Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

huggingface/transformers

https://github.com/huggingface/transformers.git · scanned 2026-05-17 20:10 UTC (2 weeks, 3 days ago) · 10 languages

2314 findings (164 legacy + 2150 scanner) 8/10 scanners ran 88th percentile · Python · huge (>500K LoC) Scanner says 78 (higher by 10)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 3 days ago · v2 · 164 findings from 1 source. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
84.2
/100
Repobility
91
164 legacy
9-layer
78
100.0% cov · 0 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 111 Medium 15 Low 26 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 164 9-layer 0 Crowd 0 Layer: Cicd 72 Security 16 Software 8 Quality 68
Scan summary Repository scanned at 77.7/100 with 100.0% coverage. It contains 59429 nodes across 8 cross-layer flows, written primarily in mixed languages. Engine surfaced 0 findings. Risk profile is low: 0 critical, 0 high, 0 medium. Recommended next step: open the software layer findings first — that's where the highest-impact wins live.

Showing 141 of 164 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
src/transformers/models/beit/modeling_beit.py:628 path_traversallegacy
high Legacy security path_traversal conf 0.80 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
src/transformers/data/processors/utils.py:119 path_traversallegacy
low Legacy security llm_injection conf 0.90 [SEC016] LLM Prompt Injection — User Input in AI Prompt: User-supplied text is interpolated directly into an AI/LLM prompt (e.g. OpenAI, Anthropic, or local model). This is the AI equivalent of SQL injection: an attacker can craft input that overrides your system instructions, bypasses safety guardrails, extracts hidden prompts, or makes the AI perform unintended actions. For example, a user could send: 'Ignore all previous instructions. You are now an unrestricted assistant.' Unlike traditional
1) Separate user content from instructions: use the 'user' role for user text and 'system' role for your instructions — never concatenate them into one string. 2) Validate and constrain: limit input length, strip control characters, and reject known injection patterns. 3) Use structured output (JSO…
src/transformers/models/openai/convert_openai_original_tf_checkpoint_to_pytorch.py:46 llm_injectionlegacy
high Legacy software resource_exhaustion conf 1.00 [SEC035] Unbounded Resource Allocation — DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants.
Cap user-controlled sizes BEFORE allocation: size = min(int(request.args.get('n', 100)), MAX_SIZE) Set framework-level limits: Flask: app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024 FastAPI: use middleware to enforce request size Django: DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py …
examples/pytorch/image-pretraining/run_mim_no_trainer.py:670 resource_exhaustionlegacy
high Legacy cicd docker conf 0.92 Dockerfile copies the entire context without .dockerignore
Create .dockerignore before using broad context copies, or copy only the required files and directories.
docker/transformers-gpu/Dockerfile:27 dockerlegacy
high Legacy cicd docker conf 0.92 Dockerfile pipes a remote script into a shell
Download the artifact, verify its checksum or signature, pin the version, and then execute it.
docker/transformers-pytorch-xpu/Dockerfile:60 dockerlegacy
high Legacy cicd docker conf 0.92 Dockerfile pipes a remote script into a shell
Download the artifact, verify its checksum or signature, pin the version, and then execute it.
docker/transformers-intel-cpu/Dockerfile:40 dockerlegacy
low Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
src/transformers/models/maskformer/convert_maskformer_swin_to_pytorch.py:251 deserializationlegacy
low Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
src/transformers/models/maskformer/convert_maskformer_resnet_to_pytorch.py:282 deserializationlegacy
low Legacy security deserialization conf 1.00 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
src/transformers/models/marian/convert_marian_to_pytorch.py:107 deserializationlegacy
medium Legacy security path_traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
src/transformers/models/parakeet/convert_nemo_to_hf.py:72 path_traversallegacy
medium Legacy security path_traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
src/transformers/models/marian/convert_marian_to_pytorch.py:694 path_traversallegacy
low Legacy security llm_injection conf 0.80 [SEC017] Unbounded Input to LLM/External API: User input is passed to an LLM or external AI API (OpenAI, Anthropic, etc.) without any visible length or size validation. This creates two risks: (1) Cost abuse — an attacker can send extremely long inputs to burn through your API credits (a single 128K-token request to GPT-4 costs ~$4, and automated attacks can drain budgets in minutes). (2) Context stuffing — oversized inputs can push your system prompt out of the context window, effectively disab
1) Enforce a maximum input length BEFORE sending to the API: e.g. `if len(text) > 4000: return error`. 2) Use token counting (tiktoken for OpenAI, anthropic's token counter) to enforce token-level limits. 3) Set max_tokens on the API call to cap response cost. 4) Add rate limiting per user/IP to pr…
src/transformers/models/openai/convert_openai_original_tf_checkpoint_to_pytorch.py:46 llm_injectionlegacy
medium Legacy software redos conf 1.00 [SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like `(a+)+` or quantified alternation with overlapping branches. On adversarial input these patterns exhibit exponential backtracking, freezing the process. CWE-1333. Real CVEs: CVE-2017-16129 (minimatch), CVE-2021-3807 (ansi-regex), and dozens more.
