Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
22 of your 226 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 4.27s · analysis 82.08s · 5.4 MB · GitHub API rate-limit (preflight)

nestjs/nest

https://github.com/nestjs/nest · scanned 2026-06-05 07:44 UTC (5 days, 21 hours ago) · 10 languages

575 raw signals (203 security + 372 graph) 5th percentile · Typescript · large (100-500K LoC) System graph score 54 (higher by 2)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 21 hours ago · v2 · 270 actionable findings from 2 signal sources. 119 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
47.1
/100
Security checks
41
89 findings
System graph
54
100.0% cov · 181 findings
Critical
6
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 5.5 0.25 1.38
testing_score 85.0 0.20 17.00
documentation_score 75.0 0.15 11.25
practices_score 76.0 0.15 11.40
code_quality 60.7 0.10 6.07
Overall 1.00 56.1
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 6 High 27 Medium 41 Low 172 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 89 System graph 181 Crowd 0 Layer: Quality 28 Security 17 Software 95 Cicd 14 Frontend 62 Network 3 Hardware 1 Api 50
Scan summary Quality grade C (56/100). Dimensions: security 6, maintainability 60. 203 findings (65 security). 112,928 lines analyzed.

Showing 242 of 270 actionable findings. 389 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks quality Quality conf 1.00 ✓ Repobility [MINED035] Js New Function: new Function(...) compiles strings to functions.
Review and fix per the pattern semantics. See CWE-95 / for context.
sample/34-using-esm-packages/src/import-esm-package.ts:8
critical Security checks cicd CI/CD security conf 0.96 Compose service contains a literal secret environment value
Literal secrets in Compose files are committed to source and exposed through container inspection.
integration/docker-compose.yml:26 CI/CD securitycontainers
critical Security checks security secrets conf 0.95 8 occurrences Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
8 files, 8 locations
Readme.md:5
packages/common/Readme.md:5
packages/core/Readme.md:5
packages/microservices/Readme.md:5
packages/testing/Readme.md:5
readme_jp.md:5
readme_kr.md:5
readme_zh.md:5
critical Security checks software dependencies conf 0.88 form-data: GHSA-fjxv-7rqg-78g4
form-data uses unsafe random function in form-data for choosing boundary
package-lock.json
critical Security checks security secrets conf 0.95 Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.
Gitleaks detected a committed secret or credential pattern.
integration/microservices/src/tcp-tls/privkey.pem:1
high Security checks security auth conf 0.70 5 occurrences [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id.
A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /:id.
3 files, 5 locations
integration/repl/src/users/users.controller.ts:28, 33, 38 (3 hits)
integration/inspector/src/cats/cats.controller.ts:23
integration/inspector/src/database/database.controller.ts:41
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /local-pipe/:id.
A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /local-pipe/:id.
integration/hello-world/src/host-array/host-array.controller.ts:29
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /local-pipe/:id.
A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /local-pipe/:id.
integration/hello-world/src/hello/hello.controller.ts:26
high Security checks software dependencies conf 0.88 braces: GHSA-grv7-fg5c-xmjg
Uncontrolled resource consumption in braces
package-lock.json
high Security checks cicd CI/CD security conf 0.90 8 occurrences Database service has no persistent data volume
Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state.
6 files, 8 locations
integration/docker-compose.yml:26, 35 (2 hits)
sample/05-sql-typeorm/docker-compose.yml:3, 11 (2 hits)
sample/06-mongoose/docker-compose.yml:3
sample/07-sequelize/docker-compose.yml:3
sample/13-mongo-typeorm/docker-compose.yml:3
sample/14-mongoose-base/docker-compose.yml:3
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.84 13 occurrences Database service publishes a host port
Publishing database ports to the host increases exposure. Internal Compose networking usually only needs expose, not ports.
