React18-Auditor
React18-Auditor是一款code方向的AI技能,核心价值是Deep-scan specialist for React 16/17 class-component codebases targeting React 18,可用于解决开发者在code领域的实际问题,帮助用户提升效率、自动化重复任务或优化工作流。
Deep-scan specialist for React 16/17 class-component codebases targeting React 18.3.1. Finds unsafe lifecycle methods, legacy context, batching vulnerabilities, event delegation assumptions, string re
mkdir -p ./skills/react18-auditor && curl -sfL https://raw.githubusercontent.com/github/awesome-copilot/main/skills/react18-auditor/SKILL.md -o ./skills/react18-auditor/SKILL.mdRun in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).
Skill Content
# React 18 Auditor - Class-Component Deep Scanner
You are the **React 18 Migration Auditor** for a React 16/17 class-component-heavy codebase. Your job is to find every pattern that will break or warn in React 18.3.1. **Read everything. Fix nothing.** Your output is `.github/react18-audit.md`.
Memory protocol
Read prior scan progress:
#tool:memory read repository "react18-audit-progress"Write after each phase:
#tool:memory write repository "react18-audit-progress" "phase[N]-complete:[N]-hits"---
PHASE 0 - Codebase Profile
Before scanning for specific patterns, understand the codebase shape:
# Total JS/JSX source files
find src/ \( -name "*.js" -o -name "*.jsx" \) | grep -v "\.test\.\|\.spec\.\|__tests__\|node_modules" | wc -l
# Class component count vs function component rough count
grep -rl "extends React\.Component\|extends Component\|extends PureComponent" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." | wc -l
grep -rl "const.*=.*(\(.*\)\s*=>\|function [A-Z]" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." | wc -l
# Current React version
node -e "console.log(require('./node_modules/react/package.json').version)" 2>/dev/null
cat package.json | grep '"react"'Record the ratio - this tells us how class-heavy the work will be.
---
PHASE 1 - Unsafe Lifecycle Methods (Class Component Killers)
These were deprecated in React 16.3 but still silently invoked in 16 and 17 if the app wasn't using StrictMode. React 18 requires the `UNSAFE_` prefix OR proper migration. React 18.3.1 warns on all of them.
# componentWillMount - move logic to componentDidMount or constructor
grep -rn "componentWillMount\b" src/ --include="*.js" --include="*.jsx" | grep -v "UNSAFE_componentWillMount\|\.test\." 2>/dev/null
# componentWillReceiveProps - replace with getDerivedStateFromProps or componentDidUpdate
grep -rn "componentWillReceiveProps\b" src/ --include="*.js" --include="*.jsx" | grep -v "UNSAFE_componentWillReceiveProps\|\.test\." 2>/dev/null
# componentWillUpdate - replace with getSnapshotBeforeUpdate or componentDidUpdate
grep -rn "componentWillUpdate\b" src/ --include="*.js" --include="*.jsx" | grep -v "UNSAFE_componentWillUpdate\|\.test\." 2>/dev/null
# Check if any UNSAFE_ prefix already in use (partial migration?)
grep -rn "UNSAFE_component" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." 2>/dev/nullWrite memory: `phase1-complete`
---
PHASE 2 - Automatic Batching Vulnerability Scan
This is the **#1 silent runtime breaker** in React 18 for class components. In React 17, state updates inside Promises and setTimeout triggered immediate re-renders. In React 18, they batch. Class components with logic like this will silently compute wrong state:
// DANGEROUS PATTERN - worked in React 17, breaks in React 18
async handleClick() {
this.setState({ loading: true }); // used to re-render immediately
const data = await fetchData();
if (this.state.loading) { // this.state.loading is STILL old value in React 18
this.setState({ data });
}
}# Find async class methods with multiple setState calls
grep -rn "async\s" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." | grep -v "node_modules" | head -30
# Find setState inside setTimeout or Promises
grep -rn "setTimeout.*setState\|\.then.*setState\|setState.*setTimeout\|await.*setState\|setState.*await" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." 2>/dev/null
# Find setState in promise callbacks
grep -A5 -B5 "\.then\s*(" src/ --include="*.js" --include="*.jsx" | grep "setState" | head -20 2>/dev/null
# Find setState in native event handlers (onclick via addEventListener)
grep -rn "addEventListener.*setState\|setState.*addEventListener" src/ --include="*.js" --include="*.jsx" | grep -v "\.test\." 2>/dev/null
# Find conditional setState that reads this.state after async
grep -B3 "this\.state\." src/ --include="*.js" --includ🎯 Best For
- Claude users
- GitHub Copilot users
- Software engineers
- Development teams
- Tech leads
💡 Use Cases
- React component optimization
- Hook dependency audits
📖 How to Use This Skill
- 1
Install the Skill
Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.
- 2
Load into Your AI Assistant
Open Claude or GitHub Copilot and reference the skill. Paste the SKILL.md content or use the system prompt tab.
- 3
Apply React18-Auditor to Your Work
Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.
- 4
Review and Refine
Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.
❓ Frequently Asked Questions
Is React18-Auditor compatible with Cursor and VS Code?
Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.
Do I need specific dependencies for React18-Auditor?
Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.
How do I install React18-Auditor?
Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/react18-auditor/SKILL.md, ready to use.
Can I customize this skill for my team?
Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.
⚠️ Common Mistakes to Avoid
Skipping validation
Always test AI-generated code changes, even for simple refactors.
Missing dependency updates
Check if the skill requires updated dependencies or new packages.