Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
5.9k
Stars
245
Forks
44
Open issues
30
Contributors
AI Analysis
jscpd is a copy-paste detector for source code that supports 223+ programming formats and uses the Rabin-Karp algorithm to identify code duplication. It excels as a code quality tool for teams and CI/CD pipelines seeking to enforce the DRY principle, with added AI-ready capabilities including token-efficient reporting and MCP server support. Best suited for development teams managing medium-to-large codebases; less relevant for single-file scripts or projects where code reuse is intentional.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
jscpd: battle-tested copy/paste detector for 224 languages, now with a Rust engine 24-37x faster and MCP/AI support
jscpd detects duplicated code blocks across source files using the Rabin-Karp rolling hash algorithm. It targets developers, CI pipelines, and code quality teams who want to measure and reduce copy/paste debt across large multilanguage codebases. The project has existed since 2013, accumulated nearly 6k GitHub stars, ships on npm with documented downloads, and now offers a Rust-based v5 engine alongside the original TypeScript v4. Recent additions of an AI reporter, MCP server, and token-efficient output position it for LLM-assisted code review workflows. It is mature, actively maintained, and broadly accessible via npm, cargo, Homebrew, and Nix.
Created in May 2013 as a Node.js/TypeScript tool, jscpd has evolved from a single-language linter into a multilanguage monorepo covering 224 formats. A major architectural shift arrived with v5, which replaced the Node.js engine with a self-contained Rust binary claiming 24-37x performance gains.
Early growth came from CI integration and npm discoverability. A long tail of steady adoption followed as the format list expanded from ~150 to 224. The Rust rewrite (v5) and AI/MCP features added in 2025-2026 appear to have renewed interest, reflected in continued star accumulation (~25/week as of late June 2026) and a very recent last push (2026-06-26). Growth is slow and steady rather than viral, consistent with a developer tooling niche.
The npm badge links to npmjs.com where download counts are publicly visible, but exact figures are not reproduced in the README excerpt. The presence of a GitHub Action, pre-commit hook integration, Homebrew formula, and Nix flake suggests real-world CI use. The Crates.io badge confirms publication on the Rust registry. Adoption not verified at large-scale enterprise level from available metadata, but npmjs download history would be the authoritative source.
Appears to be a TypeScript monorepo (apps + packages structure) with a parallel Rust crate for v5. The core detection algorithm is Rabin-Karp tokenization; v4 uses a custom tokenizer replacing prismjs, while v5 ships as a prebuilt binary for 6 platforms. The MCP server and REST API are separate packages. Likely uses worker-based parallelism in v5 for tokenization and detection. Architecture separation between core, finder, tokenizer, and CLI packages suggests deliberate modularity.
CI badge is present (GitHub Actions workflow 'jscpd CI') suggesting automated testing exists, but specific coverage metrics are not documented in the README.
Last push was 2026-06-26, two days before the evaluation date — effectively current. The README documents detailed changelogs for both v4.2.x and v5.0.x with specific bug fixes and feature additions, indicating active, disciplined maintenance. The project has been maintained for over 13 years with no apparent extended dormancy.
ADOPT IF: you need a language-agnostic, CI-friendly duplicate code detector for a multilanguage codebase or want to feed duplication reports into LLM/AI workflows via the MCP server or AI reporter. AVOID IF: you need deep semantic clone detection (jscpd is token/hash-based, not AST-semantic), or you are already using SonarQube and don't need a separate tool. MONITOR IF: you are evaluating the v5 Rust engine for large-scale performance-critical pipelines — it is new and the LevelDB store and Node.js API are not yet ported.
Independent dimensions
Mainstream potential
4/10
Technical importance
7/10
Adoption evidence
5/10
- v5 Rust engine is missing LevelDB/Redis store and Node.js programmatic API, creating a feature gap for users who depend on those v4 capabilities — migration path is incomplete.
- The 24-37x speed claim for the Rust engine is self-reported in the README without third-party benchmarks; real-world gains may vary depending on codebase characteristics.
- Token/hash-based detection produces false positives on boilerplate-heavy code (e.g., generated files, license headers) without careful configuration of thresholds and ignore patterns.
- Maintenance has historically been concentrated on a single primary maintainer (kucherenko), which is a bus-factor risk for a 13-year-old project — no evidence of a broader core team from available metadata.
- The MCP server and AI features are recent additions; their stability and suitability for production LLM pipelines is not yet established from public evidence.
jscpd is likely to maintain its niche as the go-to multilanguage CPD tool for JavaScript/TypeScript ecosystems. The Rust engine and MCP/AI reporter may attract new users from AI-assisted development workflows, but mainstream dominance beyond its existing niche appears unlikely.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Website
- https://jscpd.dev/
- Language
- TypeScript
- License
- MIT
- Last updated
- 8h ago
- Created
- 160mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
cross-format duplicate detection for related languages (e.g. JavaScript ↔ TypeScript)
Add support for Codex for Skill install
jscpd doesn't handle naughty strings correctly (part 2)
Endless loop when using import way
Top contributors
Similar repos
Houseofmvps/codesight
Codesight is an AI context generator that creates optimized project summaries...
DeusData/codebase-memory-mcp
A high-performance code intelligence MCP server that indexes entire codebases...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
5.9k | +34 | TypeScript | 8/10 | 8h ago |
|
|
8.3k | — | Rust | 8/10 | 8h ago |
|
|
1.2k | — | TypeScript | 8/10 | 3d ago |
|
|
29.3k | — | C | 8/10 | 13h ago |
|
|
1.9k | — | Java | 8/10 | 1d ago |
|
|
3.1k | — | TypeScript | 8/10 | 2w ago |
SonarQube includes CPD as one feature inside a broader static analysis platform. jscpd is a standalone, focused tool — easier to integrate selectively without adopting a full platform, and covers more language formats. jscpd is open source MIT with no required server component.
PMD's Copy/Paste Detector is the closest historical equivalent; it is Java-based and focuses on JVM-adjacent languages. jscpd covers far more formats (224 vs ~30 for PMD CPD) and integrates more naturally into JavaScript/TypeScript ecosystems. PMD CPD remains more established in Java CI pipelines.
Simian is a commercial similarity analyzer with broad language support but requires a paid license for most uses. jscpd is fully MIT-licensed and free, making it more accessible for open source projects and startups.
Listed as a similar repo, but that project appears focused on MCP-based codebase indexing for AI agents rather than duplicate detection. The overlap is only the MCP server surface; jscpd's core problem domain is distinct.
ESLint plugins can detect some pattern duplication but are language-specific and rule-driven, not hash-based. jscpd's Rabin-Karp approach detects structural duplication across files and languages that linting rules would miss, but jscpd does not replace linters for correctness checking.