# Install jscpd with Homebrew

Copy/paste detector for programming source code. Version 5.0.11 via Homebrew; verified 2026-06-20.

## Install

```sh
sudo av install brew:jscpd
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install jscpd
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:jscpd
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/jscpd>
- **Version:** 5.0.11
- **Source summary:** Copy/paste detector for programming source code
- **Homepage:** <https://jscpd.dev/>
- **Repository:** <https://github.com/kucherenko/jscpd>
- **Upstream docs:** <https://github.com/kucherenko/jscpd#readme>
- **License:** MIT
- **Source archive:** <https://github.com/kucherenko/jscpd/archive/refs/tags/v5.0.11.tar.gz>
- **Last updated:** 2026-06-20T09:34:07Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- jscpd (cli)
- jscpd (alias)

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 5.0.11
- Package-manager updated: 2026-06-20
- Local data: ok
- Upstream repository: https://github.com/kucherenko/jscpd
- Upstream latest detected: v5.0.11 (current)
## Project history and usage

jscpd is a copy/paste detector for source code. It scans files for duplicated token sequences, reports clones in multiple formats, and is used as a code-quality gate in local development and CI.

### Project history

The GitHub repository was created in May 2013, and the npm package history begins in June 2013. The name originally stood for JavaScript Copy/Paste Detector, but the project expanded well beyond JavaScript into a broad multi-language duplicate-code scanner.

The README describes the detection engine as Rabin-Karp based. By 2026 the project documentation described support for more than 220 formats, multiple reporters, GitHub Action integration, an MCP server, AI-oriented reporter output, and a Rust-powered v5 engine.

### Adoption history

jscpd gained adoption as a lightweight alternative to heavier static-analysis suites for teams that wanted to fail builds or generate reports when duplication crossed a threshold. The npm package had a long 0.x to 4.x TypeScript/Node.js history before the 5.x Rust-native release line appeared in June 2026.

Homebrew packages jscpd as a CLI, npm distributes it for JavaScript toolchains, and the project site promotes curl, npm, cargo, brew, and nix installation paths. That multi-channel distribution matches its role as a language-agnostic source-code utility.

### How it is used

Developers run jscpd against a repository or source directory, tune thresholds and ignore patterns through configuration such as .jscpd.json, and consume terminal, JSON, HTML, badge, CI, or AI-oriented reports.

### Why package nerds care

jscpd is notable because duplicate-code detection sits between linting, static analysis, and build policy. The 2026 Rust rewrite also makes it a packaging case study: a Node-era CLI kept its ecosystem-facing package names while shifting core performance-sensitive work into a native binary.

### Timeline

- 2013: GitHub repository and npm package history began.
- 2018: jscpd 1.0.0 was published after years of 0.x releases.
- 2020: jscpd 3.x releases continued the Node.js/TypeScript era.
- 2024: jscpd 4.0.0 was published on npm.
- 2026: jscpd 4.2.x and 5.0.x releases appeared, with project docs presenting v5 as a Rust-powered rewrite.

### Related projects

- Related projects include PMD CPD, Simian, SonarQube duplication detection, MegaLinter's jscpd integration, and jscpd's own GitHub Action and MCP server packages.

### Sources

- <https://formulae.brew.sh/formula/jscpd>
- <https://github.com/kucherenko/jscpd>
- <https://github.com/kucherenko/jscpd/releases>
- <https://jscpd.dev/>
- <https://registry.npmjs.org/jscpd>
- <https://www.npmjs.com/package/jscpd>


## Security Notes

No matching local secret-handling manifest was found for jscpd. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .jscpd.json
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** jscpd
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [Developer build packages](https://www.automicvault.com/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [typos-cli](https://www.automicvault.com/pkg/brew/typos-cli/) - Shares av.db curated category or tags: cli, code-quality, developer-tools, source-code.
- [addlicense](https://www.automicvault.com/pkg/brew/addlicense/) - Shares av.db curated category or tags: cli, code-quality, developer-tools, source-code.
- [codelimit](https://www.automicvault.com/pkg/brew/codelimit/) - Shares av.db curated category or tags: cli, code-quality, developer-tools.
- [precious](https://www.automicvault.com/pkg/brew/precious/) - Shares av.db curated category or tags: cli, code-quality, developer-tools.
- [prek](https://www.automicvault.com/pkg/brew/prek/) - Shares av.db curated category or tags: cli, code-quality, developer-tools.
- [sonar-scanner](https://www.automicvault.com/pkg/brew/sonar-scanner/) - Shares av.db curated category or tags: cli, code-quality, developer-tools.
- [tagref](https://www.automicvault.com/pkg/brew/tagref/) - Shares av.db curated category or tags: cli, code-quality, developer-tools.
- [hawkeye](https://www.automicvault.com/pkg/brew/hawkeye/) - Shares av.db curated category or tags: cli, code-quality, developer-tools.
- [jscpd](https://www.automicvault.com/pkg/npm/jscpd/) - Same normalized package name appears in another local ecosystem. Shared terms: code, copy, detector, duplicate, duplication.
- [jscpd](https://www.automicvault.com/pkg/npm/jscpd/) - Same normalized package name in another local ecosystem.

## Combined YAML source

View the package source record on GitHub. [combined/jscpd.yml](https://github.com/automic-vault/db/blob/main/combined/jscpd.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
