Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
4 of your 576 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 3.42s · analysis 3.02s · 2.3 MB · GitHub API rate-limit (preflight)

is-a-dev/register

https://github.com/is-a-dev/register · scanned 2026-06-05 16:46 UTC (4 days, 23 hours ago) · 10 languages

441 raw signals (429 security + 12 graph) 63rd percentile · Javascript · tiny (<2K LoC) System graph score 91 (lower by 20)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 4 days, 23 hours ago · v2 · 10 actionable findings from 2 signal sources. 425 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
79.2
/100
Security checks
67
6 findings
System graph
91
88.9% cov · 4 findings
Critical
2
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 75.0 0.15 11.25
security_score 55.0 0.25 13.75
testing_score 85.0 0.20 17.00
documentation_score 75.0 0.15 11.25
practices_score 65.0 0.15 9.75
code_quality 80.0 0.10 8.00
Overall 1.00 71.0
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 2 High 2 Medium 1 Low 2 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 6 System graph 4 Crowd 0 Layer: Software 3 Cicd 2 Security 2 Quality 1 Api 1 Frontend 1
Scan summary Quality grade B (71/100). Dimensions: security 55, maintainability 75. 429 findings (5 security). 1,062 lines analyzed.

Showing 7 of 10 actionable findings. 435 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks security secrets conf 0.95 7 occurrences Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
7 files, 7 locations
domains/_vercel.ad.json:7
domains/_vercel.kapil.json:7
domains/_vercel.kapilbastola.json:7
domains/_vercel.karthikeyans.json:10
domains/_vercel.zubariel.json:9
domains/hoovad.json:8
domains/w3teal.json:8
critical Security checks security secrets conf 0.95 415 occurrences Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications.
Gitleaks detected a committed secret or credential pattern.
12 files, 12 locations
domains/0xviel.json:5
domains/104.json:5
domains/21z.json:4
domains/3.json:5
domains/4.json:5
domains/6.json:4
domains/7.json:4
domains/_atproto.alvin.json:4
high Security checks cicd CI/CD security conf 0.90 ✓ Repobility 4 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `is-a-dev/dnscontrol-action` pinned to mutable ref `@main` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
4 files, 4 locations
.github/workflows/ci.yml:47
.github/workflows/dnscontrol.yml:21
.github/workflows/publish.yml:28
.github/workflows/raw-api.yml:37
CI/CD securitySupply chainGitHub Actions
high System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Action tracks a moving branch
is-a-dev/dnscontrol-action@main can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
3 files, 3 locations
.github/workflows/ci.yml:47
.github/workflows/publish.yml:28
.github/workflows/raw-api.yml:37
CI/CD securitySupply chainGithub actions
medium Security checks software dependencies conf 0.90 npm package `ava` is 2 major version(s) behind (^6.2.0 -> 8.0.1)
`ava` is pinned/resolved at ^6.2.0 but the latest stable release on the npm registry is 8.0.1 (2 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
low Security checks software dependencies conf 0.90 npm package `fs-extra` is minor version(s) behind (^11.2.0 -> 11.3.5)
`fs-extra` is pinned/resolved at ^11.2.0 but the latest stable release on the npm registry is 11.3.5 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
low System graph software Dead code candidate conf 1.00 File has no detected symbols: util/raw-api.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/15d8e243-3652-4fc7-8f5f-d8084bd32134/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/15d8e243-3652-4fc7-8f5f-d8084bd32134/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.