Why this exists

Every codebase older than eighteen months is a graveyard of fossilized conventional wisdom. A retry loop someone copied from a 2014 blog post. A defensive null check that protects against a bug that was patched two major versions ago. A regex that handles an edge case nobody can name. The patterns persist because removing them feels reckless — the code works, doesn't it? — but nobody can actually explain what they do, only that they were there when they got here. Cargo cult code is the dark matter of software: invisible, load-bearing, and impossible to refactor until you can name it.

What you get back

  • A ranked list of cargo-culted patterns with specific file:line references, so the audit lands as a checklist instead of a vibe.
  • A danger score per pattern with explicit justification — what assumption it depends on, how that assumption could shift, and what the silent failure looks like when it does.
  • A long-form origin essay for the worst offender, tracing the pattern back to the Stack Overflow thread, conference talk, or framework idiom it probably drifted out of, and explaining why the original context no longer applies here.

When to reach for this pattern

Run it on day one of onboarding to a legacy codebase, when you still have permission to ask dumb questions and the political capital to flag what looks weird. Run it as pre-refactor reconnaissance, before you touch a module everyone calls "the haunted one," so you go in with a map instead of a flashlight. Run it during incident retros on outages where the postmortem reads "we don't know why it broke" — because that sentence almost always means a fossilized assumption finally shifted, and the cargo-cult detector is the fastest way to find which one.