Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
108 of your 225 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 24.24s · analysis 28.88s · 47.1 MB · GitHub API rate-limit (preflight)

cline/cline

https://github.com/cline/cline · scanned 2026-06-05 09:25 UTC (5 days, 17 hours ago) · 10 languages

1030 raw signals (196 security + 834 graph) 11/13 scanners ran 93rd percentile · Typescript · large (100-500K LoC) System graph score 72 (higher by 15)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 17 hours ago · v2 · 437 actionable findings from 2 signal sources. 152 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
77.0
/100
Security checks
82
64 findings
System graph
72
100.0% cov · 373 findings
Critical
1
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 100.0 0.25 25.00
testing_score 88.0 0.20 17.60
documentation_score 96.0 0.15 14.40
practices_score 88.0 0.15 13.20
code_quality 79.0 0.10 7.90
Overall 1.00 87.1
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 1 High 10 Medium 58 Low 179 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 64 System graph 373 Crowd 0 Layer: Quality 172 Cicd 7 Security 22 Software 59 Frontend 177
Scan summary Quality grade A- (87/100). Dimensions: security 100, maintainability 60. 196 findings (44 security). 474,750 lines analyzed.

Showing 245 of 437 actionable findings. 589 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility [MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes.
Add `import warnings` at the top of the file.
.github/scripts/coverage_check/workflow.py:226
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — React skips re-render on mutated reference.
Review and fix per the pattern semantics. See CWE-682 / for context.
sdk/packages/core/src/runtime/turn-queue/pending-prompt-service.ts:100
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — React skips re-render on mutated reference.
Review and fix per the pattern semantics. See CWE-682 / for context.
apps/vscode/src/core/task/tools/utils/ToolHookUtils.ts:159
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED031] React Direct State Mutation: this.state.X = Y mutates without setState. React wont re-render.
Review and fix per the pattern semantics. See CWE-682 / for context.
apps/vscode/src/integrations/terminal/standalone/StandaloneTerminal.ts:104
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.
Review and fix per the pattern semantics. See CWE-78 / for context.
.github/scripts/coverage_check/util.py:190
high Security checks software Prototype pollution conf 1.00 [SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie).
Sanitize keys BEFORE merge: function sanitize(obj) { delete obj.__proto__; delete obj.constructor; delete obj.prototype; return obj; } Or use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation.
sdk/packages/core/src/session/services/file-session-service.ts:208
high Security checks software Prototype pollution conf 1.00 [SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie).
Sanitize keys BEFORE merge: function sanitize(obj) { delete obj.__proto__; delete obj.constructor; delete obj.prototype; return obj; } Or use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation.
apps/cli/src/connectors/base.ts:149
high Security checks quality Quality conf 1.00 [SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='data' allows path-traversal (CVE-2007-4559, fixed via PEP 706 in 3.12). Ported from bandit B202 (Apache-2.0).
Add `filter='data'` (Python ≥ 3.12) or manually validate member paths against `os.path.abspath`.
apps/vscode/scripts/download-ripgrep.mjs:110
medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
apps/cli/src/connectors/chat-runtime.ts:33
apps/cli/src/connectors/runtime-turn.ts:337
apps/cli/src/index.ts:53
low Security checks security Injection conf 0.50 3 occurrences [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
Use subprocess with shell=False and a list of args. Never eval user input.
3 files, 3 locations
.github/scripts/coverage_check/util.py:190
apps/cli/src/tui/commands/slash-command-registry.ts:264
apps/cli/src/utils/team-command.ts:14
low Security checks security Deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
evals/analysis/src/classifier.ts:46
low Security checks security Deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
apps/vscode/src/core/context/instructions/user-instructions/frontmatter.ts:47
medium Security checks quality Quality conf 1.00 3 occurrences [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
3 files, 3 locations
apps/cline-hub/src/server.ts:88
apps/vscode/src/dev/commands/tasks.ts:125
sdk/packages/core/src/session/stores/conversation-store.ts:16
low Security checks quality Quality conf 1.00 3 occurrences [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.
Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.
