Skip to main content
React Doctor scans React codebases for security, performance, correctness, and accessibility issues. CodeRabbit runs React Doctor version 0.5.6 on relevant changed files in a secure sandbox.

​
Files

React Doctor runs on changed files with these extensions:
  • .jsx
  • .tsx
  • .ts
  • .js
  • .mjs
  • .cjs
CodeRabbit only runs React Doctor when the changed files include a JSX file (.jsx or .tsx) or when a nearby package.json declares a React project dependency such as react, react-dom, react-native, preact, or @preact/compat.

​
Configuration

React Doctor is enabled by default. You can disable it in .coderabbit.yaml:
.coderabbit.yaml
reviews:
  tools:
    reactDoctor:
      enabled: false
React Doctor also appears in the CodeRabbit web UI under Reviews → Tools → React Doctor. CodeRabbit supports these static React Doctor config files:
  • doctor.config.json
  • doctor.config.jsonc
  • react-doctor.config.json
CodeRabbit also reads reactDoctor configuration from package.json. If a package uses package.json configuration without a supported static config file, CodeRabbit writes a temporary doctor.config.json beside that package.json using the selected review profile.

​
Profiles

  • Chill: Reports security findings and definite bug findings. Performance, accessibility, maintainability, design-tagged, and test-noise-tagged rules are disabled.
  • Assertive: Reports security and bug findings, plus performance and accessibility findings at their React Doctor default severity. Maintainability and test-noise-tagged rules remain disabled.
CodeRabbit also disables these React Doctor rules in both profiles:
  • react-doctor/no-vulnerable-react-server-components
  • react-doctor/no-barrel-import
  • react-doctor/nextjs-no-img-element
  • react-doctor/js-combine-iterations
  • react-doctor/prefer-module-scope-pure-function
  • react-doctor/prefer-module-scope-static-value
  • react-doctor/only-export-components
  • react-doctor/no-giant-component
  • react-doctor/no-multi-comp

​
Security policy and restrictions

React Doctor runs inside the CodeRabbit sandbox with the sandbox-installed react-doctor package. CodeRabbit does not install project npm packages or run repository-supplied React Doctor plugins. Executable React Doctor config files are not supported:
  • doctor.config.ts
  • doctor.config.js
  • doctor.config.mjs
  • doctor.config.cjs
  • doctor.config.mts
  • doctor.config.cts
CodeRabbit skips React Doctor if a supported static config file or package.json reactDoctor configuration declares a non-empty plugins array. React Doctor dead-code analysis is disabled in CodeRabbit runs.

​
When we skip React Doctor

CodeRabbit skips React Doctor when:
  • React Doctor is disabled in CodeRabbit settings.
  • The pull request does not change a supported file type.
  • The changed files do not include JSX and no nearby package.json declares a React project dependency.
  • React Doctor is already running in GitHub workflows.
  • The repository contains an executable React Doctor config file.
  • A React Doctor config declares non-empty plugins.

​
What’s next

ESLint

Review how CodeRabbit runs ESLint for JavaScript, TypeScript, and framework files.

Oxlint

Learn how CodeRabbit runs Oxlint for JavaScript and TypeScript projects.

All supported tools

Browse the complete list of linters, security analyzers, and CI/CD integrations available in CodeRabbit.