7 files, 13 locations
integration/docker-compose.yml:3, 26, 35, 42, 50, 59 (6 hits)
sample/05-sql-typeorm/docker-compose.yml:3, 11 (2 hits)
sample/06-mongoose/docker-compose.yml:3
sample/07-sequelize/docker-compose.yml:3
sample/13-mongo-typeorm/docker-compose.yml:3
sample/14-mongoose-base/docker-compose.yml:3
sample/26-queues/docker-compose.yml:2
CI/CD securitycontainers
high Security checks software dependencies conf 0.88 diff: GHSA-h6ch-v84p-w6p9
Regular Expression Denial of Service (ReDoS)
package-lock.json
medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 6 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `github/codeql-action/init` pinned to mutable ref `@v4` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
lines 37, 47, 61
.github/workflows/codeql-analysis.yml:37, 47, 61 (6 hits)
CI/CD securitySupply chainGitHub Actions
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 2 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `actions/checkout` pinned to mutable ref `@v6` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
lines 24
.github/workflows/codeql-analysis.yml:24 (2 hits)
CI/CD securitySupply chainGitHub Actions
high Security checks software dependencies conf 0.88 lodash.template: GHSA-35jh-r3h4-6jhm
Command Injection in lodash
package-lock.json
high Security checks software dependencies conf 0.88 serialize-javascript: GHSA-5c6j-r48x-rmvq
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
package-lock.json
high Security checks software dependencies conf 0.88 tar: GHSA-34x7-hfp2-rc4v
node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal
package-lock.json
high Security checks software dependencies conf 0.88 tar: GHSA-83g3-92jg-28cx
Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in node-tar Extraction
package-lock.json
high Security checks software dependencies conf 0.88 tar: GHSA-8qq5-rm4j-mr97
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization
package-lock.json
high Security checks software dependencies conf 0.88 tar: GHSA-9ppj-qmqm-q256
node-tar Symlink Path Traversal via Drive-Relative Linkpath
package-lock.json
high Security checks software dependencies conf 0.88 tar: GHSA-qffp-2rhf-9h96
tar has Hardlink Path Traversal via Drive-Relative Linkpath
package-lock.json
high Security checks software dependencies conf 0.88 tar: GHSA-r6q2-hw4h-h46w
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
package-lock.json
high System graph security security conf 1.00 Insecure pattern 'exec_used' in integration/lazy-modules/src/lazy.controller.ts:9
Found a known-risky pattern (exec_used). Review and replace if possible.
integration/lazy-modules/src/lazy.controller.ts:9 Exec used
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
high Security checks security auth conf 0.74 [AUC002] Low visible authorization coverage in route inventory: Only 4.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
Only 4.0% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
high Security checks security auth conf 0.68 2 occurrences [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /:id.
lines 33, 38
integration/repl/src/users/users.controller.ts:33, 38 (2 hits)
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /broadcast.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /broadcast.
integration/microservices/src/redis/redis-broadcast.controller.ts:16
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /hello.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /hello.
integration/scopes/src/msvc/http.controller.ts:6
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /hello/:name.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /hello/:name.
integration/nest-application/global-prefix/src/app.controller.ts:5
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /mathSumSyncKafkaMessage.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /mathSumSyncKafkaMessage.
integration/microservices/src/kafka/kafka.controller.ts:55
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /params.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /params.
integration/nest-application/global-prefix/src/app.controller.ts:10
high Security checks security auth conf 0.68 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /transient.
A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /transient.
integration/scopes/src/inject-inquirer/hello.controller.ts:15
medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
packages/microservices/client/client-mqtt.ts:135
packages/microservices/client/client-nats.ts:96
packages/microservices/client/client-redis.ts:129
medium Security checks software dependencies conf 0.88 brace-expansion: GHSA-f886-m6hf-6m8v
brace-expansion: Zero-step sequence causes process hang and memory exhaustion
package-lock.json
medium Security checks software dependencies conf 0.88 brace-expansion: GHSA-jxxr-4gwj-5jf2
brace-expansion: Large numeric range defeats documented `max` DoS protection
package-lock.json
medium Security checks cicd CI/CD security conf 0.94 3 occurrences Compose service `mongodb` image uses the latest tag
The latest tag is mutable and can change without a code review, producing different images from the same source.
3 files, 3 locations
integration/docker-compose.yml:35
sample/06-mongoose/docker-compose.yml:3
sample/14-mongoose-base/docker-compose.yml:3
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.56 3 occurrences Compose service contains a literal secret environment value
Literal secrets in Compose files are committed to source and exposed through container inspection.
2 files, 3 locations
sample/05-sql-typeorm/docker-compose.yml:3, 11 (2 hits)
sample/07-sequelize/docker-compose.yml:3
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.88 8 occurrences Database service has no healthcheck
Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy.
6 files, 8 locations
integration/docker-compose.yml:26, 35 (2 hits)
sample/05-sql-typeorm/docker-compose.yml:3, 11 (2 hits)
sample/06-mongoose/docker-compose.yml:3
sample/07-sequelize/docker-compose.yml:3
sample/13-mongo-typeorm/docker-compose.yml:3
sample/14-mongoose-base/docker-compose.yml:3
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.74 5 occurrences Database service has no persistent data volume
Database containers store data in the writable container layer unless a volume or bind mount is attached to the image's data directory. Recreating the container can lose state.
