizon: today Category: flutter

MEDIUM 1 declared font asset(s) missing on disk in pubspec.yaml

1 font asset(s) declared in pubspec.yaml under flutter.fonts could not be found in the repository file index.

Why it matters: Missing font files cause build failures or silent fallback to the default font, leading to inconsistent typography across the app.

Impact: 1 missing font asset(s) Confidence: confirmed

Evidence (1 location)

pubspec.yaml — Family "Roboto": missing fonts/Roboto-Regular.ttf

Add the missing font files to the declared paths, or remove stale font entries from pubspec.yaml.

flutter-missing-font-asset Horizon: today Category: flutter

LOW Sensitive file detected: android/app/google-services.json

The file "android/app/google-services.json" is a common mobile config file (matched name: "google-services.json"). Usually not a secret, but verify it doesn't contain sensitive overrides.

Why it matters: While typically safe to commit, these files can occasionally contain API keys or environment-specific overrides that should remain private.

Impact: Low risk — review to confirm no sensitive overrides. Confidence: review_needed

Evidence (1 location)

android/app/google-services.json — Sensitive file name: google-services.json

Verify "google-services.json" does not contain production secrets. Consider adding to .gitignore if it holds environment-specific values.

hygiene-sensitive-file Horizon: Category: hygiene

LOW 1 deeply nested directory (low, max depth 11)

Found 1 directory with nesting depth exceeding 10. Maximum depth: 11.

Why it matters: Excessively deep directory structures make navigation difficult, suggest overly complex module hierarchies, and can cause path-length issues on some operating systems.

Impact: 1 directories with excessive nesting (max depth 11). Confidence: confirmed

Evidence (1 location)

a/b/c/d/e/f/g/h/i/j/k — Nesting depth: 11

Aim for a maximum depth of 9 levels. Strategies: (1) flatten feature folders by co-locating related files instead of nesting by type, (2) use barrel exports (index.ts) to allow shorter import paths. Run `find . -mindepth 10 -type d` to list all offending directories.

structure-deep-nesting Horizon: later Category: structure

LOW Root pubspec.yaml has no committed pubspec.lock

The repository contains a root pubspec.yaml but no pubspec.lock. Without a lock file, every developer and CI run may resolve different dependency versions.

Why it matters: A missing lock file causes non-reproducible builds and can introduce subtle bugs when transitive dependency versions drift between machines.

Impact: Non-reproducible dependency resolution across environments. Confidence: review_needed

Evidence (1 location)

pubspec.yaml — pubspec.lock not found

Run `flutter pub get` and commit the generated pubspec.lock.

repo-missing-pubspec-lock Horizon: this_sprint Category: structure

INFO Top 11 largest files in the repository

The 11 largest files account for 3.6 KB of repository size. Review these to identify optimization opportunities.

Why it matters: Understanding which files contribute most to repository size helps prioritize optimization efforts for maximum impact.

Impact: These 11 files total 3.6 KB. Confidence: confirmed

Evidence (11 locations)

assets/heavy.svg — 2.5 KB
pubspec.yaml — 452 B
lib/main.dart — 282 B
lib/models/user.g.dart — 134 B
android/app/google-services.json — 96 B
.env — 69 B
a/b/c/d/e/f/g/h/i/j/k/deep.txt — 30 B
assets/unused_logo.png — 22 B
data.zip — 21 B
assets/icon.png — 15 B
and 1 more...

Review each large file to determine if it can be compressed, optimized, moved to a CDN, or removed if unused.

assets-top-size-contributors Horizon: later Category: assets

INFO 1 generated .g.dart file(s) (expected for Flutter)

Found 1 generated .g.dart files (134 B). These are expected in Flutter projects and excluded from scoring.

Why it matters: Flutter projects conventionally commit codegen output (build_runner, freezed, etc.) so developers can work without running code generation.

Impact: 1 generated files occupy 134 B. Confidence: confirmed

Evidence (1 location)

lib/models/user.g.dart — Generated file (.g.dart)

No action needed — these files are expected in Flutter projects.

hygiene-generated-file-skipped Horizon: later Category: hygiene

INFO Module inventory: 1 module(s) detected

Found 1 module definition(s) across 1 type(s): Flutter/Dart: 1.

Why it matters: Understanding the module structure of the repository helps identify build dependencies, potential code sharing opportunities, and structural complexity.

Impact: 1 modules across 1 technology types. Confidence: confirmed

Evidence (1 location)

pubspec.yaml — Flutter/Dart

No action required. This is an informational finding for visibility into the repository structure.

structure-module-inventory Horizon: later Category: structure

INFO 1 Flutter package(s) detected

Found 1 pubspec.yaml file(s) with a total of 3 dependencies.

