react-auditor

A blazing-fast Rust CLI that scans your JS/TS/React codebase for best practices, quality, security, performance, accessibility, and Next.js issues.

67 rules Rust + oxc 0.138 MIT license ~138us / 1k LOC 6 platforms

Install

npm
$ npm install -g react-auditor
Cargo
$ cargo install react-auditor
Homebrew
$ brew install react-auditor
Docker
$ docker run ghcr.io/chesteralan/react-auditor src/
VS Code
Install from marketplace
GitHub Action
uses: ./.github/actions/react-auditor

Key Features

Rule Categories (67 rules total)

Code Quality

No unused vars, no shadowing, consistent returns, complexity caps, no console, no empty blocks, no var, max params, no long functions, prefer early return, no commented code, no deep nesting, no magic numbers.

13 rules

React

Hooks rules, missing keys, inline styles, effect deps, direct mutation, duplicate props, component naming, index keys, inline functions, function components, unnecessary memo, multiple render methods, side effects in render, setState in effect/render, ref in component name, no forwardRef.

17 rules

TypeScript

No any, no non-null assertions, no type assertions, no empty interfaces, consistent type imports, explicit return types, strict null checks, prefer interface, no explicit any.

9 rules

Security

No eval, no dangerouslySetInnerHTML, no hardcoded secrets, no script URLs, no unsanitized input, no insecure protocols, no unsafe iframes.

7 rules

Accessibility

img alt, button type, label associations, valid ARIA, heading levels, link/button content, no ambiguous labels, tabindex no positive, click events have key events, html has lang, no autofocus.

11 rules

Performance

Prefer fragments, no bind in JSX, lazy loading, no heavy computation in render, no large libraries.

5 rules

Next.js

Use Image instead of img, Script instead of script, Link instead of a, Head instead of head, async scripts.

5 rules

Usage

# Scan with default settings
$ react-auditor

# Output as JSON
$ react-auditor src/ --format json

# Run specific categories
$ react-auditor --rules react,typescript,security

# Auto-fix where supported
$ react-auditor --fix

# Fail CI on errors only
$ react-auditor --fail-on error

# Watch mode
$ react-auditor -W

# Write JSON log
$ react-auditor --log audit.json

Pre-commit Integration

Add to your package.json for automatic linting on every commit:

{
  "lint-staged": {
    "*.{js,jsx,ts,tsx}": [
      "react-auditor --quiet --max-warnings 0"
    ]
  }
}

Configuration

Create .rauditrc.toml in your project root:

# Enable/disable rules per severity
"no-console" = "warning"
"no-var" = "error"
"no-magic-numbers" = "off"

# Workspace roots and per-file-type overrides
workspaces = ["packages/*"]

[file_types]
# Disable TS rules in .jsx files
".jsx" = { "no-explicit-any" = "off" }