Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
62 of your 140 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 4.36s · analysis 9.75s · 15.1 MB · GitHub API rate-limit (preflight)

frappe/education

https://github.com/frappe/education · scanned 2026-06-05 12:59 UTC (5 days, 7 hours ago) · 10 languages

304 raw signals (136 security + 168 graph) 22nd percentile · Python · small (2-20K LoC) System graph score 83 (lower by 26)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 7 hours ago · v2 · 150 actionable findings from 2 signal sources. 70 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
67.5
/100
Security checks
52
81 findings
System graph
83
100.0% cov · 69 findings
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 38.2 0.25 9.55
testing_score 56.0 0.20 11.20
documentation_score 62.0 0.15 9.30
practices_score 73.0 0.15 10.95
code_quality 71.7 0.10 7.17
Overall 1.00 57.2
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 1 High 20 Medium 30 Low 77 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 81 System graph 69 Crowd 0 Layer: Security 4 Software 104 Cicd 10 Quality 25 Api 1 Frontend 5 Hardware 1
Scan summary Quality grade C (57/100). Dimensions: security 38, maintainability 60. 136 findings (53 security). 14,554 lines analyzed.

Showing 128 of 150 actionable findings. 220 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks cicd CI/CD security conf 0.96 Compose service contains a literal secret environment value
Literal secrets in Compose files are committed to source and exposed through container inspection.
docker/docker-compose.yml:3 CI/CD securitycontainers
high Security checks quality Quality conf 1.00 ✓ Repobility Missing import: `email` used but not imported
The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes.
education/patches/v15_0/fees_student_email.py:7
high Security checks quality Quality conf 1.00 ✓ Repobility 25 occurrences `self.set_onload` used but never assigned in __init__
Method `onload` of class `ProgramEnrollmentTool` reads `self.set_onload`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
lines 18, 23, 25, 27, 30, 40, 41, 43, +17 more
education/education/doctype/program_enrollment_tool/program_enrollment_tool.py:18, 23, 25, 27, 30, 40, 41, 43, +17 more (25 hits)
high Security checks software dependencies conf 0.88 braces: GHSA-grv7-fg5c-xmjg
Uncontrolled resource consumption in braces
frontend/yarn.lock
high Security checks software dependencies conf 0.88 cross-spawn: GHSA-3xgq-45jj-v275
Regular Expression Denial of Service (ReDoS) in cross-spawn
frontend/yarn.lock
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 17 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `actions/checkout` pinned to mutable ref `@v4` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
3 files, 17 locations
.github/workflows/ci.yml:44, 47, 60, 69, 78, 92 (11 hits)
.github/workflows/builds.yml:23, 50 (3 hits)
.github/workflows/linters.yml:13, 16 (3 hits)
CI/CD securitySupply chainGitHub Actions
high Security checks software dependencies conf 0.88 glob: GHSA-5j98-mcp5-4vw2
glob CLI: Command injection via -c/--cmd executes matches with shell:true
frontend/yarn.lock
high Security checks software dependencies conf 0.88 linkifyjs: GHSA-95jq-xph2-cx9h
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)
frontend/yarn.lock
high Security checks software dependencies conf 0.88 minimatch: GHSA-23c5-xmqv-rm74
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
frontend/yarn.lock
high Security checks software dependencies conf 0.88 minimatch: GHSA-3ppc-4f35-3m26
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern
frontend/yarn.lock
high Security checks software dependencies conf 0.88 minimatch: GHSA-7r86-cg39-jmmj
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments
frontend/yarn.lock
high Security checks software dependencies conf 0.88 picomatch: GHSA-c2c7-rcm5-vvqj
Picomatch has a ReDoS vulnerability via extglob quantifiers
frontend/yarn.lock
high Security checks software dependencies conf 0.90 ✓ Repobility 3 occurrences pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mutable rev `v4.0.1`
`.pre-commit-config.yaml` references `https://github.com/pre-commit/pre-commit-hooks` at `rev: v4.0.1`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
lines 7, 24, 31
.pre-commit-config.yaml:7, 24, 31 (3 hits)
high Security checks software dependencies conf 0.88 rollup: GHSA-gcx4-mw62-g8wm
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
frontend/yarn.lock
high Security checks software dependencies conf 0.88 rollup: GHSA-mw96-cpmx-2vgc
Rollup 4 has Arbitrary File Write via Path Traversal
frontend/yarn.lock
high Security checks software dependencies conf 0.88 socket.io-parser: GHSA-677m-j7p3-52f9
socket.io allows an unbounded number of binary attachments
frontend/yarn.lock
high Security checks software dependencies conf 0.88 vite: GHSA-c27g-q93r-2cwf
launch-editor vulnerable to command injection via the crafted request on Windows
frontend/yarn.lock
high Security checks software dependencies conf 0.90 ✓ Repobility Workflow container/services image `mariadb:10.6` unpinned
`container/services image: mariadb:10.6` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines.
