React Audit Grep Patterns
Run grep-and-shell audit patterns during React 18/19 migration to surface dependency versions, peer conflicts, and Enzyme blockers before you merge.
Overview
react-audit-grep-patterns is an agent skill most often used in Ship (also Build review) that supplies dependency scan commands for React 18 and React 19 migration audits.
Install
npx skills add https://github.com/github/awesome-copilot --skill react-audit-grep-patternsWhat is this skill?
- One-shot package.json Python dump for react, react-dom, router, Testing Library, Apollo, Emotion, Redux, and related key
- npm ls peer/invalid/unmet grep patterns with optional error count via wc -l
- npm info peerDependencies lookups for @testing-library/react, Apollo, Emotion, and react-router-dom
- Enzyme detection block in package.json flagged as an R18 migration blocker
- Designed to run during both R18 and R19 auditor passes for dependency compatibility
- Version dump covers 15+ named dependency keys in one Python one-liner
- Peer conflict section expects zero WARN/ERR/peer lines before migration completes
Adoption & trust: 651 installs on skills.sh; 34.6k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are migrating React versions but lack a repeatable way to list ecosystem versions, count peer errors, and catch Enzyme before it silently blocks the upgrade.
Who is it for?
Indie front-end maintainers running structured R18/R19 audits with Copilot-style agents and shell access to the repo root.
Skip if: Greenfield React 19 apps with no legacy Testing Library or Enzyme debt, or teams that only use pnpm/yarn without adapting the npm ls snippets.
When should I use this skill?
Run during both R18 and R19 dependency compatibility audits when scanning package.json versions, npm peer warnings, and Enzyme blockers.
What do I get? / Deliverables
You get comparable terminal audit output—version matrix, peer warning lines, and Enzyme presence—so migration PRs can be blocked until npm ls noise hits your defined zero-warning bar.
- Terminal output listing React ecosystem package versions
- Peer dependency warning listing and optional error count
- Enzyme presence report from package.json scan
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Migration audits are canonical on Ship because they gate whether a release is safe; the skill is invoked when you are hardening the codebase pre-merge rather than during initial feature ideation. Testing subphase fits dependency and peer-dep scans that must read zero warnings before a migration is declared complete.
Where it fits
Count npm ls peer errors on a release branch before merging React 18.
Dump react-router and Emotion versions after adding a new UI package.
Confirm Enzyme is absent from package.json in an R19 readiness review.
How it compares
Use instead of one-off grep recipes in chat when you want the same dependency scan script for both auditor passes.
Common Questions / FAQ
Who is react-audit-grep-patterns for?
Solo and small-team React maintainers executing awesome-copilot migration audits who want deterministic shell patterns their agent can rerun on every branch.
When should I use react-audit-grep-patterns?
Use it in Ship/testing while validating a React upgrade PR, and again in Build when integrating new UI libraries that might introduce peer conflicts; rerun before tagging a release candidate.
Is react-audit-grep-patterns safe to install?
It only suggests read-only inspection commands against your repo and registry metadata—review the Security Audits panel on this page and avoid piping untrusted scripts beyond the documented snippets.
SKILL.md
READMESKILL.md - React Audit Grep Patterns
# Dependency Scans - Both Auditors Scans for dependency compatibility and peer conflicts. Run during both R18 and R19 audits. --- ## Current Versions ```bash # All react-related package versions in one shot cat package.json | python3 -c " import sys, json d = json.load(sys.stdin) deps = {**d.get('dependencies',{}), **d.get('devDependencies',{})} keys = ['react', 'react-dom', 'react-router', 'react-router-dom', '@testing-library/react', '@testing-library/jest-dom', '@testing-library/user-event', '@apollo/client', 'graphql', '@emotion/react', '@emotion/styled', 'jest', 'enzyme', 'react-redux', '@reduxjs/toolkit', 'prop-types'] for k in keys: if k in deps: print(f'{k}: {deps[k]}') " 2>/dev/null ``` --- ## Peer Dependency Conflicts ```bash # All peer dep warnings (must be 0 before migration completes) npm ls 2>&1 | grep -E "WARN|ERR|peer|invalid|unmet" # Count of peer errors npm ls 2>&1 | grep -E "WARN|ERR|peer|invalid|unmet" | wc -l # Specific package peer dep requirements npm info @testing-library/react peerDependencies 2>/dev/null npm info @apollo/client peerDependencies 2>/dev/null npm info @emotion/react peerDependencies 2>/dev/null npm info react-router-dom peerDependencies 2>/dev/null ``` --- ## Enzyme Detection (R18 Blocker) ```bash # In package.json cat package.json | python3 -c " import sys, json d = json.load(sys.stdin) deps = {**d.get('dependencies',{}), **d.get('devDependencies',{})} enzyme = {k: v for k, v in deps.items() if 'enzyme' in k.lower()} if enzyme: print('BLOCKER - Enzyme found:', enzyme) else: print('No Enzyme - OK') " 2>/dev/null # Enzyme adapter files find . -name "enzyme-adapter*" -not -path "*/node_modules/*" 2>/dev/null ``` --- ## React Router Version Check ```bash ROUTER=$(node -e "console.log(require('./node_modules/react-router-dom/package.json').version)" 2>/dev/null) echo "react-router-dom version: $ROUTER" # If v5 - flag for assessment if [[ $ROUTER == 5* ]]; then echo "WARNING: react-router v5 found - requires scope assessment before upgrade" echo "Run router migration scope scan:" echo " Routes: $(grep -rn "<Route\|<Switch\|<Redirect" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." | wc -l) hits" echo " useHistory: $(grep -rn "useHistory()" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." | wc -l) hits" fi ``` --- ## Lock File Consistency ```bash # Check lockfile is in sync with package.json npm ls --depth=0 2>&1 | head -20 # Check for duplicate react installs (can cause hooks errors) find node_modules -name "package.json" -path "*/react/package.json" 2>/dev/null \ | grep -v "node_modules/node_modules" \ | xargs grep '"version"' | sort -u ``` # React 18.3.1 Audit - Complete Scan Commands Run in this order. Each section maps to a phase in the react18-auditor. --- ## Phase 0 - Codebase Profile ```bash # Total source files (excluding tests) find src/ \( -name "*.js" -o -name "*.jsx" \) \ | grep -v "\.test\.\|\.spec\.\|__tests__\|node_modules" \ | wc -l # Class component count grep -rl "extends React\.Component\|extends Component\|extends PureComponent" \ src/ --include="*.js" --include="*.jsx" \ | grep -v "\.test\." | wc -l # Function component rough count grep -rl "const [A-Z][a-zA-Z]* = \|function [A-Z][a-zA-Z]*(" \ src/ --include="*.js" --include="*.jsx" \ | grep -v "\.test\." | wc -l # Current React version node -e "console.log(require('./node_modules/react/package.json').version)" 2>/dev/null # StrictMode in use? (affects how many lifecycle warnings were already seen) grep -rn "StrictMode\|React\.StrictMode" \ src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." ``` --- ## Phase 1 - Unsafe Lifecycle Methods ```bash # componentWillMount (without UNSAFE_ prefix) grep -rn "componentWillMount\b" \ src/ --include="*.js" --include="*.jsx" \ | grep -v "UNSAFE_componentWillMount\|\.test\." # componentWillReceiveProps (without UNSAFE_ prefix) grep -rn