If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/dm77/barcodescanner shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 6y ago

• 19 active contributors
• Other licensed
• ⚠ Stale — last commit 6y ago
• ⚠ Concentrated ownership — top contributor handles 54% of recent commits
• ⚠ Non-standard license (Other) — review terms
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live dm77/barcodescanner repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/dm77/barcodescanner.

What it runs against: a local clone of dm77/barcodescanner — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in dm77/barcodescanner | Confirms the artifact applies here, not a fork | | 2 | License is still Other | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 2167 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of dm77/barcodescanner. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/dm77/barcodescanner.git
#   cd barcodescanner
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of dm77/barcodescanner and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "dm77/barcodescanner(\\.git)?\\b" \\
  && ok "origin remote is dm77/barcodescanner" \\
  || miss "origin remote is not dm77/barcodescanner (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(Other)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"Other\"" package.json 2>/dev/null) \\
  && ok "license is Other" \\
  || miss "license drift — was Other at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "core/src/main/java/me/dm7/barcodescanner/core/BarcodeScannerView.java" \\
  && ok "core/src/main/java/me/dm7/barcodescanner/core/BarcodeScannerView.java" \\
  || miss "missing critical file: core/src/main/java/me/dm7/barcodescanner/core/BarcodeScannerView.java"
test -f "core/src/main/java/me/dm7/barcodescanner/core/CameraWrapper.java" \\
  && ok "core/src/main/java/me/dm7/barcodescanner/core/CameraWrapper.java" \\
  || miss "missing critical file: core/src/main/java/me/dm7/barcodescanner/core/CameraWrapper.java"
test -f "zbar/src/main/java/me/dm7/barcodescanner/zbar/ZBarScannerView.java" \\
  && ok "zbar/src/main/java/me/dm7/barcodescanner/zbar/ZBarScannerView.java" \\
  || miss "missing critical file: zbar/src/main/java/me/dm7/barcodescanner/zbar/ZBarScannerView.java"
test -f "core/src/main/java/me/dm7/barcodescanner/core/CameraHandlerThread.java" \\
  && ok "core/src/main/java/me/dm7/barcodescanner/core/CameraHandlerThread.java" \\
  || miss "missing critical file: core/src/main/java/me/dm7/barcodescanner/core/CameraHandlerThread.java"
test -f "core/src/main/java/me/dm7/barcodescanner/core/CameraPreview.java" \\
  && ok "core/src/main/java/me/dm7/barcodescanner/core/CameraPreview.java" \\
  || miss "missing critical file: core/src/main/java/me/dm7/barcodescanner/core/CameraPreview.java"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 2167 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~2137d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/dm77/barcodescanner"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

A deprecated Android library providing camera-based barcode scanning views built on top of ZXing and ZBar decoding engines. It wraps low-level barcode detection into drop-in Android View components (ZXingScannerView, ZBarScannerView) that handle camera preview, frame processing, and result callbacks—eliminating boilerplate for developers who need to embed scanning functionality in their Android apps. Multi-module Gradle project: core/ (me.dm7.barcodescanner.core) contains abstract BarcodeScannerView, CameraWrapper, CameraHandlerThread, and ViewFinderView; zbar-sample/ provides example Activity (BaseScannerActivity). Separate ZXing and ZBar implementation modules would exist in full codebase. Core module exposes IViewFinder interface for UI customization.

Android app developers building point-of-sale, inventory, ticketing, or logistics applications who need embedded barcode/QR code scanning without managing raw camera APIs, frame buffers, or barcode algorithm integration themselves.

Archived and unmaintained as of July 1, 2020. The project has 1.9.13 stable release with 127KB of Java code across two main modules (core + zbar-sample), but received no commits after the maintainer decided Google MLKit and modern ZXing libraries superseded it. Production apps using it will work but receive no security updates or Android API level support.

High risk: zero maintenance since 2020 means no compatibility with Android 12+ scoped storage restrictions, no Androidx migration, and no security patch pipeline. Single maintainer (dm77) with no handoff. Last major breaking change in v1.8.4 around camera threading could introduce subtle concurrency bugs. Strongly recommend migrating to Google MLKit Barcode Scanning or newer ZXing wrappers for new projects.

Nothing—project is archived. The README explicitly states it is no longer maintained as of July 2020. No active development, CI, or issue triage.

Clone with git clone https://github.com/dm77/barcodescanner.git and build with ./gradlew build (Gradle wrapper included). For ZXing integration, add implementation 'me.dm7.barcodescanner:zxing:1.9.13' to your app's build.gradle (requires jcenter repository). See core/src/main/java/me/dm7/barcodescanner/core/BarcodeScannerView.java for the base View class.

