Credo

Static analysis and code quality tool for Elixir — catches consistency issues, refactoring opportunities, and code smells. Credo features: mix credo command, --strict flag for stricter checks, category filtering (readability, design, refactoring, warning, consistency), inline @moduledoc/@doc enforcement, complexity checks (Cyclomatic Complexity, nesting depth), alias consistency, unused variable detection, pipe chain issues, and .credo.exs configuration. Does NOT catch type errors (use Dialyxir for that). Widely used in Elixir community as the standard linter before code review.

Evaluated Mar 06, 2026 (0d ago) v1.x
Homepage ↗ Repo ↗ Developer Tools elixir credo linting static-analysis code-quality refactoring consistency
⚙ Agent Friendliness
67
/ 100
Can an agent use this?
🔒 Security
93
/ 100
Is it safe for agents?
⚡ Reliability
88
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
85
Auth Simplicity
98
Rate Limits
98

🔒 Security

TLS Enforcement
95
Auth Strength
95
Scope Granularity
92
Dep. Hygiene
88
Secret Handling
95

Local CLI tool — no network access, no security concerns. Supply chain: pin Credo version in mix.exs to prevent unexpected rule changes. Credo itself doesn't detect security vulnerabilities — use Sobelow for Elixir security scanning.

⚡ Reliability

Uptime/SLA
88
Version Stability
88
Breaking Changes
85
Error Recovery
90
AF Security Reliability

Best When

Every Elixir agent project wanting consistent code style, readability enforcement, and complexity limits — Credo is the Elixir community standard linter equivalent to RuboCop for Ruby or ESLint for JavaScript.

Avoid When

You need type checking (use Dialyxir) or security analysis (use Sobelow) — Credo focuses on code style and readability.

Use Cases

  • Agent codebase consistency — mix credo runs readability checks on agent Elixir modules; flags missing @moduledoc, long functions, nested conditionals; agent teams use credo in pre-commit hook to enforce consistent code before review
  • Agent CI quality gate — mix credo --strict fails CI on warnings; agent PRs with Credo violations blocked from merge; --format json output parsed by CI for detailed per-file reporting
  • Complexity limit enforcement — Credo flags agent functions exceeding cyclomatic complexity 9; refactoring hints guide agent module decomposition; agents with complex decision trees flagged before they become maintenance problems
  • Pipe chain validation — Credo checks pipe chain consistency; agent data transformation pipelines with single-element pipes or unnecessary parentheses flagged; enforces idiomatic Elixir piping in agent data flow code
  • Custom check configuration — .credo.exs with checks: { enabled: true, params: [max_length: 100] } customizes line length for agent codebase; disable specific checks per-file with @credo:disable-this-check inline comment

Not For

  • Type checking — Credo is a linter not type checker; for Elixir type errors and spec violations use Dialyxir with @spec annotations
  • Security scanning — Credo doesn't catch SQL injection or security issues; for Elixir security analysis use Sobelow
  • Test framework — Credo analyzes code quality only; for Elixir testing use ExUnit

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

No auth — local CLI tool running on Elixir source files.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Credo is MIT licensed. Free for all use.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • mix credo vs mix credo --strict differ significantly — default mode suppresses design-level refactoring suggestions; --strict adds Credo.Check.Design.* checks including TagFIXME/TagTODO; agent CI using default mode misses design-level issues that --strict catches; most Elixir teams use --strict in CI
  • @moduledoc false required not just absence — missing @moduledoc raises Credo warning; internal agent modules without documentation need @moduledoc false to explicitly mark as intentionally undocumented; omitting both @moduledoc and @moduledoc false causes consistent Credo violation
  • .credo.exs must be committed for team consistency — without .credo.exs, Credo uses defaults that may differ from team expectations; agent teams need .credo.exs in repo root with agreed-upon check configuration; generate default with mix credo gen.config
  • Priority levels affect mix credo exit code — Credo exits non-zero on any issue above configured priority; low-priority style suggestions don't fail CI by default; agent CI exit code depends on --strict flag and min_priority setting in .credo.exs; configure explicitly for predictable CI behavior
  • Inline disable must match exact check name — # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength disables specific check; typos in check name are silently ignored; agent developers disabling wrong check name get continued violation; verify check name from Credo documentation
  • Credo doesn't analyze generated code — .credo.exs files_excluded setting skips paths; generated agent code (protobufs, NimbleCSV parsers) should be excluded; mix credo analyzing generated code produces hundreds of violations masking real issues; configure files_excluded to match your code generation output paths

Alternatives

dialyxir-api sobelow-elixir-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Credo.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5209
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered