react-perf-analyzer 0.5.4

React performance + security scanner. Finds perf anti-patterns, XSS, secrets, and CVEs. Single binary, zero config, SARIF output.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

# .pre-commit-config.yaml
#
# react-perf-analyzer pre-commit hook
#
# Drop this file in your project root and run:
#   pip install pre-commit
#   pre-commit install
#
# Hooks (in order):
#   1. cargo fmt   — blocks commit if Rust code is not formatted
#   2. cargo clippy — blocks commit on any Rust warnings
#   3. react-perf-analyzer — blocks commit on high/critical React issues
#
# To skip for a single commit:
#   git commit --no-verify

repos:
  - repo: local
    hooks:
      # ── Rust formatting ──────────────────────────────────────────────────────
      - id: cargo-fmt
        name: Rust Format Check (cargo fmt)
        language: system
        # Only run when Rust source files are staged
        types: [rust]
        entry: cargo fmt --all --
        args: ['--check']
        pass_filenames: false
        always_run: false

      # ── Rust linting ─────────────────────────────────────────────────────────
      - id: cargo-clippy
        name: Rust Lint (cargo clippy)
        language: system
        types: [rust]
        entry: cargo clippy --all-targets --all-features --
        args: ['-D', 'warnings']
        pass_filenames: false
        always_run: false

      # ── React perf + security scan ───────────────────────────────────────────
      - id: react-perf-analyzer
        name: React Perf + Security Analyzer
        language: system
        # Only trigger on JS/TS/JSX/TSX changes
        types_or: [javascript, jsx, ts, tsx]
        # Run the tool with --only-changed so it scans only staged files.
        # --fail-on high means the commit is blocked only for high/critical issues.
        entry: react-perf-analyzer
        args:
          - '.'
          - '--only-changed'
          - '--fail-on'
          - 'high'
          - '--category'
          - 'all'
        pass_filenames: false
        always_run: false

      # Optional: also generate an HTML report on each commit
      # Uncomment the block below to enable it.
      #
      # - id: react-perf-analyzer-report
      #   name: React Perf Analyzer HTML Report
      #   language: system
      #   types_or: [javascript, jsx, ts, tsx]
      #   entry: react-perf-analyzer
      #   args:
      #     - '.'
      #     - '--only-changed'
      #     - '--format'
      #     - 'html'
      #     - '--output'
      #     - 'react-perf-report.html'
      #   pass_filenames: false
      #   always_run: false