Sirens Call is a Python-powered static analysis tool for JavaScript/Node.js CLI projects that generates interactive Mermaid.js flowcharts, helping you visualise execution paths, identify entry points, and gain insight into complex CLI behaviours.
8/05/2025 Article
If you’ve ever tried to reverse engineer a tangled Node.js CLI project, you’ll know just how elusive clarity can be—especially when Commander.js is involved and the entry points are split across a maze of files. That was the pain point that led to the creation of sirens_call: a CLI-first tool that transforms JavaScript project structure into Mermaid.js flowcharts.
Mermaid is a JavaScript-based diagramming and charting tool that lets you define flowcharts and diagrams using plain text syntax. It supports a wide array of diagram types—from flowcharts to Gantt charts—and integrates seamlessly with Markdown, static site generators, and developer tooling.
This idea of “Graph as Code” is part of a growing movement to bring diagrams into version-controlled environments. Instead of dragging shapes in GUI tools, you define nodes, edges, and relationships in declarative syntax. That means diffs, pull requests, CI validation, and automated documentation pipelines all become possible.
In the context of CLI reverse engineering and static code review, this is especially powerful: you can audit execution paths, track how user input flows through logic, and share insights visually—all without needing to boot the code.
There’s no shortage of tools for static analysis, but I couldn’t find anything that:
So I built one.
Sirens Call performs a two-pass traversal of your JS/MJS codebase using Tree-sitter’s Abstract Syntax Tree (AST):
Entry points are identified and treated as roots in a Breadth-First Search (BFS) traversal, and a layered Mermaid flowchart is generated for each one. External functions (like those in imported modules) are visually marked. There’s even limited loop-awareness for annotating repetitive calls.