3 files, 3 locations
apps/vscode/src/core/api/providers/claude-code.ts:212
apps/vscode/src/services/browser/BrowserDiscovery.ts:50
apps/vscode/src/utils/git-worktree.ts:84
medium Security checks cicd CI/CD security conf 0.68 5 occurrences Agent auto-approve or skip-permissions mode is easy to enable
Require an explicit isolated profile for auto-approve modes. Keep safe defaults interactive, add visible warnings, and block these modes when the workspace contains secrets or production deploy credentials.
5 files, 5 locations
apps/cli/src/commands/program.ts:11
apps/cli/src/main.ts:24
apps/cli/src/runtime/tool-policies.ts:30
apps/cline-hub/src/server/sessions.ts:88
apps/examples/cline-core-cli-agent/src/index.ts:140
CI/CD securityagent runtimepermissions
high Security checks quality Quality conf 0.80 localStorage write failures are swallowed silently
Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics.
apps/cline-hub/src/webview/src/vscode.ts:100
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/cline-hub/src/webview/src/components/ai-elements/schema-display.tsx:111
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/cline-hub/src/webview/src/components/ui/chart.tsx:81
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/examples/vscode/src/webview/src/components/ai-elements/schema-display.tsx:111
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/examples/vscode/src/webview/src/components/ui/chart.tsx:81
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/ClineModelPicker.tsx:497
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/common/ModelAutocomplete.tsx:232
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/GroqModelPicker.tsx:240
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/HicapModelPicker.tsx:223
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/HuggingFaceModelPicker.tsx:226
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/OllamaModelPicker.tsx:180
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/OpenRouterModelPicker.tsx:308
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/providers/OcaModelPicker.tsx:253
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/RequestyModelPicker.tsx:231
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/vscode/webview-ui/src/components/settings/VercelModelPicker.tsx:263
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/cli/src/connectors/adapters/discord.ts:429
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/cline-hub/src/server.ts:77
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/examples/code-review-bot/src/index.ts:895
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/core/api/providers/asksage.ts:98
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/core/api/providers/dify.ts:437
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/core/api/providers/litellm.ts:80
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/core/api/providers/mistral.ts:47
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/core/api/providers/qwen-code.ts:102
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/core/controller/models/getLmStudioModels.ts:20
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/auth/AuthServiceMock.ts:66
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/banner/__tests__/BannerService.test.ts:1281
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/banner/BannerService.ts:256
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/error/providers/PostHogErrorProvider.ts:34
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/feature-flags/providers/PostHogFeatureFlagsProvider.ts:30
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/mcp/McpHub.ts:466
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/telemetry/providers/posthog/PostHogClientProvider.ts:34
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/services/telemetry/providers/posthog/PostHogTelemetryProvider.ts:37
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/shared/net.ts:40
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/src/shared/storage/adapters.ts:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/webview-ui/src/App.stories.tsx:1034
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/vscode/webview-ui/src/components/common/MarkdownBlock.stories.tsx:89
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/examples/plugins/web-search.ts:218
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/packages/core/src/hub/server/index.test.ts:228
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/packages/core/src/services/providers/model-source.ts:59
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/packages/shared/src/remote-config/blob-storage.ts:174
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — sdk/packages/shared/src/vcr.test.ts:46
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph cicd CI/CD security conf 1.00 16 occurrences GitHub Action is tag-pinned rather than SHA-pinned
oven-sh/setup-bun@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
6 files, 16 locations
.github/workflows/cli-publish.yml:62, 217, 236, 301 (4 hits)
.github/workflows/ext-vscode-publish-stable.yml:197, 210 (4 hits)
.github/workflows/ext-vscode-test.yml:32, 331, 341, 361 (4 hits)
.github/workflows/sdk-test.yml:35, 70 (2 hits)
.github/workflows/ext-vscode-test-e2e.yml:32
.github/workflows/sdk-publish.yml:111
CI/CD securitySupply chainGitHub Actions
medium System graph cicd CI/CD security conf 1.00 5 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
5 files, 5 locations
.github/workflows/cli-publish.yml
.github/workflows/ext-vscode-publish-nightly.yml
.github/workflows/ext-vscode-publish-stable.yml
.github/workflows/ext-vscode-test-e2e.yml
.github/workflows/sdk-publish.yml
CI/CD securitySupply chainGithub actions
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/cline-hub/src/webview/src/components/ai-elements/schema-display.tsx:111
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/cline-hub/src/webview/src/components/ai-elements/schema-display.tsx:111 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/ClineModelPicker.tsx:497
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/ClineModelPicker.tsx:497 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/common/ModelAutocomplete.tsx:232
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/common/ModelAutocomplete.tsx:232 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/GroqModelPicker.tsx:240
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/GroqModelPicker.tsx:240 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/HicapModelPicker.tsx:223
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/HicapModelPicker.tsx:223 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/HuggingFaceModelPicker.tsx:226
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/HuggingFaceModelPicker.tsx:226 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/OllamaModelPicker.tsx:180
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/OllamaModelPicker.tsx:180 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/OpenRouterModelPicker.tsx:308
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/OpenRouterModelPicker.tsx:308 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/providers/OcaModelPicker.tsx:253
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/providers/OcaModelPicker.tsx:253 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/RequestyModelPicker.tsx:231
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/RequestyModelPicker.tsx:231 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/vscode/webview-ui/src/components/settings/VercelModelPicker.tsx:263
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/vscode/webview-ui/src/components/settings/VercelModelPicker.tsx:263 Dangerous innerhtml
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in apps/vscode/src/shared/storage/adapters.ts:124
Found a known-risky pattern (weak_hash). Review and replace if possible.
apps/vscode/src/shared/storage/adapters.ts:124 Weak hash
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — .github/scripts/coverage_check/github_api.py:123
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
low Security checks quality Quality conf 0.60 30 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 16 locations
apps/cline-hub/src/webview/src/components/views/settings/channels-view.tsx:38, 70, 142 (3 hits)
apps/cli/src/connectors/adapters/whatsapp.ts:14, 278 (2 hits)
apps/cli/src/tui/views/config-view.tsx:56, 57 (2 hits)
apps/cli/src/commands/hub.ts:31
apps/cli/src/commands/schedule/import-export.ts:60
apps/cli/src/connectors/adapters/linear.ts:10
apps/cli/src/connectors/stores/memory-state.ts:84
apps/cli/src/tui/components/model-selector/cline-model-selector.tsx:13
duplicationquality
high Security checks quality Quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
apps/cli/src/tui/utils/selection-copy.ts:1
low System graph quality Maintenance conf 1.00 122 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph quality Integrity conf 1.00 217 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `AICORE_SERVICE_KEY`, `ANOTHER_VAR`, `API_KEY`, `API_URL`, `ARG1`, `ARG2`, `AUTH_TOKEN`, `AWS_ACCESS_KEY_ID` + 209 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn't break.
config drift
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/server/deps.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/server/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/webview-protocol.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/webview/eslint.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/webview/src/components/ai-elements/agent.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/webview/src/components/ai-elements/connection.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/webview/src/lib/provider-schema.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/cline-hub/src/webview/vite.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/playwright.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/standalone/runtime-files/vscode/vscode-impls.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/standalone/runtime-files/vscode/vscode-stubs.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/test-setup.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/testing-platform/harness/config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/testing-platform/harness/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/chat/ThinkingRow.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/chat/TypewriterText.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/BannerCarousel.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/CodeBlock.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/CopyButton.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/PopupModalContainer.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/ScreenReaderAnnounce.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/SuccessButton.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/TelemetryBanner.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/UnsafeImage.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/VSCodeButtonLink.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/WhatsNewItems.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/common/WhatsNewModal.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/mcp/chat-display/McpResponseDisplay.stories.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/__tests__/OllamaModelPicker.spec.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/CollapsibleContent.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/FeaturedModelCard.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/ModelDescriptionMarkdown.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/sections/FeatureSettingsSection.spec.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/UseCustomPromptCheckbox.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/settings/utils/__tests__/pricingUtils.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/alert.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/button.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/input.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/label.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/progress.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/slider.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/components/ui/switch.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/constants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/main.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/setupTests.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/utils/__tests__/context-mentions.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/utils/__tests__/hooks.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/utils/__tests__/platformUtils.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: apps/vscode/webview-ui/src/vite-env.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: vitest.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph cicd CI/CD security conf 1.00 51 occurrences GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
9 files, 51 locations
.github/workflows/ext-vscode-test.yml:29, 83, 86, 124, 127, 153, 207, 225, +5 more (20 hits)
.github/workflows/ext-vscode-test-e2e.yml:29, 86, 88, 94, 102, 110, 120, 156 (13 hits)
.github/workflows/cli-publish.yml:55, 67, 276, 307 (4 hits)
.github/workflows/ext-vscode-publish-nightly.yml:40, 54 (4 hits)
.github/workflows/ext-vscode-publish-stable.yml:44, 113 (3 hits)
.github/workflows/sdk-test.yml:32, 67, 75 (3 hits)
.github/workflows/sdk-publish.yml:58, 117 (2 hits)
.github/workflows/ext-jb-test-integration.yml:30
CI/CD securitySupply chainGitHub Actions
low System graph quality Tests conf 1.00 Low test-to-source ratio
507 tests / 2039 src (ratio 0.25).
