React Doctor deterministically scans your codebase for state, performance, and s...
R

React Doctor deterministically scans your codebase for state, performance, and s...

React Doctor deterministically scans your codebase for state, performance, and s...

13,296 stars
N/A forks
N/A contributors

README

Project documentation from GitHub

React Doctor: A Deterministic Code Scanner for Your React Apps

You know that feeling when you inherit a React codebase and have no idea where the state bugs, performance hogs, or security holes are? Or when you're shipping to production and want to catch issues before they become user-facing problems? React Doctor aims to help with that — by scanning your React codebase deterministically for state, performance, and security issues.

It's not a linter. It's not a runtime debugger. It's a static analysis tool that actually understands React patterns, and it might just save you a few headaches.

What It Does

React Doctor scans your entire React codebase and identifies:

  • State issues — bad state patterns, stale closures, incorrect useState or useReducer usage, missing dependencies in hooks
  • Performance issues — unnecessary re-renders, missing React.memo, components that update too often, expensive computations in render
  • Security issues — XSS vectors in JSX, unsafe dangerouslySetInnerHTML usage, exposed API keys or secrets in the codebase

The key word here is deterministic. Unlike some tools that rely on heuristics or runtime profiling, React Doctor gives you the same results every time on the same code. No false positives that randomly appear. No flaky tests.

Why It's Cool

Most static analysis tools for React are either too generic (looking for broad patterns) or too specific (just checking for one thing). React Doctor actually understands React semantics:

  • It knows that useEffect with [count] means something different than useEffect with []
  • It can spot when you're modifying state directly instead of using the setter
  • It catches the classic "callback inside an effect without deps" pattern that leads to stale closures
  • It flags JSX patterns that could lead to XSS, like rendering unsanitized user input

The output is also nice — you get a clear list of issues with file paths, line numbers, and descriptions that actually make sense. No walls of cryptic error codes.

How to Try It

Clone the repo and give it a spin:

git clone https://github.com/millionco/react-doctor.git
cd react-doctor
npm install
npx react-doctor scan ./src

Or if you just want to see what it does on a sample project, the repo has example apps in the

Did you like this issue?

Join our weekly newsletter

Love discovering amazing projects?

Help us continue bringing you the best open-source discoveries every week.

Back to Projects
Last updated: May 28, 2026