Why it matters: Understanding pubspec configuration helps identify bloat sources and dependency risks.

Impact: 1 packages, 3 total dependencies. Confidence: confirmed

Evidence (1 location)

pubspec.yaml — package: test_flutter_app, dependencies: 3, dev_dependencies: 0, assets: 4, fonts: 1

Review dependency count and asset declarations for optimization opportunities.

flutter-pubspec-overview Horizon: later Category: flutter

INFO Found 1 heavy dependency

The following heavy packages were found: video_player. These packages can significantly increase app size and startup time.

Why it matters: Heavy dependencies increase binary size, startup time, and may introduce complex native build requirements.

Impact: 1 heavy package(s) detected Confidence: likely

Evidence (1 location)

pubspec.yaml — heavy dependency: video_player

Evaluate whether each heavy dependency is essential. Consider lighter alternatives or lazy-loading where possible.

flutter-heavy-dependency Horizon: later Category: dependencies

Recommendations

Immediate (Today)

CRITICAL Sensitive file detected: .env

Remove ".env" from version control, rotate any exposed credentials, and add the file to .gitignore.

Potential exposure of secrets or credentials.
MEDIUM 1 declared asset path(s) missing on disk in pubspec.yaml

Remove stale entries from flutter.assets in pubspec.yaml, or add the missing files to the expected paths.

1 missing asset path(s)
MEDIUM 1 declared font asset(s) missing on disk in pubspec.yaml

Add the missing font files to the declared paths, or remove stale font entries from pubspec.yaml.

1 missing font asset(s)

Next Sprint

MEDIUM Archive file in repository: data.zip

Remove `data.zip` from the repository. Alternatives: (1) extract the needed files from the archive, commit them individually, then delete the archive; (2) publish the contents as a package on a registry (npm, Maven, CocoaPods); (3) move the archive to cloud storage (S3, GCS) and download it at build time; (4) track it with Git LFS (`git lfs track "data.zip"`) to keep it out of the main object store.

Archive occupies 21 B in the repository.
MEDIUM Potentially unused asset: unused_logo.png

Search for references with: grep -r "unused_logo.png" lib/ — if no results, remove "assets/unused_logo.png" from pubspec.yaml and delete the file.

Reduced bundle size if removed
MEDIUM Potentially unused asset: heavy.svg

Search for references with: grep -r "heavy.svg" lib/ — if no results, remove "assets/heavy.svg" from pubspec.yaml and delete the file.

Reduced bundle size if removed
MEDIUM Potentially unused asset: missing_image.png

Search for references with: grep -r "missing_image.png" lib/ — if no results, remove "assets/missing_image.png" from pubspec.yaml and delete the file.

Reduced bundle size if removed
MEDIUM 1 dependency override(s) in pubspec.yaml

Resolve the underlying version conflicts so that dependency_overrides are no longer needed, or document why each override is required.

Review 1 dependency overrides for necessity.
MEDIUM 1 heavy SVG(s) for runtime rendering (medium)

Consider converting these SVGs to PNG or WebP for better rendering performance. If an SVG is used at multiple sizes, keeping it as vector may be preferable — in that case, try simplifying the heavy constructs.

Total rendering weight score: 8 (threshold per file: 3).
LOW Root pubspec.yaml has no committed pubspec.lock

Run `flutter pub get` and commit the generated pubspec.lock.

Non-reproducible dependency resolution across environments.

Structural (Later)

LOW 1 deeply nested directory (low, max depth 11)

Aim for a maximum depth of 9 levels. Strategies: (1) flatten feature folders by co-locating related files instead of nesting by type, (2) use barrel exports (index.ts) to allow shorter import paths. Run `find . -mindepth 10 -type d` to list all offending directories.

1 directories with excessive nesting (max depth 11).
INFO Top 11 largest files in the repository

Review each large file to determine if it can be compressed, optimized, moved to a CDN, or removed if unused.

These 11 files total 3.6 KB.
INFO 1 generated .g.dart file(s) (expected for Flutter)

No action needed — these files are expected in Flutter projects.

1 generated files occupy 134 B.
INFO Module inventory: 1 module(s) detected

No action required. This is an informational finding for visibility into the repository structure.

1 modules across 1 technology types.
INFO 1 Flutter package(s) detected

Review dependency count and asset declarations for optimization opportunities.

1 packages, 3 total dependencies.
INFO Found 1 heavy dependency

Evaluate whether each heavy dependency is essential. Consider lighter alternatives or lazy-loading where possible.

1 heavy package(s) detected