2 files, 5 locations
integration/docker-compose.yml:3, 42, 50, 59 (4 hits)
sample/26-queues/docker-compose.yml:2
CI/CD securitycontainers
high Security checks quality Quality conf 0.74 Frontend API reference is not matched by discovered backend routes
A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys.
packages/common/interfaces/version-options.interface.ts:55
medium Security checks software dependencies conf 0.88 js-yaml: GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<)
package-lock.json
medium Security checks software dependencies conf 0.88 micromatch: GHSA-952p-6rrq-rcjv
Regular Expression Denial of Service (ReDoS) in micromatch
package-lock.json
medium Security checks software dependencies conf 0.90 2 occurrences npm package `@eslint/js` is 1 major version(s) behind (9.39.4 -> 10.0.1)
`@eslint/js` is pinned/resolved at 9.39.4 but the latest stable release on the npm registry is 10.0.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
package.json
sample/12-graphql-schema-first/package.json
medium Security checks software dependencies conf 0.90 npm package `@types/chai-as-promised` is 1 major version(s) behind (7.1.8 -> 8.0.2)
`@types/chai-as-promised` is pinned/resolved at 7.1.8 but the latest stable release on the npm registry is 8.0.2 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs r…
package.json
medium Security checks software dependencies conf 0.90 npm package `@types/chai` is 1 major version(s) behind (4.3.20 -> 5.2.3)
`@types/chai` is pinned/resolved at 4.3.20 but the latest stable release on the npm registry is 5.2.3 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.90 npm package `@types/eslint__js` is 1 major version(s) behind (8.42.3 -> 9.14.0)
`@types/eslint__js` is pinned/resolved at 8.42.3 but the latest stable release on the npm registry is 9.14.0 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.90 npm package `chai-as-promised` is 1 major version(s) behind (7.1.2 -> 8.0.2)
`chai-as-promised` is pinned/resolved at 7.1.2 but the latest stable release on the npm registry is 8.0.2 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.90 npm package `chai` is 2 major version(s) behind (4.5.0 -> 6.2.2)
`chai` is pinned/resolved at 4.5.0 but the latest stable release on the npm registry is 6.2.2 (2 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.90 2 occurrences npm package `file-type` is 1 major version(s) behind (21.3.4 -> 22.0.1)
`file-type` is pinned/resolved at 21.3.4 but the latest stable release on the npm registry is 22.0.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
package.json
packages/common/package.json
medium Security checks software dependencies conf 0.90 2 occurrences npm package `globals` is 3 major version(s) behind (14.0.0 -> 17.6.0)
`globals` is pinned/resolved at 14.0.0 but the latest stable release on the npm registry is 17.6.0 (3 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
package.json
sample/12-graphql-schema-first/package.json
medium Security checks software dependencies conf 0.90 npm package `gulp-typescript` is 1 major version(s) behind (5.0.1 -> 6.0.0-alpha.1)
`gulp-typescript` is pinned/resolved at 5.0.1 but the latest stable release on the npm registry is 6.0.0-alpha.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs r…
package.json
medium Security checks software dependencies conf 0.90 npm package `markdown-table` is 1 major version(s) behind (2.0.0 -> 3.0.4)
`markdown-table` is pinned/resolved at 2.0.0 but the latest stable release on the npm registry is 3.0.4 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.90 npm package `rimraf` is 3 major version(s) behind (3.0.2 -> 6.1.3)
`rimraf` is pinned/resolved at 3.0.2 but the latest stable release on the npm registry is 6.1.3 (3 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
sample/12-graphql-schema-first/package.json
medium Security checks software dependencies conf 0.90 npm package `sinon-chai` is 1 major version(s) behind (3.7.0 -> 4.0.1)
`sinon-chai` is pinned/resolved at 3.7.0 but the latest stable release on the npm registry is 4.0.1 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.90 npm package `uuid` is 6 major version(s) behind (8.3.2 -> 14.0.0)
`uuid` is pinned/resolved at 8.3.2 but the latest stable release on the npm registry is 14.0.0 (6 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
package.json
medium Security checks software dependencies conf 0.88 postcss: GHSA-7fh5-64p2-3v2j
PostCSS line return parsing error
package-lock.json
medium Security checks software dependencies conf 0.88 postcss: GHSA-qx2v-qp2m-jg93
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
package-lock.json
medium Security checks quality Quality conf 0.78 Public web service has no security.txt
security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt.
