Skip to main content
ArcSight

Observatory reports / 2026

State of TypeScript Architecture 2026

Architecture findings from 11 real TypeScript repository proofs — fan-in hotspots, blast radius, score distribution, and structural patterns. Every number traced to Observatory analysis snapshots.

Trust path: HomepageValidationRepositoriesReport

Snapshot window: 2026-06-05 – 2026-06-05 · 11 repositories · 5,585 modules · 14,245 edges

Executive summary

Findings below are computed at build time from frozen Observatory analysis snapshots. No estimates or synthetic statistics.

  • 11 open-source repositories with complete structural proof (Proof Density Rule: module and edge counts both greater than zero).
  • 5,585 modules and 14,245 dependency edges traced across included snapshots.
  • Architecture scores in this dataset range from 68.5 to 97 (0–100 scale from arc analyze snapshots).
  • Highest recorded fan-in: 225 dependents on `src/types` in Payload CMS.
  • Largest blast radius: 495 downstream modules from `src/errors/APIError` in Payload CMS.
  • 8 of 11 snapshots report one or more dependency cycles.

Dataset

Repositories included in this edition — each passes the Proof Density Rule and links to a public proof page.

RepositoryScoreModulesEdgesCycles
Cal.com

Cal.com (apps/web)

9739872
Directus

Directus (api)

75.17892,287100
Medusa

Medusa (packages/medusa)

917217261
Next.js

Next.js (packages/next)

891,9424,489
Nx

Nx (packages/nx)

68.55892,843100
Payload CMS

Payload CMS (packages/payload)

71.16272,704100
Prisma

Prisma (packages/client)

87.116639031
Strapi

Strapi (packages/core/strapi)

94.4781941
Supabase

Supabase (packages/ui)

93.9159185
tRPC

tRPC (packages/server)

79.37625110
Turborepo

Turborepo (packages/turbo-codemod)

93.7401042

Fan-in analysis

Highest fan-in modules across all included snapshots (from highRiskModules fields). Fan-in counts direct dependents in each repository's traced subgraph.

  1. 01fan-in 225

    src/types

    Payload CMS · CRITICAL

  2. 02fan-in 154

    src

    Payload CMS · CRITICAL

  3. 03fan-in 142

    src/config/types

    Payload CMS · CRITICAL

  4. 04fan-in 128

    src/collections/config/types

    Payload CMS · CRITICAL

  5. 05fan-in 124

    src/fields/config/types

    Payload CMS · CRITICAL

  6. 06fan-in 123

    src/config/nx-json

    Nx · CRITICAL

  7. 07fan-in 112

    src/utils/workspace-root

    Nx · CRITICAL

  8. 08fan-in 105

    src/config/project-graph

    Nx · CRITICAL

  9. 09fan-in 104

    src/logger

    Directus · CRITICAL

  10. 10fan-in 102

    src/utils/output

    Nx · CRITICAL

  11. 11fan-in 80

    src/api/utils/validators

    Medusa · CRITICAL

  12. 12fan-in 71

    src/utils/fileutils

    Nx · CRITICAL

Blast radius analysis

Largest blast-radius modules (from hotspots fields) — downstream modules reachable when a node changes.

  1. 01blast radius 495

    src/errors/APIError

    Payload CMS · fan-in 41 · CRITICAL

  2. 02blast radius 478

    src/utils/fileutils

    Nx · fan-in 71 · CRITICAL

  3. 03blast radius 477

    src/utilities/isNumber

    Payload CMS · fan-in 14 · CRITICAL

  4. 04blast radius 477

    src/versions/types

    Payload CMS · fan-in 16 · CRITICAL

  5. 05blast radius 476

    src/utils/workspace-root

    Nx · fan-in 112 · CRITICAL

  6. 06blast radius 476

    src

    Payload CMS · fan-in 154 · CRITICAL

  7. 07blast radius 476

    src/config/types

    Payload CMS · fan-in 142 · CRITICAL

  8. 08blast radius 476

    src/types

    Payload CMS · fan-in 225 · CRITICAL

  9. 09blast radius 467

    src/utils/versions

    Nx · fan-in 21 · CRITICAL

  10. 10blast radius 465

    src/native

    Nx · fan-in 64 · CRITICAL

  11. 11blast radius 454

    src/utils/path

    Nx · fan-in 26 · CRITICAL

  12. 12blast radius 453

    src/config/task-graph

    Nx · fan-in 38 · CRITICAL

Architecture score distribution

Score spread across included repositories (arc analyze snapshot, 0–100). Range: 68.597.

Common structural patterns

Recurring hotspots and shared characteristics counted from snapshot fields — not inferred from industry samples.

  • Documented change-risk zones

    Every snapshot with structural proof lists at least one change-risk zone (11 of 11).

    • Cal.com · components/booking/actions/bookingActions
    • Directus · src/utils/get-config-from-env
    • Medusa · src/api/utils/validators
    • Next.js · src/types
    • Nx · src/utils/fileutils
  • God-module gravity centers

    Primary gravity center role is "god-module" in 9 of 11 snapshots.

    • Directus · src/utils/get-config-from-env
    • Medusa · src/api/utils/validators
    • Nx · src/utils/fileutils
    • Payload CMS · src/errors/APIError
    • Prisma · src/runtime/core/errorRendering/base
  • Types modules as top fan-in signal

    Highest fan-in module path contains "types" in 5 of 11 snapshots.

  • Utils modules as top fan-in signal

    Highest fan-in module path contains "utils" or "util" in 4 of 11 snapshots.

    • Medusa · src/api/utils/validators
    • Nx · src/utils/workspace-root
    • Supabase · src/lib/utils/cn
    • tRPC · src/unstable-core-do-not-import/utils

Key takeaways

  • High fan-in modules are change-risk signals — inspect impact paths before refactoring shared types, utils, or config modules surfaced in this dataset.
  • 9 of 11 snapshots label the primary gravity center as a god-module — a single module carrying disproportionate structural pull.
  • 2 of 11 snapshots report layer violations — boundary crossings worth mapping before large moves.
  • Each row in this report links to a frozen repository proof page — rerun arc impact locally on the module you plan to change before merge.

Methodology

Proof Density Rule. A repository enters this report only when its analysis snapshot has moduleCount > 0 and edgeCount > 0. Incomplete graphs are refused — same gate as public repository proof pages.

Inclusion. This 2026 edition includes all indexable Observatory repository proofs at build time (11 repositories). Future annual editions (2027, 2028) use the same registry and builder — only the snapshot set changes.

Source of truth. Every metric is read from web/analysis-data/[slug].json files produced by npm run generate-analysis. Claims without snapshot backing are listed under excluded findings below.

Validation record → · Repository proof directory →

Excluded findings (no snapshot evidence)

  • Cross-repository break-path analysis omitted — riskChains appear in fewer than two snapshots.
  • Whole-dataset "100% TypeScript" claim omitted — seo.language is typescript in 10 of 11 snapshots only.
  • Industry-wide or percentile rankings omitted — this report describes the Observatory proof corpus only, not a sampled developer population.
  • architectureClassification field omitted — not populated in any included snapshot.

Source repository proofs

Install ArcSight →Validation record →← Homepage