You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Emit scan-root-relative paths in all reporters when absolute: false (or the default). Previously, jscpd /abs/path from a different CWD left absolute paths in SARIF/JSON/XML/HTML/CSV/Markdown/console output, and Windows/macOS path canonicalization could leave \\?\ or ./ prefixes. Paths are now normalized against the canonicalized scan root (with CWD fallback) and stripped of any leading ./ or .\\ component. Fixes #827
Fix --skip-local to match jscpd v4 TypeScript semantics: it now filters clones where both fragments are under the same scan root, instead of only skipping clones in the same parent directory
Refactoring
DRY duplication in reporters: extract shared helpers (print_clone_header, print_clone_locations, print_snippet, write_report_file, report statistics, test fixtures, etc.) into cpd-reporter/src/shared.rs. Console, console-full, CSV, JSON, HTML, Markdown, silent, XML, and SARIF reporters now reuse the same implementation, reducing the monorepo's reported duplication ratio from 5.0% to 0.56% and fixing a latent --absolute path relativization bug in the same pass
Move blame enrichment from gitoxide to git blame --porcelain; capture elapsed time after blame so timing includes blame work
Resolve needless_borrow clippy warnings in CSV and Markdown reporters
Documentation
Add Nix and Homebrew install instructions to Rust READMEs. #818
Update project homepage URLs to https://jscpd.dev in all Cargo.toml and npm package.json files, add curl install method to READMEs, clean up outdated badges
Remove defunct Universal Analytics tracking pixels from all READMEs
Published Packages
cpd-core@0.1.5 on crates.io
cpd-finder@0.1.8 on crates.io
cpd-reporter@0.1.7 on crates.io
cpd-tokenizer@0.1.6 on crates.io
jscpd@5.0.10 on crates.io
cpd@5.0.10 on npm
jscpd@5.0.10 on npm
cpd-darwin-arm64@5.0.10 on npm
cpd-darwin-x64@5.0.10 on npm
cpd-linux-x64-gnu@5.0.10 on npm
cpd-linux-arm64-gnu@5.0.10 on npm
cpd-linux-x64-musl@5.0.10 on npm
cpd-windows-x64-msvc@5.0.10 on npm
Install
npm install -g cpd
# or
npm install -g jscpd
# or
cargo install jscpd
v5.0.9
New Features
GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5
Emit scan-root-relative paths in all reporters when absolute: false. Fixes #827
Fix --skip-local to match jscpd v4 TypeScript semantics
Refactoring
DRY duplication in reporters: extract shared helpers into cpd-reporter/src/shared.rs
Move blame enrichment from gitoxide to git blame --porcelain
5.0.9
New Features
GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5
Bug Fixes
Resolve platform binary resolution when cpd is installed as a nested dependency (e.g. in a project's node_modules via a parent package). The runner now correctly locates the platform-specific binary relative to the installed package rather than assuming a top-level install. Fixes #816
5.0.8
Bug Fixes
Prevent mmap exhaustion crashes when scanning repositories with more files than vm.max_map_count (default 131 072 on Linux). The walker previously held a live Mmap per discovered file; each rayon worker now opens and drops its mapping within the processing closure, capping concurrent mappings to the thread-pool size (typically 8–32). Fixes #813
Fix --pattern not matching relative paths when the scan root is absolute (e.g. CWD). Patterns like src/**/*.ts now match correctly by comparing against both the relative path and the full absolute path, and bare patterns like *.ts gain a **/ prefix to match at any depth. Fixes #811
Fix trailing-newline off-by-one in line-count filter: files not ending with \n now count the final line correctly
5.0.7
Bug Fixes
Prevent stack overflow when scanning directories containing deeply-nested JS/TS files (e.g. Bun's test/bundler with 320K+ nested for-loops). OXC's recursive-descent parser allocates one stack frame per AST nesting level; pathological inputs now exceed the default 8 MiB thread stack. Fixed by building a local rayon ThreadPool with 64 MiB stacks instead of using the global pool (which silently fails on re-init)
Default --max-size to 1mb — files exceeding the limit are skipped at walk time, consistent with jscpd v4's maxSize behavior. This prevents OXC from ever seeing megabyte-scale generated files that would overflow the stack
--workers N now correctly takes effect on every run() call (previously build_global() silently no-op'd after the first invocation)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR upgrades jscpd from 4.2.4 to 5.0.10. Codacy analysis indicates the changes are up to standards; however, because this is a major version jump involving a switch to a Rust-based engine, there is a risk of breaking changes in configuration parsing and CLI behavior. Specifically, the new 1MB default for --max-size and potential shifts in path normalization should be verified. There are currently no automated tests in this PR confirming that the new engine remains compatible with the project's existing configuration or CI environment.
About this PR
This major version upgrade may introduce breaking changes in configuration parsing or default behaviors, such as the new 1MB --max-size default. It is recommended to verify the tool's performance and output against the current codebase before merging.
Test suggestions
Verify jscpd execution against the codebase to ensure CLI and configuration compatibility with the v5 Rust engine.
Confirm that scan reports use relative paths correctly as per the fix for scan-root-relative paths in 5.0.10.
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify jscpd execution against the codebase to ensure CLI and configuration compatibility with the v5 Rust engine.
2. Confirm that scan reports use relative paths correctly as per the fix for scan-root-relative paths in 5.0.10.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependenciesPull requests that update a dependency filejavascriptPull requests that update javascript code
0 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
dependabot
Bot
added
dependencies
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
Bumps jscpd from 4.2.4 to 5.0.10.
Release notes
Sourced from jscpd's releases.
... (truncated)
Changelog
Sourced from jscpd's changelog.
... (truncated)
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)