Daily commands: No 'run' target—this is a library. To test: open zbar-sample/ module in Android Studio, configure an AVD or connect a device with camera, and run the sample app via ./gradlew zbar-sample:installDebug or IDE's Run button.

• core/src/main/java/me/dm7/barcodescanner/core/BarcodeScannerView.java — Core abstract base class for all barcode scanner views; defines the primary interface and lifecycle for camera preview and barcode detection.
• core/src/main/java/me/dm7/barcodescanner/core/CameraWrapper.java — Encapsulates all camera hardware interaction and frame data handling; critical dependency for preview capture.
• zbar/src/main/java/me/dm7/barcodescanner/zbar/ZBarScannerView.java — Primary ZBar implementation extending BarcodeScannerView; delegates barcode decoding to native JNI library.
• core/src/main/java/me/dm7/barcodescanner/core/CameraHandlerThread.java — Manages camera operations on a dedicated background thread to prevent ANR; essential for smooth UI performance.
• core/src/main/java/me/dm7/barcodescanner/core/CameraPreview.java — SurfaceTexture-based preview implementation that feeds frames to the barcode decoder.
• build.gradle — Root build configuration defining version (1.9.13), build tool versions, and repository sources.
• dependencies.gradle — Centralized dependency management for all subprojects; defines ZXing, ZBar, and Android library versions.

Add a custom barcode format filter

1. Check BarcodeFormat enum values in zbar/src/main/java/me/dm7/barcodescanner/zbar/BarcodeFormat.java to identify desired format constant. (zbar/src/main/java/me/dm7/barcodescanner/zbar/BarcodeFormat.java)
2. In your Activity/Fragment, create a List<BarcodeFormat> and pass to setFormats() method on ZBarScannerView instance. (zbar-sample/src/main/java/me/dm7/barcodescanner/zbar/sample/FullScannerActivity.java)
3. Override onPreviewFrame() in your ZBarScannerView subclass if custom pre-processing is needed before format filtering. (zbar/src/main/java/me/dm7/barcodescanner/zbar/ZBarScannerView.java)

Implement a custom ViewFinder overlay

1. Create a class implementing IViewFinder interface from core/src/main/java/me/dm7/barcodescanner/core/IViewFinder.java. (core/src/main/java/me/dm7/barcodescanner/core/IViewFinder.java)
2. Implement setupViewFinder() to extend View and define drawing logic (e.g., custom frame shape, colors). (core/src/main/java/me/dm7/barcodescanner/core/ViewFinderView.java)
3. In your BarcodeScannerView subclass, call setViewFinder(new YourCustomFinder()) in the constructor before layout inflation. (core/src/main/java/me/dm7/barcodescanner/core/BarcodeScannerView.java)

Add scanner as a Fragment in existing Activity

1. Subclass ZBarScannerView if you need custom behavior, or use it directly. Reference SimpleScannerFragment for pattern. (zbar-sample/src/main/java/me/dm7/barcodescanner/zbar/sample/SimpleScannerFragment.java)
2. In Fragment.onCreateView(), inflate a layout containing your ZBarScannerView via addView(), or define in XML and cast it. (zbar-sample/src/main/res/layout/activity_simple_scanner_fragment.xml)
3. Implement ResultHandler callback and call setResultHandler() on the scanner view to receive barcode detections. (zbar-sample/src/main/java/me/dm7/barcodescanner/zbar/sample/BaseScannerActivity.java)
4. Manage camera permissions (API 23+) and call resumeCamera()/pauseCamera() in Fragment lifecycle methods. (zbar-sample/src/main/java/me/dm7/barcodescanner/zbar/sample/FullScannerFragment.java)

Handle preview frame errors and camera failures

1. Override onCameraError() callback in ResultHandler to capture camera access or preview failures. (zbar-sample/src/main/java/me/dm7/barcodescanner/zbar/sample/BaseScannerActivity.java)
2. Check CameraUtils.getCameraInstance() for runtime permission handling and device compatibility checks. (core/src/main/java/me/dm7/barcodescanner/core/CameraUtils.java)
3. In CameraWrapper, inspect error callbacks from Camera.ErrorCallback and SurfaceHolder.Callback methods. (core/src/main/java/me/dm7/barcodescanner/core/CameraWrapper.java)

1. Camera permission requires explicit runtime request on Android 6.0+; code does not enforce this—caller must handle. 2) jcenter repository is sunset; Maven Central mirror required for dependency resolution. 3) No androidx migration—uses deprecated android.support libraries; conflicts with modern AndroidX projects. 4) CameraHandlerThread can deadlock if handleResult() callback is slow or blocks; no timeout or cancellation token. 5) View assumes activity orientation is locked to portrait in ViewFinderView layout math. 6) No proguard/R8 obfuscation config—may break at runtime in minified production builds.