.github/workflows/ci.yml:35
high Security checks software dependencies conf 0.88 ws: GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers
frontend/yarn.lock
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
medium Security checks software dependencies conf 0.88 brace-expansion: GHSA-f886-m6hf-6m8v
brace-expansion: Zero-step sequence causes process hang and memory exhaustion
frontend/yarn.lock
low Security checks quality Error handling conf 0.55 ✓ Repobility 6 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
4 files, 6 locations
education/education/billing.py:39, 125 (2 hits)
education/education/doctype/quiz/quiz.py:30, 45 (2 hits)
education/education/doctype/course_scheduling_tool/course_scheduling_tool.py:103
education/education/utils.py:229
Error handlingquality
medium Security checks cicd CI/CD security conf 0.94 Compose service `frappe` image uses the latest tag
The latest tag is mutable and can change without a code review, producing different images from the same source.
docker/docker-compose.yml:22 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.88 Database service has no healthcheck
Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy.
docker/docker-compose.yml:3 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.74 Database service has no persistent data volume
Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state.
docker/docker-compose.yml:17 CI/CD securitycontainers
medium Security checks software dependencies conf 0.88 esbuild: GHSA-67mh-4wv8-2f99
esbuild enables any website to send any requests to the development server and read the response
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 markdown-it: GHSA-38c4-r59v-3vqw
markdown-it is has a Regular Expression Denial of Service (ReDoS)
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 micromatch: GHSA-952p-6rrq-rcjv
Regular Expression Denial of Service (ReDoS) in micromatch
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 nanoid: GHSA-mwcw-c2x4-8c55
Predictable results in nanoid generation when given non-integer values
frontend/yarn.lock
medium Security checks software dependencies conf 0.90 npm package `@vitejs/plugin-vue` is 4 major version(s) behind (^2.0.0 -> 6.0.7)
`@vitejs/plugin-vue` is pinned/resolved at ^2.0.0 but the latest stable release on the npm registry is 6.0.7 (4 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
medium Security checks software dependencies conf 0.90 npm package `pinia` is 1 major version(s) behind (^2.1.7 -> 3.0.4)
`pinia` is pinned/resolved at ^2.1.7 but the latest stable release on the npm registry is 3.0.4 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
medium Security checks software dependencies conf 0.90 npm package `vue-router` is 1 major version(s) behind (^4.0.12 -> 5.1.0)
`vue-router` is pinned/resolved at ^4.0.12 but the latest stable release on the npm registry is 5.1.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
medium Security checks software dependencies conf 0.88 picomatch: GHSA-3v7f-55p6-f55p
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 postcss: GHSA-qx2v-qp2m-jg93
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 showdown: GHSA-rmmh-p597-ppvv
Showdown vulnerable to Regular Expression Denial of Service (ReDoS) in link/anchor parsing
frontend/yarn.lock
medium Security checks quality Quality conf 0.78 Suspicious implementation file appears unreferenced
A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path.
education/patches/v15_0/fee_schedule_status_update.py:1
medium Security checks software dependencies conf 0.88 vite: GHSA-356w-63v5-8wf4
Vite has an `server.fs.deny` bypass with an invalid `request-target`
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-4r4m-qw57-chr8
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-4w7w-66w2-5vf9
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-64vr-g452-qvp3
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-859w-5945-r5v3
Vite's server.fs.deny bypassed with /. for files under project root
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-8jhw-289h-jh2g
Vite's `server.fs.deny` did not deny requests for patterns with directories.
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-9cwx-2883-4wfx
Vite's `server.fs.deny` is bypassed when using `?import&raw`
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-vg6x-rcgg-rjx6
Websites were able to send any requests to the development server and read the response in vite
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-x574-m823-4x7w
Vite bypasses server.fs.deny when using ?raw??
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 vite: GHSA-xcj6-pq6g-qj4x
Vite allows server.fs.deny to be bypassed with .svg or relative paths
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 ws: GHSA-58qx-3vcg-4xpx
ws: Uninitialized memory disclosure
frontend/yarn.lock
medium Security checks software dependencies conf 0.88 yaml: GHSA-48c2-rrv3-qjmp
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
frontend/yarn.lock
medium System graph cicd CI/CD security conf 1.00 6 occurrences GitHub Action is tag-pinned rather than SHA-pinned
docker/setup-qemu-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
2 files, 6 locations
.github/workflows/builds.yml:26, 29, 34, 57 (4 hits)
.github/workflows/linters.yml:21 (2 hits)
CI/CD securitySupply chainGitHub Actions
medium System graph security Coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
auth
low Security checks software dependencies conf 0.88 @tiptap/extension-link: GHSA-vhrc-hgrq-x75r
@tiptap/extension-link vulnerable to Cross-site Scripting (XSS)
frontend/yarn.lock
low Security checks security auth conf 0.76 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
low Security checks software dependencies conf 0.88 brace-expansion: GHSA-v6h2-p8h4-qcjw
brace-expansion Regular Expression Denial of Service vulnerability
frontend/yarn.lock
high Security checks cicd CI/CD security conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
docker/docker-compose.yml:22 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
docker/docker-compose.yml:22 CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.72 Database service has no healthcheck
Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy.
docker/docker-compose.yml:17 CI/CD securitycontainers
low Security checks quality Quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code.
