# jscpd

By **kucherenko** · Software & Tools

jscpd is an open-source copy/paste detector for 223+ languages, with a Rust-powered v5 engine that is 24-37x faster and AI-ready out of the box.

- Source: https://jscpd.dev/
- Repository: https://github.com/kucherenko/jscpd
- Install: `npx jscpd`
- Tags: cli, open-source, rust, code-quality, linting, ci-cd, ai-ready, duplicate-detection
- Pricing: free
- Upvotes: 1

## Features

- Duplicate code detection across 223+ languages via Rabin-Karp token matching
- Rust-powered v5 engine: 24-37x faster than Node.js v4, no runtime required
- Cross-format detection: Vue SFC, Svelte, Astro, and Markdown tokenized per block
- 13 output reporters including HTML, JSON, SARIF, badge, and AI-compact
- AI reporter emits ~79% fewer tokens than default, optimized for LLM pipelines
- MCP server for direct integration with Claude and other AI assistants
- Installable agent skills for automated detection and DRY refactoring workflows
- CI/CD threshold flag and GitHub Action support with SARIF code scanning output

---

## Why it matters
Duplicated code is where the same bug lives twice. jscpd surfaces copy/paste debt across an entire codebase in one command, giving teams a concrete, measurable signal to act on before technical debt compounds.

## The big picture
jscpd has been detecting code duplication since 2013. Version 5, released in 2026, is a ground-up Rust rewrite that ships as a self-contained binary with no Node.js runtime required. The same `.jscpd.json` config and CLI flags from v4 work unchanged, making it a drop-in upgrade.

## How it works
jscpd implements the Rabin-Karp algorithm to find matching token sequences across files. It tokenizes source code per language (and per block for Vue SFC, Svelte, Astro, and Markdown), then compares blocks against configurable minimums: 50 tokens and 5 lines by default. A `<script>` block in a `.vue` file can match a plain `.ts` file, catching cross-format duplication that simpler tools miss.

## By the numbers
Per the README benchmarks on Apple Silicon, v5 scans 548 files in 0.03s (v4: 1.03s, 34x speedup), 9K Svelte files in 0.43s (v4: 15.8s, 37x speedup), and the 17K-file CopilotKit repo in 3.44s (v4: 82.89s, 24x speedup). The npm package pulls 1.2M weekly downloads and lists 84 dependents. GitHub Super Linter, Codacy, and MegaLinter all bundle jscpd as their copy/paste detection engine, per the README.

## Zoom in
Three AI-facing features make jscpd usable inside agentic workflows. The `--reporters ai` flag emits compact output that uses roughly 79% fewer tokens than the default console reporter, suitable for piping directly into an LLM. An MCP server lets Claude and similar assistants call jscpd directly via the Model Context Protocol. Two installable agent skills teach a coding assistant how to invoke jscpd and execute a guided DRY refactoring workflow.

## Yes, but
v5 trades some v4 features for speed. LevelDB and Redis persistent stores are v4-only, as is the Node.js programmatic API (`jscpd()`, `detectClones()`). Teams that need those should stay on v4, which still receives updates (v4.2.x added 70+ new formats and cross-format detection).

## The bottom line
If you need fast, language-agnostic duplicate detection that plugs into CI, feeds an LLM, or runs inside an AI agent, jscpd v5 is the most capable single tool for the job. Run `jscpd . --threshold 10` in CI and let the build fail before duplicated bugs multiply.

## FAQ

### What is jscpd and what problem does it solve?

jscpd is an open-source copy/paste detector that finds duplicated code blocks across source files in 223+ languages. It implements the Rabin-Karp algorithm to compare tokenized code segments, reporting the exact file locations, line ranges, and token counts for every clone it finds. The tool exists because duplicated code means the same bug can appear in multiple places, and jscpd gives teams a measurable, automatable way to track and reduce that risk.

### How do I install and run jscpd v5?

The fastest install is `npm install -g jscpd` (installs both `jscpd` and `cpd` commands) or `cargo install jscpd` for the Rust-native install. You can also use the universal installer: `curl -fsSL https://jscpd.dev/install.sh | bash`. Once installed, run `jscpd ./src` to scan a directory; add `--reporters html,json` for report files, or `--threshold 10` to fail CI when duplication exceeds 10%. The v5 binary is self-contained and requires no Node.js runtime.

### Is jscpd free and open source?

Yes, jscpd is released under the MIT license and is fully free to use. The source is on GitHub at kucherenko/jscpd. The project accepts optional sponsorship via OpenCollective, but there are no paid tiers or commercial licenses.

### What is jscpd best suited for?

jscpd is best for teams that want a fast, CI-integrated gate on copy/paste debt across large or polyglot codebases. Its cross-format detection catches duplication between Vue SFC script blocks and plain TypeScript files, which most linters miss. The AI reporter and MCP server make it equally useful inside agentic coding workflows where an LLM needs structured clone data to drive refactoring.

### How does jscpd v5 compare to v4, and when should I stick with v4?

v5 is a Rust rewrite that is 24-37x faster than v4 across all codebase sizes, ships as a self-contained binary, and adds git blame and an AI-optimized reporter. The trade-off is that v5 drops the Node.js programmatic API (`jscpd()`, `detectClones()`) and LevelDB/Redis persistent stores. If your workflow depends on programmatic Node.js usage or distributed caching, stay on v4; for everything else, v5 is the drop-in upgrade with the same CLI flags and config file.

### What are jscpd's main limitations?

jscpd detects duplication at the token level, not the AST or semantic level, so structurally different but logically equivalent code may not be flagged. The v5 Rust engine does not yet support LevelDB or Redis stores, which affects parallel CI runs that rely on a shared cache. Benchmarks in the README were run on Apple Silicon, so performance on other platforms may vary. Finally, cross-format detection (Vue, Svelte, Astro, Markdown) requires that the file types are in the supported formats list, which you can verify with `jscpd --list`.

---
[View on Analog](https://analoghq.ai/kucherenko/software-tools/jscpd)