• Camera Preview Frame Callback (Camera1 API) — Core mechanism by which raw YUV camera frames are delivered to barcode decoders; CameraPreview.java chains this callback to CameraHandlerThread and ZXing/ZBar, so understanding frame format (NV21), rotation, and timing is critical
• HandlerThread for Off-Main-Thread Processing — 1.8.4 moved camera frame processing to a dedicated HandlerThread to avoid jank; knowing when callbacks execute on which thread prevents race conditions and ANRs when accessing View state
• View Lifecycle Integration (onResume/onPause camera control) — Scanner View must release camera on pause and reacquire on resume to avoid conflicts and battery drain; the ResultHandler pattern couples barcode results to Activity lifecycle management
• ViewFinder Overlay UI (Canvas drawing on top of camera preview) — ViewFinderView.java uses custom Canvas drawing (onDraw()) to render the scanning box and laser line without blocking camera preview frames; understanding View composition layers prevents UI flicker and dropped frames
• ZXing Multi-Format Barcode Detection — ZXing supports QR codes, UPC, EAN, Code128, Aztec, PDF417, etc. via different BarcodeFormat enums; BarcodeScannerView accepts a set of formats to decode, so understanding which formats consume CPU helps optimize performance
• Camera Orientation & Display Rotation Handling — Camera sensor orientation does not match screen rotation; CameraUtils.java and DisplayUtils.java compute rotation corrections so the preview and barcode coordinates align. Missing this causes inverted/sideways scans
• JNI Bindings to ZBar Native Library — ZBar decoding runs in C via JNI (not visible in Java file list but referenced in zbar-sample); passing YUV frame buffers across Java/native boundary and marshaling results back requires careful memory management and format alignment

• zxing/zxing — Core open-source barcode decoding engine; dm77/barcodescanner wraps this into Android Views but decoding logic originates here
• googlesamples/mlkit — Google's modern replacement for barcode scanning on Android (mentioned in README as the recommended alternative); production apps should migrate here
• journeyapps/zxing-android-embedded — Active third-party Android wrapper around ZXing that superseded dm77/barcodescanner and is still maintained; drop-in alternative if you need a modern ZXing-based scanner
• EsotericSoftware/ZBar — ZBar C barcode decoder library; dm77/barcodescanner provides JNI bindings to this for barcode algorithm alternatives to ZXing
• android/camera-samples — Google's official Camera2 API examples; needed to understand modern camera integration if porting dm77/barcodescanner to Camera2

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add instrumented Android tests for CameraWrapper and CameraPreview classes

The core camera handling logic in core/src/main/java/me/dm7/barcodescanner/core/CameraWrapper.java and CameraPreview.java lacks test coverage. These are critical components that handle camera lifecycle, preview configuration, and frame processing. Adding instrumented tests would catch regressions in camera initialization, preview callbacks, and orientation handling across different Android API levels.

• [ ] Create core/src/androidTest/java/me/dm7/barcodescanner/core/ directory structure
• [ ] Write CameraWrapperTest.java with tests for camera open/release, preview size selection, and parameter configuration
• [ ] Write CameraPreviewTest.java with tests for preview callback setup and frame data handling
• [ ] Add androidTestImplementation dependencies to core/build.gradle (androidx.test.ext:junit, espresso-core)

Add GitHub Actions CI workflow for automated testing and builds

The project has a .github/stale.yml but no CI/CD workflow files. Given this is an archived library still used by developers, adding a GitHub Actions workflow would ensure builds remain valid, catch API compatibility issues with newer Android Gradle plugin versions (currently at 3.3.1, very outdated), and verify the sample apps still compile. This is especially important since the build.gradle uses deprecated jcenter() repository.

• [ ] Create .github/workflows/android-build.yml with matrix testing for API levels 21-33
• [ ] Configure gradle build task to compile core module and zbar-sample
• [ ] Add linting checks using Android Lint (already configured in build.gradle)
• [ ] Document the workflow status in README.md with a badge

Add unit tests for DisplayUtils and CameraUtils utility classes

The utility classes core/src/main/java/me/dm7/barcodescanner/core/DisplayUtils.java and CameraUtils.java contain device-specific calculations (display rotation, camera orientation, preview dimensions) that are error-prone and device-dependent. Unit tests would document expected behavior, catch regressions when Android framework changes are made, and provide examples for contributors on handling orientation/display calculations.

