# Run React Doctor locally and in CI

Use this page to find security risks and performance regressions on your machine, then add the same check to continuous integration (CI).

Run a local scan from the project root:

```bash
npx react-doctor@latest --verbose --diff
```

This scans the files changed in your branch. Fix security and performance findings first, then run the command again. You do not need to install a local binary.

## Add GitHub Actions

Run the installer to check every pull request for security and performance regressions:

```bash
npx react-doctor@latest install
```

The first prompt asks whether to add React Doctor to GitHub Actions. Choose **Yes**. React Doctor writes `.github/workflows/react-doctor.yml` and adds a `doctor` package script.

The installer then asks which coding agents should get the `/react-doctor` skill. With `--yes`, it installs the skill for every detected agent, adds or updates the GitHub Actions workflow, and adds a pre-commit hook when the project supports one. Native agent hooks still require `--agent-hooks`.

If you only want to review the workflow YAML, or you do not use a supported coding agent, follow [GitHub Actions setup](/docs/ci-and-prs/github-actions-setup) instead.

## Run the CLI anywhere

```bash
npx react-doctor@latest --verbose --diff
```

`--diff` keeps feedback focused on the files changed in your branch. The GitHub Action uses the same scanner, then adds security and performance findings to pull request comments, inline review comments, and a commit status.

For GitLab, CircleCI, Jenkins, Buildkite, or another provider, add the CLI command directly to the job and let the exit code pass or fail the build. See [Other CI providers](/docs/ci-and-prs/other-ci-providers).

## Optional agent and hook add-ons

The installer can show findings before CI runs:

- **Git pre-commit hook**: logs staged-file findings on every commit without blocking it, by running `react-doctor --staged --blocking warning`. It reuses an existing hook manager when present, or falls back to `.git/hooks/pre-commit`.
- **Coding-agent skill**: teaches Claude Code, Cursor, Codex, OpenCode, and other detected agents to run React Doctor when finishing React changes.
- **Native agent hooks**: run after the agent edits files and feed findings straight back, so it self-corrects mid-session. Off by default; skip them to use less context.

The Git hook reuses these managers when it finds one:

- Existing `core.hooksPath`
- Husky
- Vite Plus
- simple-git-hooks
- Lefthook
- pre-commit
- Overcommit
- Yorkie
- ghooks
- git-hooks-js
- pretty-quick

## Install options

Pass flags to skip the prompts, for CI or dotfiles:

- `--yes`: accept the default install choices without prompting
- `--agent-hooks`: also install the native hooks
- `--dry-run`: preview what would be installed without writing files