education/patches/v15_0/fee_schedule_status_update.py:1
low Security checks quality Quality conf 0.60 9 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
8 files, 9 locations
education/education/doctype/fees/fees.js:29, 32 (2 hits)
education/education/doctype/assessment_result/assessment_result.js:7
education/education/doctype/fee_structure/fee_structure.js:201
education/education/doctype/quiz/quiz.js:28
education/education/report/final_assessment_grades/final_assessment_grades.py:38
education/education/report/student_batch_wise_attendance/student_batch_wise_attendance.py:1
frontend/src/components/Calendar.vue:113
frontend/src/pages/Fees.vue:13
duplicationquality
low Security checks software dependencies conf 0.90 npm package `autoprefixer` is minor version(s) behind (^10.4.2 -> 10.5.0)
`autoprefixer` is pinned/resolved at ^10.4.2 but the latest stable release on the npm registry is 10.5.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
low Security checks software dependencies conf 0.90 npm package `feather-icons` is minor version(s) behind (^4.28.0 -> 4.29.2)
`feather-icons` is pinned/resolved at ^4.28.0 but the latest stable release on the npm registry is 4.29.2 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
low Security checks software dependencies conf 0.90 npm package `postcss` is minor version(s) behind (^8.4.5 -> 8.5.15)
`postcss` is pinned/resolved at ^8.4.5 but the latest stable release on the npm registry is 8.5.15 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
low Security checks software dependencies conf 0.90 npm package `qalendar` is minor version(s) behind (^3.6.1 -> 3.9.0)
`qalendar` is pinned/resolved at ^3.6.1 but the latest stable release on the npm registry is 3.9.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
frontend/package.json
high Security checks quality Quality conf 0.62 Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
education/patches/v15_0/fee_schedule_status_update.py:1
low Security checks software dependencies conf 0.88 vite: GHSA-g4jq-h2w9-997c
Vite middleware may serve files starting with the same name with the public directory
frontend/yarn.lock
low Security checks software dependencies conf 0.88 vite: GHSA-jqfw-vq24-v9c3
Vite's `server.fs` settings were not applied to HTML files
frontend/yarn.lock
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/api/session.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/academic_term/academic_term.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/academic_year/academic_year.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/assessment_criteria/assessment_criteria.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/assessment_criteria_group/assessment_criteria_group.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/assessment_group/assessment_group.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/assessment_group/assessment_group_tree.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/course_activity/course_activity.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/course_enrollment/course_enrollment.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/course_schedule/course_schedule.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/course_schedule/course_schedule_calendar.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/course_scheduling_tool/course_scheduling_tool.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/course_topic/course_topic.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/education_settings/education_settings.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/fee_schedule/fee_schedule.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/fee_schedule/fee_schedule_list.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/fees/fees.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/fees/fees_list.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/grading_scale/grading_scale.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/guardian/guardian.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/instructor/instructor.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/payment_record/payment_record.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/question/question.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/quiz/quiz.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/quiz_activity/quiz_activity.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/room/room.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student/student.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student/student_list.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_admission/student_admission.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_applicant/student_applicant.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_applicant/student_applicant_list.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_attendance/student_attendance.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_batch_name/student_batch_name.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_category/student_category.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_group/student_group.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_group_creation_tool/student_group_creation_tool.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_language/student_language.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_leave_application/student_leave_application.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_log/student_log.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/student_report_generation_tool/student_report_generation_tool.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/doctype/topic/topic.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/education/web_form/student_applicant/student_applicant.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: education/hooks.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/polyfills.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/postcss.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/src/main.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/src/router.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/src/stores/user.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/tailwind.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/vite.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Tests conf 1.00 Low test-to-source ratio
49 tests / 289 src (ratio 0.17).
low System graph quality Integrity conf 1.00 5 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: education/education/utils.py:get_topic_progress, education/education/utils.py:get_course_progress This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're s…
5 occurrences
repo-level (5 hits)
duplicatesduplication
low System graph cicd CI/CD security conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json CI/CD securitySupply chainNpm
low System graph software Dead code conf 1.00 Possibly dead Python function: autoname
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
education/education/doctype/student_applicant/student_applicant.py:12
low System graph software Dead code conf 1.00 Possibly dead Python function: autoname
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
education/education/doctype/student_admission/student_admission.py:12
low System graph software Dead code conf 1.00 Possibly dead Python function: before_save
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
education/education/doctype/course_schedule/course_schedule.py:24
low System graph software Dead code conf 1.00 Possibly dead Python function: set_indicator
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
education/education/doctype/fees/fees.py:18
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — frontend/src/components/AttendanceDetail.vue:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — frontend/src/components/FeesPaymentDialog.vue:198
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — frontend/src/pages/Attendance.vue:142
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — frontend/src/stores/user.js:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph quality Integrity conf 1.00 Stub function `get_article` (body is just `pass`/`return`) — education/education/doctype/article/article.py:10
Likely an AI scaffold that was never filled in. Remove or implement.
Empty handlerDead code
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/0128f2aa-c13e-41b2-8af4-4451785204ab/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/0128f2aa-c13e-41b2-8af4-4451785204ab/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.