.well-known/security.txt
medium Security checks software dependencies conf 0.88 qs: GHSA-6rw7-vpxm-498p
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
package-lock.json
medium Security checks software dependencies conf 0.88 qs: GHSA-q8mj-m7cp-5q26
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
package-lock.json
medium Security checks software dependencies conf 0.88 request: GHSA-p8p7-x288-28g6
Server-Side Request Forgery in Request
package-lock.json
medium Security checks software dependencies conf 0.88 serialize-javascript: GHSA-qj8w-gfj5-8c6v
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
package-lock.json
medium Security checks software dependencies conf 0.88 tough-cookie: GHSA-72xf-g2v4-qvf3
tough-cookie Prototype Pollution vulnerability
package-lock.json
medium Security checks software dependencies conf 0.88 2 occurrences uuid: GHSA-w5hq-g745-h8pq
uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided
2 files, 2 locations
package-lock.json
tools/benchmarks/package-lock.json
medium Security checks software dependencies conf 0.88 ws: GHSA-58qx-3vcg-4xpx
ws: Uninitialized memory disclosure
package-lock.json
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — integration/nest-application/sse/e2e/express.spec.ts:33
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — integration/nest-application/sse/e2e/fastify.spec.ts:38
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — integration/nest-application/sse/e2e/utils.ts:13
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/microservices/external/kafka.interface.ts:684
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
low Security checks software dependencies conf 0.88 @tootallnate/once: GHSA-vpq2-c234-7xj6
@tootallnate/once vulnerable to Incorrect Control Flow Scoping
package-lock.json
low Security checks software dependencies conf 0.88 brace-expansion: GHSA-v6h2-p8h4-qcjw
brace-expansion Regular Expression Denial of Service vulnerability
package-lock.json
high Security checks cicd CI/CD security conf 0.56 2 occurrences Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
lines 9, 17
integration/docker-compose.yml:9, 17 (2 hits)
CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 2 occurrences Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
lines 9, 17
integration/docker-compose.yml:9, 17 (2 hits)
CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.72 5 occurrences Database service has no healthcheck
Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy.
2 files, 5 locations
integration/docker-compose.yml:3, 42, 50, 59 (4 hits)
sample/26-queues/docker-compose.yml:2
CI/CD securitycontainers
low Security checks software dependencies conf 0.88 diff: GHSA-73rr-hh4g-fpgx
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
package-lock.json
low Security checks quality Quality conf 0.60 30 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 13 locations
integration/microservices/src/rmq/rmq.controller.ts:33, 34 (2 hits)
integration/hello-world/src/host/host.controller.ts:11
integration/inspector/src/properties/properties.module.ts:1
integration/microservices/src/mqtt/mqtt.controller.ts:144
integration/microservices/src/redis/redis-broadcast.controller.ts:13
integration/microservices/src/redis/redis.controller.ts:20
integration/microservices/src/rmq/rmq-broadcast.controller.ts:24
integration/microservices/src/tcp-tls/app.controller.ts:1
duplicationquality
low Security checks software dependencies conf 0.90 7 occurrences npm package `@nestjs/websockets` is minor version(s) behind (^11.0.0 -> 11.1.24)
`@nestjs/websockets` is pinned/resolved at ^11.0.0 but the latest stable release on the npm registry is 11.1.24 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs rais…
6 files, 7 locations
packages/core/package.json (2 hits)
packages/microservices/package.json
packages/platform-socket.io/package.json
packages/platform-ws/package.json
packages/testing/package.json
packages/websockets/package.json
low Security checks software dependencies conf 0.90 2 occurrences npm package `ws` is minor version(s) behind (8.20.1 -> 8.21.0)
`ws` is pinned/resolved at 8.20.1 but the latest stable release on the npm registry is 8.21.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
2 files, 2 locations
package.json
packages/platform-ws/package.json
low Security checks software dependencies conf 0.88 qs: GHSA-w7fw-mjwx-w883
qs's arrayLimit bypass in comma parsing allows denial of service
package-lock.json
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph software Dead code candidate conf 1.00 File has no detected symbols: gulpfile.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/auto-mock/test/bar.service.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/cors/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/cors/e2e/fastify.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-code-first/e2e/code-first.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-code-first/e2e/guards-filters.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-code-first/e2e/pipes.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-schema-first/e2e/graphql-async-class.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-schema-first/e2e/graphql-async-existing.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-schema-first/e2e/graphql-async.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-schema-first/e2e/graphql-request-scoped.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-schema-first/e2e/graphql.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/graphql-schema-first/src/cats/interfaces/cat.interface.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/broadcast-mqtt.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/broadcast-nats.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/broadcast-redis.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/disconnected-client.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/fanout-exchange-rmq.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/math-grpc.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/mqtt-record-builder.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/orders-grpc.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-kafka.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-mqtt.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-nats.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-redis.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-rmq.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-rpc-tls.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/sum-rpc.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/microservices/e2e/topic-exchange-rmq.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/module-utils/src/integration.module-definition.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/module-utils/src/interfaces/integration-module-options.interface.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/module-utils/test/integration-module.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/app-locals/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/get-url/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/get-url/e2e/fastify.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/global-prefix/e2e/global-prefix.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/listen/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/listen/e2e/fastify.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/raw-body/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/raw-body/e2e/fastify.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/sse/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/sse/e2e/fastify.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/use-body-parser/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/nest-application/use-body-parser/e2e/fastify.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/repl/e2e/repl.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/scopes/e2e/inject-inquirer.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/scopes/e2e/request-modules-scope.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/scopes/e2e/resolve-scoped.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/scopes/src/resolve-scoped/logger.provider.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: integration/send-files/e2e/express.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Tests conf 1.00 Low test-to-source ratio
262 tests / 1420 src (ratio 0.18).
