Reporters

SARIF Reporter

Generate SARIF reports for GitHub Code Scanning integration.

Installation

npm install @jscpd/sarif-reporter

GitHub Code Scanning Integration

Upload the SARIF output to GitHub to surface duplication findings inline in pull requests:

.github/workflows/jscpd.yml

name: Code duplication check
on: [push, pull_request]

jobs:
  jscpd:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run jscpd
        run: npx jscpd --reporters sarif --output ./reports .

      - name: Upload SARIF to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ./reports/jscpd-sarif.json

Results appear in the Security → Code Scanning tab of your repository and as inline annotations on pull request diffs.

Configuration

.jscpd.json

{
  "reporters": ["sarif"],
  "output": "./reports/jscpd"
}

Each detected clone is reported as a warning-level SARIF result with precise file locations (line and column). If the overall duplication percentage exceeds the configured --threshold, an additional error-level result is emitted under the duplications-threshold rule.

Edit this pageorReport an issue

Badge Reporter

Generate SVG badges for your README.

API

Use jscpd programmatically in your applications.

SARIF Reporter

Installation

Usage

GitHub Code Scanning Integration

Configuration

How It Works