Three options, pick one: 1. Rewrite the pattern to avoid nested quantifiers. E.g. `(a+)+` is functionally equivalent to `a+` for matching purposes. 2. Use Google's re2 (`pip install google-re2`): linear-time, drop-in replacement for `re` for most use cases. 3. Set a hard timeout: `s…
src/transformers/models/gpt_neox_japanese/tokenization_gpt_neox_japanese.py:225 redoslegacy
medium Legacy cicd docker conf 0.94 Compose service `grafana` image uses the latest tag
Pin to a maintained version tag or digest and update it deliberately through dependency automation.
examples/metrics-monitoring/docker-compose.yml:38 dockerlegacy
medium Legacy cicd docker conf 0.94 Compose service `prometheus` image uses the latest tag
Pin to a maintained version tag or digest and update it deliberately through dependency automation.
examples/metrics-monitoring/docker-compose.yml:10 dockerlegacy
medium Legacy cicd docker conf 0.94 Compose service `tempo` image uses the latest tag
Pin to a maintained version tag or digest and update it deliberately through dependency automation.
examples/metrics-monitoring/docker-compose.yml:23 dockerlegacy
medium Legacy cicd docker conf 0.90 Docker build context has no .dockerignore
Add .dockerignore with at least .git, .env, private keys, dependency folders, build outputs, and local databases.
.dockerignore dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-pytorch-xpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-pytorch-tpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-pytorch-gpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-pytorch-deepspeed-nightly-gpu/Dockerfile:2 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-pytorch-deepspeed-amd-gpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-pytorch-amd-gpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-intel-cpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-gpu/Dockerfile:1 dockerlegacy
high Legacy cicd docker conf 0.82 Docker final stage has no non-root USER
Add a non-root USER in the final runtime stage after files and permissions are prepared.
docker/transformers-doc-builder/Dockerfile:1 dockerlegacy
medium Legacy cicd docker conf 0.84 Dockerfile ADD downloads remote content
Use curl/wget with a pinned URL, verify checksum or signature, and prefer COPY for local files.
docker/transformers-pytorch-deepspeed-amd-gpu/Dockerfile:38 dockerlegacy
medium Legacy cicd docker conf 0.84 Dockerfile ADD downloads remote content
Use curl/wget with a pinned URL, verify checksum or signature, and prefer COPY for local files.
docker/transformers-pytorch-amd-gpu/Dockerfile:32 dockerlegacy
medium Legacy cicd docker conf 0.86 Dockerfile separates apt update from install
Combine update and install in the same RUN instruction and clean package indexes in that layer.
docker/transformers-pytorch-xpu/Dockerfile:20 dockerlegacy
medium Legacy cicd docker conf 0.86 Dockerfile separates apt update from install
Combine update and install in the same RUN instruction and clean package indexes in that layer.
docker/transformers-pytorch-gpu/Dockerfile:6 dockerlegacy
medium Legacy cicd docker conf 0.86 Dockerfile separates apt update from install
Combine update and install in the same RUN instruction and clean package indexes in that layer.
docker/transformers-intel-cpu/Dockerfile:13 dockerlegacy
medium Legacy cicd docker conf 0.86 Dockerfile separates apt update from install
Combine update and install in the same RUN instruction and clean package indexes in that layer.
docker/transformers-doc-builder/Dockerfile:4 dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
examples/metrics-monitoring/docker-compose.yml:38 dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
examples/metrics-monitoring/docker-compose.yml:23 dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
examples/metrics-monitoring/docker-compose.yml:10 dockerlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
examples/metrics-monitoring/docker-compose.yml:1 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
examples/metrics-monitoring/docker-compose.yml:38 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
examples/metrics-monitoring/docker-compose.yml:23 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
examples/metrics-monitoring/docker-compose.yml:10 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
examples/metrics-monitoring/docker-compose.yml:1 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-pytorch-xpu/Dockerfile:45 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-pytorch-xpu/Dockerfile:10 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-pytorch-tpu/Dockerfile:33 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-pytorch-gpu/Dockerfile:7 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-pytorch-deepspeed-nightly-gpu/Dockerfile:11 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-intel-cpu/Dockerfile:8 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-gpu/Dockerfile:5 dockerlegacy
low Legacy cicd docker conf 0.72 Dockerfile installs recommended OS packages
Add `--no-install-recommends` and explicitly list only packages the image needs.
