RepoPilotOpen in app →

square/leakcanary

A memory leak detection library for Android.

WAIT

Single-maintainer risk — review before adopting

  • Last commit 6w ago
  • 5 active contributors
  • Apache-2.0 licensed
  • CI configured
  • Tests present
  • Small team — 5 top contributors
  • Single-maintainer risk — top contributor 82% of commits

Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests

Embed this verdict

[![RepoPilot: WAIT](https://repopilot.app/api/badge/square/leakcanary)](https://repopilot.app/r/square/leakcanary)

Paste into your README — the badge live-updates from the latest cached analysis.

Onboarding doc

Onboarding: square/leakcanary

Generated by RepoPilot · 2026-05-05 · Source

Verdict

WAIT — Single-maintainer risk — review before adopting

  • Last commit 6w ago
  • 5 active contributors
  • Apache-2.0 licensed
  • CI configured
  • Tests present
  • ⚠ Small team — 5 top contributors
  • ⚠ Single-maintainer risk — top contributor 82% of commits

<sub>Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests</sub>

TL;DR

LeakCanary is a memory leak detection library specifically designed for Android applications. It automates the process of identifying and reporting memory leaks by providing a snapshot of your app's object graph, enabling developers to track down and fix leaks in their applications effectively. The repository utilizes a modular structure primarily centered around the main LeakCanary library written in Kotlin, with supporting resources and documentation organized within the docs directory. Key configurations, such as detekt for Kotlin static code analysis, are found in config/detekt-config.yml.

Who it's for

Android developers, particularly those focused on performance optimization and memory management, who need an efficient tool to ensure their applications do not suffer from memory leaks that could degrade user experience and application stability.

Maturity & risk

LeakCanary has accumulated over 27,000 stars on GitHub since its inception in 2015, indicating a strong community interest and usage. The repository contains tests and CI setup evident from the presence of GitHub workflows in the .github/workflows directory. The last commits are relatively recent, suggesting it is actively developed and production-ready.

There is a moderate risk due to the number of dependencies (3 notable external libraries listed in the dependencies/config snippet) and the potential absence of comprehensive documentation for every aspect. Additionally, while the issue backlog is manageable, it's essential to monitor open issues for user-reported bugs or feature requests that could impact functionality.

Active areas of work

Recent changes include ongoing discussions in open PRs regarding enhancements and fixing known bugs. Additionally, contributors are actively updating the documentation and improving the developer experience as indicated in the docs/getting_started.md.

Get running

  • git clone https://github.com/square/leakcanary.git
  • cd leakcanary
  • ./gradlew installDebug

Daily commands: To start working with LeakCanary, you can run tests or build the application using the Gradle wrapper: ./gradlew test or ./gradlew assembleDebug.

Map of the codebase

  • README.md — This file contains essential information about LeakCanary, its purpose, and how to get started.
  • leakcanary/leakcanary-android-core/src/main/java/leakcanary/BackgroundThreadHeapAnalyzer.kt — This is a core component responsible for analyzing memory leaks in the application.
  • build.gradle.kts — This file manages project dependencies and build settings.
  • docs/getting_started.md — A comprehensive guide to help new contributors understand how to use LeakCanary.
  • leakcanary/leakcanary-android-core/src/main/java/leakcanary/LeakActivityTest.kt — Contains tests for the LeakActivity, which is crucial for verifying the functionality of the library.

Components & responsibilities

  • LeakAnalyzer (Kotlin) — Analyzes memory leaks found in the Android application.
    • Failure mode: Might miss leaks if not correctly initialized.

Data flow

  • Android AppLeakCanary — The app reports potential memory leaks.
  • LeakCanaryMemory Analyzer — Requests analysis of the reported memory leaks.

How to make changes

Add a New Leak Detection Strategy

  1. Create a new class for the detection strategy. (leakcanary/leakcanary-android-core/src/main/java/leakcanary/NewLeakDetectionStrategy.kt)
  2. Implement the required methods. (leakcanary/leakcanary-android-core/src/main/java/leakcanary/NewLeakDetectionStrategy.kt)
  3. Update the analyzer to include the new strategy. (leakcanary/leakcanary-android-core/src/main/java/leakcanary/BackgroundThreadHeapAnalyzer.kt)

Update Documentation

  1. Edit the relevant documentation to reflect changes. (docs/getting_started.md)
  2. Add a new section if necessary. (docs/getting_started.md)

Why these technologies

  • Kotlin — Maintains concise code with strong null safety features.
  • Gradle — Efficient dependency management and build automation.

Trade-offs already made

  • Using a heavy memory analysis tool.
    • Why: Provides detailed insights.
    • Consequence: Increases app overhead and can slow down performance.

Non-goals (don't propose these)

  • Support platforms other than Android
  • Real-time leak detection without user interaction

Code metrics

  • Avg cyclomatic complexity: ~5 — Moderately complex due to various interaction patterns.
  • Largest file: leakcanary/leakcanary-android-core/src/main/java/leakcanary/BackgroundThreadHeapAnalyzer.kt (200 lines)
  • Estimated quality issues: ~3 — Identified by static analysis tools as code style inconsistencies.

