kucherenko

kucherenko/jscpd

TypeScript MIT Dev Tools

Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.

5.9k stars
245 forks
active
GitHub +34 / week

5.9k

Stars

245

Forks

44

Open issues

30

Contributors

v5.0.12 08 Jul 2026

AI Analysis

jscpd is a copy-paste detector for source code that supports 223+ programming formats and uses the Rabin-Karp algorithm to identify code duplication. It excels as a code quality tool for teams and CI/CD pipelines seeking to enforce the DRY principle, with added AI-ready capabilities including token-efficient reporting and MCP server support. Best suited for development teams managing medium-to-large codebases; less relevant for single-file scripts or projects where code reuse is intentional.

Dev Tools Developer Tool Discovery value: 5/10
Documentation 8/10
Activity 9/10
Community 8/10
Code quality 7/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 8/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

copy-paste-detection code-quality mcp-server dry-principle duplication-analysis
Actively maintained Well documented MIT licensed Niche/specialized use case Beginner friendly Production ready
Deep Analysis · Based on README and public signals
2w ago

jscpd: battle-tested copy/paste detector for 224 languages, now with a Rust engine 24-37x faster and MCP/AI support

jscpd detects duplicated code blocks across source files using the Rabin-Karp rolling hash algorithm. It targets developers, CI pipelines, and code quality teams who want to measure and reduce copy/paste debt across large multilanguage codebases. The project has existed since 2013, accumulated nearly 6k GitHub stars, ships on npm with documented downloads, and now offers a Rust-based v5 engine alongside the original TypeScript v4. Recent additions of an AI reporter, MCP server, and token-efficient output position it for LLM-assisted code review workflows. It is mature, actively maintained, and broadly accessible via npm, cargo, Homebrew, and Nix.

Origin

Created in May 2013 as a Node.js/TypeScript tool, jscpd has evolved from a single-language linter into a multilanguage monorepo covering 224 formats. A major architectural shift arrived with v5, which replaced the Node.js engine with a self-contained Rust binary claiming 24-37x performance gains.

Growth

Early growth came from CI integration and npm discoverability. A long tail of steady adoption followed as the format list expanded from ~150 to 224. The Rust rewrite (v5) and AI/MCP features added in 2025-2026 appear to have renewed interest, reflected in continued star accumulation (~25/week as of late June 2026) and a very recent last push (2026-06-26). Growth is slow and steady rather than viral, consistent with a developer tooling niche.

In production

The npm badge links to npmjs.com where download counts are publicly visible, but exact figures are not reproduced in the README excerpt. The presence of a GitHub Action, pre-commit hook integration, Homebrew formula, and Nix flake suggests real-world CI use. The Crates.io badge confirms publication on the Rust registry. Adoption not verified at large-scale enterprise level from available metadata, but npmjs download history would be the authoritative source.

Code analysis
Architecture

Appears to be a TypeScript monorepo (apps + packages structure) with a parallel Rust crate for v5. The core detection algorithm is Rabin-Karp tokenization; v4 uses a custom tokenizer replacing prismjs, while v5 ships as a prebuilt binary for 6 platforms. The MCP server and REST API are separate packages. Likely uses worker-based parallelism in v5 for tokenization and detection. Architecture separation between core, finder, tokenizer, and CLI packages suggests deliberate modularity.

Tests

CI badge is present (GitHub Actions workflow 'jscpd CI') suggesting automated testing exists, but specific coverage metrics are not documented in the README.

Maintenance

Last push was 2026-06-26, two days before the evaluation date — effectively current. The README documents detailed changelogs for both v4.2.x and v5.0.x with specific bug fixes and feature additions, indicating active, disciplined maintenance. The project has been maintained for over 13 years with no apparent extended dormancy.

Honest verdict

ADOPT IF: you need a language-agnostic, CI-friendly duplicate code detector for a multilanguage codebase or want to feed duplication reports into LLM/AI workflows via the MCP server or AI reporter. AVOID IF: you need deep semantic clone detection (jscpd is token/hash-based, not AST-semantic), or you are already using SonarQube and don't need a separate tool. MONITOR IF: you are evaluating the v5 Rust engine for large-scale performance-critical pipelines — it is new and the LevelDB store and Node.js API are not yet ported.

Independent dimensions

Mainstream potential

4/10

Technical importance

7/10

Adoption evidence

5/10

Risks
  • v5 Rust engine is missing LevelDB/Redis store and Node.js programmatic API, creating a feature gap for users who depend on those v4 capabilities — migration path is incomplete.
  • The 24-37x speed claim for the Rust engine is self-reported in the README without third-party benchmarks; real-world gains may vary depending on codebase characteristics.
  • Token/hash-based detection produces false positives on boilerplate-heavy code (e.g., generated files, license headers) without careful configuration of thresholds and ignore patterns.
  • Maintenance has historically been concentrated on a single primary maintainer (kucherenko), which is a bus-factor risk for a 13-year-old project — no evidence of a broader core team from available metadata.
  • The MCP server and AI features are recent additions; their stability and suitability for production LLM pipelines is not yet established from public evidence.
Prediction

jscpd is likely to maintain its niche as the go-to multilanguage CPD tool for JavaScript/TypeScript ecosystems. The Rust engine and MCP/AI reporter may attract new users from AI-assisted development workflows, but mainstream dominance beyond its existing niche appears unlikely.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

TypeScript
49.3%
Rust
24%
Shell
3%
JavaScript
1.9%
APL
1.3%
Pug
1.1%
HTML
1.1%
Java
1%

Information

Language
TypeScript
License
MIT
Last updated
8h ago
Created
160mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

1jehuang

1jehuang/jcode

jcode is a coding agent harness for multi-session AI-assisted coding workflows,...

8.3k Rust AI & ML
Houseofmvps

Houseofmvps/codesight

Codesight is an AI context generator that creates optimized project summaries...

1.2k TypeScript Dev Tools
DeusData

DeusData/codebase-memory-mcp

A high-performance code intelligence MCP server that indexes entire codebases...

29.3k C AI & ML
jplag

jplag/JPlag

JPlag is a specialized plagiarism and collusion detection tool for source code,...

1.9k Java Education
giancarloerra

giancarloerra/SocratiCode

SocratiCode is an open-source codebase intelligence engine that provides...

3.1k TypeScript Dev Tools
vs. alternatives
SonarQube / SonarCloud

SonarQube includes CPD as one feature inside a broader static analysis platform. jscpd is a standalone, focused tool — easier to integrate selectively without adopting a full platform, and covers more language formats. jscpd is open source MIT with no required server component.

PMD CPD

PMD's Copy/Paste Detector is the closest historical equivalent; it is Java-based and focuses on JVM-adjacent languages. jscpd covers far more formats (224 vs ~30 for PMD CPD) and integrates more naturally into JavaScript/TypeScript ecosystems. PMD CPD remains more established in Java CI pipelines.

Simian

Simian is a commercial similarity analyzer with broad language support but requires a paid license for most uses. jscpd is fully MIT-licensed and free, making it more accessible for open source projects and startups.

DeusData/codebase-memory-mcp (18k stars)

Listed as a similar repo, but that project appears focused on MCP-based codebase indexing for AI agents rather than duplicate detection. The overlap is only the MCP server surface; jscpd's core problem domain is distinct.

Custom ESLint / Prettier rules

ESLint plugins can detect some pattern duplication but are language-specific and rule-driven, not hash-based. jscpd's Rabin-Karp approach detects structural duplication across files and languages that linting rules would miss, but jscpd does not replace linters for correctness checking.