Automic VaultAutomic Vault

brew

Install jscpd with Homebrew

Copy/paste detector for programming source code. Version 5.0.11 via Homebrew; verified 2026-06-20.

install

Additional install commands

macOS

Homebrewverified ยท 100%
brew install jscpd

local Homebrew formula metadata

overview

Package summary

Copy/paste detector for programming source code

Commands and aliases

  • jscpd

history

Project history and usage

jscpd is a copy/paste detector for source code. It scans files for duplicated token sequences, reports clones in multiple formats, and is used as a code-quality gate in local development and CI.

Project history

The GitHub repository was created in May 2013, and the npm package history begins in June 2013. The name originally stood for JavaScript Copy/Paste Detector, but the project expanded well beyond JavaScript into a broad multi-language duplicate-code scanner.

The README describes the detection engine as Rabin-Karp based. By 2026 the project documentation described support for more than 220 formats, multiple reporters, GitHub Action integration, an MCP server, AI-oriented reporter output, and a Rust-powered v5 engine.

Adoption history

jscpd gained adoption as a lightweight alternative to heavier static-analysis suites for teams that wanted to fail builds or generate reports when duplication crossed a threshold. The npm package had a long 0.x to 4.x TypeScript/Node.js history before the 5.x Rust-native release line appeared in June 2026.

Homebrew packages jscpd as a CLI, npm distributes it for JavaScript toolchains, and the project site promotes curl, npm, cargo, brew, and nix installation paths. That multi-channel distribution matches its role as a language-agnostic source-code utility.

How it is used

Developers run jscpd against a repository or source directory, tune thresholds and ignore patterns through configuration such as .jscpd.json, and consume terminal, JSON, HTML, badge, CI, or AI-oriented reports.

Why package nerds care

jscpd is notable because duplicate-code detection sits between linting, static analysis, and build policy. The 2026 Rust rewrite also makes it a packaging case study: a Node-era CLI kept its ecosystem-facing package names while shifting core performance-sensitive work into a native binary.

Timeline

  • 2013: GitHub repository and npm package history began.
  • 2018: jscpd 1.0.0 was published after years of 0.x releases.
  • 2020: jscpd 3.x releases continued the Node.js/TypeScript era.
  • 2024: jscpd 4.0.0 was published on npm.
  • 2026: jscpd 4.2.x and 5.0.x releases appeared, with project docs presenting v5 as a Rust-powered rewrite.

Related projects

  • Related projects include PMD CPD, Simian, SonarQube duplication detection, MegaLinter's jscpd integration, and jscpd's own GitHub Action and MCP server packages.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for jscpd. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.jscpd.json

executables

Installed executables

CommandKindExposureNote
jscpdcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version5.0.11
manager updated2026-06-20
local dataok
upstreamcurrent
latest detectedv5.0.11

https://github.com/kucherenko/jscpd

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:jscpd
Version5.0.11
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/jscpd
Homepagehttps://jscpd.dev/
Repositoryhttps://github.com/kucherenko/jscpd
Upstream docshttps://github.com/kucherenko/jscpd#readme
LicenseMIT
Source archivehttps://github.com/kucherenko/jscpd/archive/refs/tags/v5.0.11.tar.gz
Last updated2026-06-20T09:34:07Z
Pulseupdated
Build dependenciesrust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namejscpd
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment