{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `dotenv` is 1 major version(s) behind (16.6.1 -> 17.4.2)", "shortDescription": {"text": "npm package `dotenv` is 1 major version(s) behind (16.6.1 -> 17.4.2)"}, "fullDescription": {"text": "`dotenv` is pinned/resolved at 16.6.1 but the latest stable release on the npm registry is 17.4.2 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 687 lines (recommend <300)", "shortDescription": {"text": "Average file size is 687 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/stale` pinned to mutable ref `@v10`", "shortDescription": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "fullDescription": {"text": "`uses: actions/stale@v10` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/872"}, "properties": {"repository": "jgraph/drawio-desktop", "repoUrl": "https://github.com/jgraph/drawio-desktop", "branch": "dev"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 79788, "scanner": "repobility-threat-engine", "fingerprint": "e92d094fe98e5d5303369e205a5bd6be10a259f308541d075db5976306cef914", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e92d094fe98e5d5303369e205a5bd6be10a259f308541d075db5976306cef914"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/progress-bar.js"}, "region": {"startLine": 106}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `dotenv` is 1 major version(s) behind (16.6.1 -> 17.4.2)"}, "properties": {"repobilityId": 79783, "scanner": "repobility-dependency-currency", "fingerprint": "ed32d98d590c66d304d1b3e95e2f20326dbd6cb582d6bd82fcf862bd26917cb6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "dotenv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.4.2", "correlation_key": "fp|ed32d98d590c66d304d1b3e95e2f20326dbd6cb582d6bd82fcf862bd26917cb6", "current_version": "16.6.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 687 lines (recommend <300)"}, "properties": {"repobilityId": 79770, "scanner": "repobility-core", "fingerprint": "90d85c755008f73f00c5ca143e1cb91aa8d684f38b12149e57aeae6682b1a5cc", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|90d85c755008f73f00c5ca143e1cb91aa8d684f38b12149e57aeae6682b1a5cc"}}}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 79771, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 79786, "scanner": "repobility-threat-engine", "fingerprint": "5bfcc0b3b9a26ab56bec4365cf697b7ef3fe9770eae393c646bca21b79982c32", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5bfcc0b3b9a26ab56bec4365cf697b7ef3fe9770eae393c646bca21b79982c32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sync.cjs"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 79785, "scanner": "repobility-threat-engine", "fingerprint": "f6803a8082cfae5f7f4579a938c58ec51e34fc8b9c51735b77cd0763cf557b66", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6803a8082cfae5f7f4579a938c58ec51e34fc8b9c51735b77cd0763cf557b66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/electron-preload.js"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 79784, "scanner": "repobility-threat-engine", "fingerprint": "25de5eca8c2ea70bd7f5691a17c56ed6f0b91926f0c71425c5eb9f463df8b03d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25de5eca8c2ea70bd7f5691a17c56ed6f0b91926f0c71425c5eb9f463df8b03d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "preload.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@electron/fuses` is patch version(s) behind (2.1.1 -> 2.1.2)"}, "properties": {"repobilityId": 79782, "scanner": "repobility-dependency-currency", "fingerprint": "2c64e56794358aff724cb93f27b80383971552920ceff1d7c891f46074dcfea0", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@electron/fuses", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.1.2", "correlation_key": "fp|2c64e56794358aff724cb93f27b80383971552920ceff1d7c891f46074dcfea0", "current_version": "2.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 79787, "scanner": "repobility-threat-engine", "fingerprint": "299cad95e132a79593c88bb4bfe9e4db2356ae44dd2efa425b5b7b5fb312a9c5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this._window.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|299cad95e132a79593c88bb4bfe9e4db2356ae44dd2efa425b5b7b5fb312a9c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/main/progress-bar.js"}, "region": {"startLine": 148}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/stale` pinned to mutable ref `@v10`"}, "properties": {"repobilityId": 79781, "scanner": "repobility-supply-chain", "fingerprint": "621e182a62e5c8e235cb9b198d765695daa3e56432d59e689f2a04fae7a5f8d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|621e182a62e5c8e235cb9b198d765695daa3e56432d59e689f2a04fae7a5f8d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79780, "scanner": "repobility-supply-chain", "fingerprint": "5d3754e7dbe6c29fc354b7d7226e61851e48865ac7923ce6a0e96fe8408ecc85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d3754e7dbe6c29fc354b7d7226e61851e48865ac7923ce6a0e96fe8408ecc85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/electron-builder.yml"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79779, "scanner": "repobility-supply-chain", "fingerprint": "69c7093aecfca12ddd7c845c0ed158ddc5734bb91fdb7c9d542af511210149fd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69c7093aecfca12ddd7c845c0ed158ddc5734bb91fdb7c9d542af511210149fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/electron-builder.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79778, "scanner": "repobility-supply-chain", "fingerprint": "80b22af1ade307832402abf88ca261a73e9185e6de343b156385f806176d4757", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|80b22af1ade307832402abf88ca261a73e9185e6de343b156385f806176d4757"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/electron-builder.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v7`"}, "properties": {"repobilityId": 79777, "scanner": "repobility-supply-chain", "fingerprint": "0233b5fcf93eee1fe6603837ea22a000c135df7954726a4c6b252116467d7340", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0233b5fcf93eee1fe6603837ea22a000c135df7954726a4c6b252116467d7340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/prepare-release.yml"}, "region": {"startLine": 228}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79776, "scanner": "repobility-supply-chain", "fingerprint": "3db395a9b151090bed83cfa11a2b2731260bf07aa66e118f185d9a4542986ff9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3db395a9b151090bed83cfa11a2b2731260bf07aa66e118f185d9a4542986ff9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/prepare-release.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79775, "scanner": "repobility-supply-chain", "fingerprint": "75d4ea8d8fe9098ed53fa9420119d4bc43ccb4ce53d734019c9a33228e114ce5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75d4ea8d8fe9098ed53fa9420119d4bc43ccb4ce53d734019c9a33228e114ce5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/prepare-release.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79774, "scanner": "repobility-supply-chain", "fingerprint": "4c8dbe06f8aa4c1affca8c7a662921d234e5dfb64cc687d92e27434209f3aadc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c8dbe06f8aa4c1affca8c7a662921d234e5dfb64cc687d92e27434209f3aadc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/electron-builder-win.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79773, "scanner": "repobility-supply-chain", "fingerprint": "61d6eae9c664e38fc061d593be141ab8fee7610689b5e62236a2e0ccedde84f4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|61d6eae9c664e38fc061d593be141ab8fee7610689b5e62236a2e0ccedde84f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/electron-builder-win.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v6`"}, "properties": {"repobilityId": 79772, "scanner": "repobility-supply-chain", "fingerprint": "ccc0c06b37f302f58049095156a486295abeb0d52dc9e7170293348cb2f30e3b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccc0c06b37f302f58049095156a486295abeb0d52dc9e7170293348cb2f30e3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/electron-builder-win.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 79789, "scanner": "repobility-threat-engine", "fingerprint": "8310f1fa6c00f619cedfb17d2e47da75dfcd8de898effb7e1885461aab377adf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(appjsonpath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8310f1fa6c00f619cedfb17d2e47da75dfcd8de898effb7e1885461aab377adf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sync.cjs"}, "region": {"startLine": 23}}}]}]}]}