• [ ] Create core/src/test/java/me/dm7/barcodescanner/core/ directory for unit tests
• [ ] Write DisplayUtilsTest.java testing rotation calculations for portrait/landscape/reverse orientations
• [ ] Write CameraUtilsTest.java testing aspect ratio matching and preview size selection logic
• [ ] Add testImplementation dependencies to core/build.gradle (junit, mockito)

• Add comprehensive camera2 support: CameraWrapper.java and CameraPreview.java only wrap deprecated Camera1 API. Create Camera2 subclasses and a factory pattern to auto-detect API level at runtime. (Affects all modern Android devices and is now 8+ years overdue.)
• Write unit tests for CameraHandlerThread frame queueing: No test coverage visible in file list for the critical 1.8.4 concurrency change. Test pause/resume, concurrent handleResult() callbacks, and ANR timeout scenarios.
• Document breaking change in 1.8.4 with migration guide: README mentions resumeCameraPreview() replaces startCamera() but no example activity shows old vs. new pattern side-by-side. Add detailed before/after code snippet.

This project has significant security concerns. Being archived since 2020 with outdated dependencies (Gradle 3.3.1, JCenter, deprecated Bintray), it lacks modern security patches and best practices. The codebase uses unsupported repositories and build tools, contains insecure credential handling in build scripts, and ignores lint errors. The project should not be used for new development. For existing implementations, migrate to actively maintained alternatives like Google MLKit or fork and maintain internally with updated dependencies and security configurations.

• High · Outdated Gradle and Build Tools — build.gradle. The project uses Gradle 3.3.1 (released in 2019) which is significantly outdated. This version contains known security vulnerabilities and lacks modern security features. The Android Gradle Plugin version is also from 2019. Fix: Update to the latest stable Gradle version (8.x+) and Android Gradle Plugin (8.x+). Ensure all build tools are kept current to receive security patches.
• High · Deprecated Repository (JCenter) — build.gradle (repositories section). The project uses JCenter repository which was shutdown by JFrog on May 1, 2021. This repository no longer receives updates and poses dependency resolution and security risks. Fix: Remove JCenter from repositories. Use only Maven Central and Google repositories. Update all build configuration to use current artifact repositories.
• High · Outdated Bintray Plugin — build.gradle (buildscript dependencies). The gradle-bintray-plugin (1.7.3) is deprecated and no longer maintained. Bintray was sunset by JFrog. Using deprecated publishing plugins creates supply chain risks. Fix: Migrate to Maven Central or alternative distribution methods. Remove Bintray-related plugins and update publishing configuration.
• Medium · Insecure Credential Loading — build.gradle (Properties loading section). The build script loads sensitive credentials (bintray.user and bintray.apikey) from local.properties file without validation or encryption. If this file is accidentally committed, credentials will be exposed. Fix: Use Gradle Secret Plugin or environment variables instead of local.properties. Never commit local.properties to version control. Add local.properties to .gitignore.
• Medium · Low Minimum SDK Version — build.gradle (defaultConfig section). The project likely targets minSdkVersion that is quite old (based on the age of the library - archived in 2020). Supporting very old Android versions increases attack surface and limits security patches available. Fix: Review and increase minSdkVersion to at least API 21 (Android 5.0) or higher to ensure access to modern security APIs and eliminate legacy vulnerabilities.
• Medium · Project Archived and Unmaintained — README.md. The project is explicitly marked as archived since July 1, 2020, and no longer receives maintenance or security updates. This means any vulnerabilities found will not be patched. Fix: For new projects, use maintained alternatives like Google's MLKit barcode scanning API or other actively maintained ZXing-based libraries. If using this library, conduct thorough security audits and consider forking/maintaining internally.
• Medium · Lint Errors Ignored — build.gradle (lintOptions section). The build configuration sets 'abortOnError false' for lintOptions, which suppresses potential security and code quality warnings that could indicate vulnerabilities. Fix: Enable lint error checking (abortOnError true) and address all warnings. Use baseline files to manage pre-existing issues while catching new problems.
• Low · Missing Code Obfuscation Configuration — build.gradle (subprojects). No ProGuard/R8 configuration visible in the build files, which means release builds may not have code obfuscation enabled, making reverse engineering easier. Fix: Configure R8/ProGuard with appropriate minification rules. Enable shrinking and obfuscation for release builds.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.