What Is a Single Point of Failure?

SPOFs are the most dangerous form of architectural risk because they concentrate failure impact into a single point. A codebase with 500 files may have 5 files that, if corrupted, broken, or incorrectly modified, would cascade failures through 100+ other files. Those 5 files represent 1% of the codebase and 20% of the risk.

The danger of SPOFs is compounded by their invisibility. Without graph analysis, a file's SPOF status is not apparent from reading its code. A utility module that exports a dozen helper functions may appear simple, but if 80% of the codebase imports it, it is architecturally critical.

SPOFs also represent personnel risk. If only one developer understands a SPOF file, the combination of code-level and knowledge-level single points of failure creates compound fragility.

SPOF detection operates on the dependency graph of a codebase. The graph is constructed by parsing every file's import/require/include statements and resolving them to their target files. Each file becomes a node; each dependency becomes a directed edge.

Once the graph is constructed, centrality algorithms identify nodes with disproportionate influence. In-degree centrality measures how many other files depend on a given file. PageRank measures transitive importance — a file depended on by other important files scores higher. Betweenness centrality measures how often a file appears on the shortest path between other files, indicating bridge or bottleneck status.

Files that score in the top percentiles across multiple centrality metrics are flagged as SPOFs. The blast radius calculation then determines how many files would be affected if the SPOF were modified or broken, providing a concrete impact measurement.