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: sdk/examples/hooks/PostToolUse.py:main, sdk/examples/hooks/PreToolUse.py:main This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `isLessThan23HoursOld` in apps/vscode/src/core/api/transform/openai-response-format.ts:90
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nOld` in .github/scripts/tests/coverage_check_test.py:232
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `project_backup` in apps/vscode/src/utils/path.test.ts:35
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph cicd CI/CD security conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json CI/CD securitySupply chainNpm
low System graph cicd CI/CD security conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
apps/vscode/package.json CI/CD securitySupply chainNpm
low System graph software Dead code conf 1.00 Possibly dead Python function: find_pattern
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
.github/scripts/coverage_check/util.py:203
low System graph software Dead code conf 1.00 Possibly dead Python function: format_exception
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
.github/scripts/coverage_check/util.py:235
low System graph software Dead code conf 1.00 Possibly dead Python function: read_file_content
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
.github/scripts/coverage_check/util.py:122
low System graph software Dead code conf 1.00 Possibly dead Python function: write_file_content
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
.github/scripts/coverage_check/util.py:144
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cli/script/build.ts:52
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cli/script/publish-npm.ts:156
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cli/src/commands/bin-wrapper.test.ts:62
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cli/src/commands/distribution-package.test.ts:72
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cli/src/wizards/connect/index.ts:229
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cline-hub/src/dev.ts:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cline-hub/src/server.ts:238
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/cline-hub/src/validate-options.ts:57
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/examples/cli-agent/src/index.ts:38
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/examples/cline-core-cli-agent/src/index.ts:44
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/examples/code-review-bot/src/index.ts:1656
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/examples/desktop-app/sidecar/chat-test.ts:96
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/examples/multi-agent/src/index.ts:1153
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/examples/quickstart/src/index.ts:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/build-tests.js:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/generate-stubs.js:29
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/interactive-playwright.ts:73
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/report-issue.js:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/test-hostbridge-server.ts:46
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/test-standalone-core-api-server.ts:54
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/scripts/testing-platform-orchestrator.ts:149
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/api/adapters/__tests__/adapters.test.ts:219
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/api/providers/__tests__/ollama.test.ts:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/assistant-message/diff.test.ts:278
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/hook-factory.test.ts:68
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/taskcancel.test.ts:38
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/taskcomplete.test.ts:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/taskresume.test.ts:51
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/taskstart.test.ts:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/test-utils.ts:159
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/hooks/__tests__/user-prompt-submit.test.ts:46
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/mentions/index.test.ts:67
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/prompts/system-prompt-legacy/families/local-models/compact-system-prompt.ts:84
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/prompts/system-prompt/__tests__/integration.test.ts:91
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/prompts/system-prompt/__tests__/matcher-test.ts:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/prompts/system-prompt/variants/xs/overrides.ts:69
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/task/multifile-diff.test.ts:244
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/core/task/tools/utils/__tests__/PatchParser.test.ts:25
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/hosts/vscode/hostbridge/window/getOpenTabs.test.ts:79
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/integrations/terminal/index.ts:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/services/telemetry/TelemetryService.test.ts:247
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/shared/storage/__tests__/state-keys.test.ts:275
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/standalone/utils.ts:18
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/test/e2e/fixtures/server/data.ts:164
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/test/e2e/fixtures/server/index.ts:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/src/test/hook-executor.test.ts:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/standalone/runtime-files/vscode/stub-utils.js:5
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/standalone/runtime-files/vscode/vscode-impls.js:1
