A blazing-fast Rust CLI that scans your JS/TS/React codebase for best practices, quality, security, performance, accessibility, and Next.js issues.
$ npm install -g react-auditor
$ cargo install react-auditor
$ brew install react-auditor
$ docker run ghcr.io/chesteralan/react-auditor src/
Install from marketplace
uses: ./.github/actions/react-auditor
No unused vars, no shadowing, consistent returns, complexity caps, no console, no empty blocks, no var, max params, no long functions, prefer early return, no commented code, no deep nesting, no magic numbers.
13 rulesHooks rules, missing keys, inline styles, effect deps, direct mutation, duplicate props, component naming, index keys, inline functions, function components, unnecessary memo, multiple render methods, side effects in render, setState in effect/render, ref in component name, no forwardRef.
17 rulesNo any, no non-null assertions, no type assertions, no empty interfaces, consistent type imports, explicit return types, strict null checks, prefer interface, no explicit any.
9 rulesNo eval, no dangerouslySetInnerHTML, no hardcoded secrets, no script URLs, no unsanitized input, no insecure protocols, no unsafe iframes.
7 rulesimg alt, button type, label associations, valid ARIA, heading levels, link/button content, no ambiguous labels, tabindex no positive, click events have key events, html has lang, no autofocus.
11 rulesPrefer fragments, no bind in JSX, lazy loading, no heavy computation in render, no large libraries.
5 rulesUse Image instead of img, Script instead of script, Link instead of a, Head instead of head, async scripts.
5 rules# Scan with default settings $ react-auditor # Output as JSON $ react-auditor src/ --format json # Run specific categories $ react-auditor --rules react,typescript,security # Auto-fix where supported $ react-auditor --fix # Fail CI on errors only $ react-auditor --fail-on error # Watch mode $ react-auditor -W # Write JSON log $ react-auditor --log audit.json
Add to your package.json for automatic linting on every commit:
{
"lint-staged": {
"*.{js,jsx,ts,tsx}": [
"react-auditor --quiet --max-warnings 0"
]
}
}
Create .rauditrc.toml in your project root:
# Enable/disable rules per severity "no-console" = "warning" "no-var" = "error" "no-magic-numbers" = "off" # Workspace roots and per-file-type overrides workspaces = ["packages/*"] [file_types] # Disable TS rules in .jsx files ".jsx" = { "no-explicit-any" = "off" }