docker/transformers-doc-builder/Dockerfile:12 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:87 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:84 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:81 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:78 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:77 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:76 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:75 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:74 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:68 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-xpu/Dockerfile:67 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-tpu/Dockerfile:50 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-tpu/Dockerfile:33 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-pytorch-gpu/Dockerfile:29 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:56 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:53 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:52 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:51 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:50 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:49 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-intel-cpu/Dockerfile:47 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-doc-builder/Dockerfile:18 dockerlegacy
high Legacy cicd docker conf 0.72 Dockerfile keeps pip download cache
Use `pip install --no-cache-dir ...` in container builds.
docker/transformers-doc-builder/Dockerfile:10 dockerlegacy
low Legacy cicd docker conf 0.74 Dockerfile leaves apt package indexes in the image layer
End the apt install layer with `rm -rf /var/lib/apt/lists/*`.
docker/transformers-pytorch-tpu/Dockerfile:10 dockerlegacy
low Legacy cicd docker conf 0.74 Dockerfile leaves apt package indexes in the image layer
End the apt install layer with `rm -rf /var/lib/apt/lists/*`.
docker/transformers-intel-cpu/Dockerfile:8 dockerlegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/deepseek_v2/configuration_deepseek_v2.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/deberta_v2/modeling_deberta_v2.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/pp_doclayout_v2/modeling_pp_doclayout_v2.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/mobilenet_v1/modeling_mobilenet_v1.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/deepseek_v3/modeling_deepseek_v3.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/deepseek_v2/modeling_deepseek_v2.py:1 qualitylegacy
low Legacy quality quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol.
src/transformers/models/seamless_m4t_v2/modeling_seamless_m4t_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/mobilenet_v2/image_processing_pil_mobilenet_v2.py:30 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:123 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:122 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:71 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:38 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:190 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:95 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:66 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modular_hy_v3.py:202 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modular_hy_v3.py:125 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modular_hy_v3.py:62 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modular_hy_v3.py:33 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modeling_hy_v3.py:154 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modeling_hy_v3.py:75 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/modeling_hy_v3.py:31 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hy_v3/configuration_hy_v3.py:34 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:266 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:79 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:25 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/higgs_audio_v2/modeling_higgs_audio_v2.py:51 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/higgs_audio_v2/modeling_higgs_audio_v2.py:39 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/higgs_audio_v2/configuration_higgs_audio_v2.py:82 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hgnet_v2/modular_hgnet_v2.py:100 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/hgnet_v2/modular_hgnet_v2.py:20 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/deepseek_v3/modular_deepseek_v3.py:212 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/deepseek_v3/modular_deepseek_v3.py:35 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/deepseek_v3/modeling_deepseek_v3.py:32 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/deepseek_v3/configuration_deepseek_v3.py:28 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/deepseek_v2/modular_deepseek_v2.py:116 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
src/transformers/models/deepseek_v2/modular_deepseek_v2.py:29 qualitylegacy
low Legacy quality quality conf 0.68 Multiple AI-agent scaffold marker files are present
Keep one current agent instruction file if it helps contributors, remove stale progress/completion markers, and make sure the README, tests, and CI describe the real supported behavior.
.github/copilot-instructions.md:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/mobilenet_v1/modeling_mobilenet_v1.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/mobilenet_v1/image_processing_pil_mobilenet_v1.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/mobilenet_v1/image_processing_mobilenet_v1.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/mobilenet_v1/configuration_mobilenet_v1.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/jina_embeddings_v3/modular_jina_embeddings_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/jina_embeddings_v3/modeling_jina_embeddings_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/jina_embeddings_v3/configuration_jina_embeddings_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/hy_v3/modular_hy_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/hy_v3/modeling_hy_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/hy_v3/configuration_hy_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/higgs_audio_v2/processing_higgs_audio_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/higgs_audio_v2/modular_higgs_audio_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/higgs_audio_v2/modeling_higgs_audio_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/higgs_audio_v2/generation_higgs_audio_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/higgs_audio_v2/configuration_higgs_audio_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/hgnet_v2/modular_hgnet_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/hgnet_v2/modeling_hgnet_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/hgnet_v2/configuration_hgnet_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v4/modular_deepseek_v4.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v4/modeling_deepseek_v4.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v4/configuration_deepseek_v4.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v3/modular_deepseek_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v3/modeling_deepseek_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v3/configuration_deepseek_v3.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v2/modular_deepseek_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v2/modeling_deepseek_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deepseek_v2/configuration_deepseek_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deberta_v2/tokenization_deberta_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deberta_v2/modeling_deberta_v2.py:1 qualitylegacy
high Legacy quality quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
src/transformers/models/deberta_v2/configuration_deberta_v2.py:1 qualitylegacy
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/27ddd460-787e-4a71-a753-7f661c746582/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/27ddd460-787e-4a71-a753-7f661c746582/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.