Menu
What Is React Doctor?
Quickstart
CLI to CI
How to Fix Issues
GitHub Actions Setup
Other CI Providers
Migrating to CI v2
Config Files
ESLint & oxlint Plugins
CLI Reference
GitHub Action Reference
Node.js API
Changelog
Terms of Service
Privacy Policy
Data Use
Security
Support
Rules reference

Run React Doctor locally and in CI

Use this page to find security risks and performance regressions on your machine, then add the same check to continuous integration (CI).

Run a local scan from the project root:

npx react-doctor@latest --verbose --diff

This scans the files changed in your branch. Fix security and performance findings first, then run the command again. You do not need to install a local binary.

Add GitHub Actions

Run the installer to check every pull request for security and performance regressions:

npx react-doctor@latest install

The first prompt asks whether to add React Doctor to GitHub Actions. Choose Yes. React Doctor writes .github/workflows/react-doctor.yml and adds a doctor package script.

The installer then asks which coding agents should get the /react-doctor skill. With --yes, it installs the skill for every detected agent, adds or updates the GitHub Actions workflow, and adds a pre-commit hook when the project supports one. Native agent hooks still require --agent-hooks.

If you only want to review the workflow YAML, or you do not use a supported coding agent, follow GitHub Actions setup instead.

Run the CLI anywhere

npx react-doctor@latest --verbose --diff

--diff keeps feedback focused on the files changed in your branch. The GitHub Action uses the same scanner, then adds security and performance findings to pull request comments, inline review comments, and a commit status.

For GitLab, CircleCI, Jenkins, Buildkite, or another provider, add the CLI command directly to the job and let the exit code pass or fail the build. See Other CI providers.

Optional agent and hook add-ons

The installer can show findings before CI runs:

  • Git pre-commit hook: logs staged-file findings on every commit without blocking it, by running react-doctor --staged --blocking warning. It reuses an existing hook manager when present, or falls back to .git/hooks/pre-commit.
  • Coding-agent skill: teaches Claude Code, Cursor, Codex, OpenCode, and other detected agents to run React Doctor when finishing React changes.
  • Native agent hooks: run after the agent edits files and feed findings straight back, so it self-corrects mid-session. Off by default; skip them to use less context.

The Git hook reuses these managers when it finds one:

  • Existing core.hooksPath
  • Husky
  • Vite Plus
  • simple-git-hooks
  • Lefthook
  • pre-commit
  • Overcommit
  • Yorkie
  • ghooks
  • git-hooks-js
  • pretty-quick

Install options

Pass flags to skip the prompts, for CI or dotfiles:

  • --yes: accept the default install choices without prompting
  • --agent-hooks: also install the native hooks
  • --dry-run: preview what would be installed without writing files