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/standalone/runtime-files/vscode/vscode-stubs.js:2
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/testing-platform/index.ts:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/App.stories.tsx:1049
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/browser/BrowserSettingsMenu.tsx:29
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/chat/chat-view/components/layout/IdleIndicator.stashed.tsx:46
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/chat/chat-view/hooks/useMessageHandlers.ts:44
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/chat/ChatView.tsx:238
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/chat/task-header/TaskHeader.stories.tsx:80
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/common/MarkdownBlock.stories.tsx:266
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/common/MermaidBlock.tsx:169
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/common/Tab.tsx:45
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/mcp/chat-display/ImagePreview.tsx:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/mcp/chat-display/LinkPreview.tsx:301
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/mcp/chat-display/McpResponseDisplay.stories.tsx:65
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/mcp/chat-display/McpResponseDisplay.tsx:111
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/mcp/chat-display/utils/mcpRichUtil.ts:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/mcp/configuration/tabs/marketplace/McpMarketplaceCard.tsx:118
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/components/settings/providers/AihubmixProvider.tsx:45
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/config/platform.config.ts:63
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/context/ClineAuthContext.tsx:49
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/context/ExtensionStateContext.tsx:395
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/services/grpc-client-base.ts:115
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/src/utils/getLanguageFromPath.ts:84
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — apps/vscode/webview-ui/vite.config.ts:38
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — evals/analysis/src/cli.ts:70
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — evals/e2e/run-cline-bench.ts:134
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — evals/smoke-tests/run-smoke-tests.ts:490
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/examples/hooks/PostToolUse.ts:53
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/examples/hooks/PreToolUse.ts:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/examples/hooks/PreToolUse_ModifyInput.ts:55
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/examples/plugins/weather-metrics.ts:89
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/scripts/telemetry-smoke-host.ts:43
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/scripts/telemetry-smoke.ts:92
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/ClineCore.ts:242
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/extensions/tools/definitions.test.ts:530
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/extensions/tools/definitions.ts:499
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/extensions/tools/executors/apply-patch.test.ts:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/hooks/hook-file-hooks.test.ts:269
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/hub/server/hub-server-logging.ts:62
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/core/src/runtime/tools/subprocess-sandbox.test.ts:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/llms/scripts/fix-esm-imports.ts:95
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/packages/llms/scripts/generate-models.ts:115
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/scripts/check-publish.ts:132
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/scripts/ci-node-smoke.ts:83
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/scripts/clean.ts:67
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/scripts/release.ts:87
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sdk/scripts/version.ts:63
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph quality Complexity conf 1.00 Very large file: apps/examples/code-review-bot/src/index.ts (1658 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/src/core/prompts/system-prompt-legacy/families/next-gen-models/gpt-5.ts (841 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/src/core/task/index.ts (3764 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/src/services/mcp/McpHub.ts (1673 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/src/services/telemetry/TelemetryService.ts (2442 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/src/shared/api.ts (5314 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/standalone/runtime-files/vscode/vscode-stubs.js (1332 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: apps/vscode/webview-ui/src/components/chat/ChatTextArea.tsx (1648 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: sdk/packages/core/src/hub/runtime-host/hub-runtime-host.ts (1948 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: sdk/packages/core/src/runtime/host/local-runtime-host.test.ts (5167 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: sdk/packages/core/src/runtime/host/local-runtime-host.ts (1755 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: sdk/packages/llms/src/catalog/catalog.generated.ts (22988 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: sdk/packages/llms/src/providers/gateway.test.ts (3295 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/225c1628-8aa6-4e9a-8b28-2acec03cadf0/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/225c1628-8aa6-4e9a-8b28-2acec03cadf0/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.