low System graph cicd CI/CD security conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json CI/CD securitySupply chainNpm
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/auto-mock/src/foo.service.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/discovery/src/my-webhook/cleanup.webhook.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/discovery/src/my-webhook/flush.webhook.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/hooks/src/enable-shutdown-hooks-main.ts:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/inspector/src/common/middleware/logger.middleware.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/inspector/src/core/interceptors/logging.interceptor.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/versioning/src/main.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — integration/websockets/e2e/ws-gateway.spec.ts:99
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/common/decorators/http/route-params.decorator.ts:177
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/common/services/console-logger.service.ts:347
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/microservices/test/module/clients.module.spec.ts:104
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/microservices/test/server/server-grpc.spec.ts:309
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/microservices/test/server/server-kafka.spec.ts:164
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/websockets/test/exceptions/ws-exceptions-handler.spec.ts:57
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/01-cats-app/src/cats/cats.controller.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/01-cats-app/src/common/middleware/logger.middleware.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/01-cats-app/src/core/interceptors/logging.interceptor.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/01-cats-app/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/02-gateways/src/main.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/03-microservices/src/common/interceptors/logging.interceptor.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/03-microservices/src/main.ts:25
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/04-grpc/src/main.ts:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/05-sql-typeorm/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/06-mongoose/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/07-sequelize/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/08-webpack/src/main.ts:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/09-babel-example/src/main.js:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/10-fastify/src/common/middleware/logger.middleware.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/10-fastify/src/core/interceptors/logging.interceptor.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/10-fastify/src/main.ts:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/11-swagger/src/main.ts:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/12-graphql-schema-first/src/common/plugins/logging.plugin.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/12-graphql-schema-first/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/13-mongo-typeorm/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/14-mongoose-base/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/15-mvc/src/main.ts:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/16-gateways-ws/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/17-mvc-fastify/src/main.ts:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/18-context/src/main.ts:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/19-auth-jwt/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/20-cache/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/21-serializer/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/22-graphql-prisma/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/23-graphql-code-first/src/common/plugins/complexity.plugin.ts:35
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/23-graphql-code-first/src/common/plugins/logging.plugin.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/23-graphql-code-first/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/24-serve-static/src/main.ts:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/25-dynamic-modules/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/26-queues/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/27-scheduling/src/main.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/28-sse/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/29-file-upload/src/main.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/30-event-emitter/src/orders/listeners/order-created.listener.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/33-graphql-mercurius/src/main.ts:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/36-hmr-esm/src/cats/cats.controller.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/36-hmr-esm/src/common/middleware/logger.middleware.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/36-hmr-esm/src/core/interceptors/logging.interceptor.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — sample/36-hmr-esm/src/main.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — scripts/wait-for-rabbitmq.js:30
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — tools/benchmarks/src/main.ts:89
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /users/:id
`integration/repl/src/users/users.controller.ts` declares `DELETE /users/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /broadcast
`integration/microservices/src/mqtt/mqtt-broadcast.controller.ts` declares `GET /broadcast` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /cats/:id
`sample/09-babel-example/src/cats/cats.controller.js` declares `GET /cats/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /count
`integration/nest-application/global-prefix/src/app.controller.ts` declares `GET /count` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /exception
`integration/microservices/src/nats/nats.controller.ts` declares `GET /exception` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /fanout-exchange
`integration/microservices/src/rmq/fanout-exchange-producer-rmq.controller.ts` declares `GET /fanout-exchange` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /file/buffer
`integration/send-files/src/app.controller.ts` declares `GET /file/buffer` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /file/rxjs/stream
`integration/send-files/src/app.controller.ts` declares `GET /file/rxjs/stream` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /file/stream
`integration/send-files/src/app.controller.ts` declares `GET /file/stream` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /hello/:name
`integration/nest-application/global-prefix/src/app.controller.ts` declares `GET /hello/:name` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /non-file/pipe-method