Anti-patterns to avoid

  • Direct Context Usage (High)leakcanary/leakcanary-android-core/src/main/java/leakcanary/BackgroundThreadHeapAnalyzer.kt: Using the context directly in non-static inner classes can lead to memory leaks.

Performance hotspots

  • leakcanary/leakcanary-android-core/src/main/java/leakcanary/BackgroundThreadHeapAnalyzer.kt (Performance) — Heavy processing on the main thread could slow down the application responsiveness.

Traps & gotchas

Ensure you have the required SDK versions set in your local development environment as specified in the build.gradle.kts; missing these can lead to build failures. Additionally, be aware that specific configurations might be required in your AndroidManifest to fully leverage LeakCanary's features.

Architecture

Concepts to learn

  • Object Graph — Understanding how LeakCanary analyzes the object graph of an app helps diagnose memory retention issues.
  • Weak References — LeakCanary heavily utilizes weak references to prevent memory leaks; knowing them is vital for efficient memory management.
  • Android Lifecycle — Awareness of Android lifecycle events is crucial for understanding when to check for memory leaks in your application.

Related repos

  • leakcanary/leakcanary-watcher — This is a companion library that provides additional capabilities for LeakCanary.
  • bumptech/glide — A similar performance-oriented library for image loading that also focuses on memory management.
  • androidx/room — This is a database library that can be used with LeakCanary to ensure efficient memory usage when caching data.
  • square/okhttp — An HTTP client that developers using LeakCanary may find useful when optimizing network requests in their apps.

PR ideas

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for heap dump analysis

Unit tests for heap dump analysis can help ensure that the memory leak detection functionalities are working correctly. This will improve the reliability of the library.

  • [ ] Create a new test file in src/test/java/... for heap dump analysis.
  • [ ] Implement tests for various heap dump scenarios based on existing methods in the heap dump analysis classes.
  • [ ] Run tests and ensure they cover edge cases and expected outcomes.

Add CI workflow for running tests on pull requests

Currently, there isn't a clear workflow defined for running automated tests on pull requests. Setting up a CI workflow will help maintain code quality and catch issues early.

  • [ ] Create a new GitHub Actions workflow file in .github/workflows/ named ci.yml.
  • [ ] Configure the workflow to run all unit tests when a pull request is created or updated.
  • [ ] Ensure the workflow triggers on specified events and outputs results to the pull request.

Enhance documentation for heap monitoring features

The documentation for how LeakCanary detects and displays heap monitoring results can be expanded to help users understand its functionality better.

  • [ ] Update docs/fundamentals-how-leakcanary-works.md to include more details on heap monitoring.
  • [ ] Add examples or use cases to demonstrate how to interpret heap monitoring results.
  • [ ] Link to the updated sections from the main README or add a dedicated section for heap monitoring.

Good first issues

  • Add additional tests for memory leak detection methods within the leakcanary library.
  • Update outdated references in the documentation found in docs/how_to_help.md.
  • Create more visual assets for the documentation to better illustrate usage examples.

Top contributors

Recent commits

  • 0f9b924 — Merge pull request #2732 from FranAguilera/franjam/fix_broadcast_receiver_anr (pyricau)
  • e7f9963 — Merge pull request #2806 from blundell/update-min-sdk-to-api-21 (pyricau)
  • 2cbdce2 — Remove obsolete AndroidLeakFixes after minimum SDK upgrade (blundell)
  • 6f79d22 — Fix ObsoleteSdkInt lint errors after API 26 upgrade (blundell)
  • 0cbefba — Merge pull request #2736 from square/py/strip_more (pyricau)
  • a6b2310 — HprofPrimitiveArrayStripper: fix bugs, add StreamingSinkProvider (pyricau)
  • 6885e68 — Update minimum SDK to API 26 (Android 8.0 Oreo) (blundell)
  • c1b9efe — Update minimum SDK to API 21 (Android 5.0 Lollipop) (blundell)
  • c2ddc5a — Merge pull request #2737 from jjliu15/reference_matchers_mnextservedview (pyricau)
  • a6d2b6b — Merge pull request #2799 from blundell/fix-instru-tests (pyricau)

Security observations

The security posture of the LeakCanary codebase is moderate. While there are no critical vulnerabilities detected, attention should be given to dependency management and best practices to protect configuration data.

  • Medium · Insecure Dependency Versions — requirements.txt. The dependencies 'mkdocs' and 'mkdocs-material' might have known vulnerabilities in the specified versions. It's crucial to regularly check dependencies for any reported vulnerabilities and update to stable, secure versions. Fix: Check the security advisories for 'mkdocs' and 'mkdocs-material'. Update to the latest stable versions that address known vulnerabilities.
  • Low · License File Publicly Accessible — LICENSE.txt. The LICENSE.txt file is exposed in the repository. While not a direct vulnerability, sensitive project information could be misused or lead to misunderstandings about licensing. Fix: Review and ensure that exposing the license details aligns with the project or organizational security policy.
  • Low · Potential Configuration Misconfigurations — config/detekt-config.yml, gradle/wrapper/gradle-wrapper.properties. Configuration files such as detekt-config and gradle-wrapper.properties are publicly accessible, which might expose sensitive configuration options. Fix: Ensure that sensitive values are kept private and not included in version-controlled files; use environment variables or secrets management tools.

LLM-derived; treat as a starting point, not a security audit.

Where to read next

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.