`integration/send-files/src/app.controller.ts` declares `GET /non-file/pipe-method` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consume…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /params
`integration/nest-application/global-prefix/src/app.controller.ts` declares `GET /params` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who c…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /sse/promise-delayed/stats
`integration/nest-application/sse/src/app.controller.ts` declares `GET /sse/promise-delayed/stats` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or document…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /test
`integration/nest-application/global-prefix/src/app.controller.ts` declares `GET /test` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /topic-exchange
`integration/microservices/src/rmq/topic-exchange-rmq.controller.ts` declares `GET /topic-exchange` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documen…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /users/:id
`integration/repl/src/users/users.controller.ts` declares `GET /users/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PATCH /users/:id
`integration/repl/src/users/users.controller.ts` declares `PATCH /users/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /business
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /business` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consume…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /client-streaming
`integration/microservices/src/grpc-advanced/advanced.grpc.controller.ts` declares `POST /client-streaming` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /concurrent
`integration/microservices/src/app.controller.ts` declares `POST /concurrent` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /error
`integration/microservices/src/app.controller.ts` declares `POST /error` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /go
`integration/microservices/src/kafka-concurrent/kafka-concurrent.messages.controller.ts` declares `POST /go` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing o…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncArray
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /mathSumSyncArray` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncKafkaMessage
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /mathSumSyncKafkaMessage` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or document…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncNumber
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /mathSumSyncNumber` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting wh…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncNumberWait
`integration/microservices/src/kafka-concurrent/kafka-concurrent.controller.ts` declares `POST /mathSumSyncNumberWait` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncPlainObject
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /mathSumSyncPlainObject` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncString
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /mathSumSyncString` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting wh…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /mathSumSyncWithoutKey
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /mathSumSyncWithoutKey` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documentin…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /multi/sum
`integration/microservices/src/grpc/grpc.controller.ts` declares `POST /multi/sum` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /multi/sum2
`integration/microservices/src/grpc/grpc.controller.ts` declares `POST /multi/sum2` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consume…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /multiple-urls
`integration/microservices/src/rmq/rmq.controller.ts` declares `POST /multiple-urls` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /notify
`integration/microservices/src/app.controller.ts` declares `POST /notify` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /record-builder-duplex
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /record-builder-duplex` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /shared-wildcard-event
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /shared-wildcard-event` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /shared-wildcard-event2
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /shared-wildcard-event2` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /shared-wildcard-message
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /shared-wildcard-message` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documentin…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /shared-wildcard-message2
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /shared-wildcard-message2` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /sse/promise-delayed/release
`integration/nest-application/sse/src/app.controller.ts` declares `POST /sse/promise-delayed/release` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docum…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /stream
`integration/microservices/src/app.controller.ts` declares `POST /stream` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /sum
`integration/microservices/src/grpc/grpc.controller.ts` declares `POST /sum` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /test
`integration/nest-application/global-prefix/src/app.controller.ts` declares `POST /test` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /upperMethod/sum
`integration/microservices/src/grpc/grpc.controller.ts` declares `POST /upperMethod/sum` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /useClass
`integration/microservices/src/app.controller.ts` declares `POST /useClass` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /useFactory
`integration/microservices/src/app.controller.ts` declares `POST /useFactory` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /user
`integration/microservices/src/kafka/kafka.controller.ts` declares `POST /user` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /wildcard-event
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /wildcard-event` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /wildcard-event2
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /wildcard-event2` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /wildcard-message
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /wildcard-message` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who c…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /wildcard-message2
`integration/microservices/src/mqtt/mqtt.controller.ts` declares `POST /wildcard-message2` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who …
Unused endpoint
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/30c176fa-1f87-4509-90b0-d3641fa6f6dc/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/30c176fa-1f87-4509-90b0-d3641fa6f6dc/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.