Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 2.41s · analysis 6.51s · 4.2 MB · GitHub API rate-limit (preflight)

e2b-dev/E2B

https://github.com/e2b-dev/E2B · scanned 2026-05-31 01:23 UTC (5 days, 7 hours ago) · 10 languages

661 findings (208 legacy + 453 scanner) 86th percentile · Python · medium (20-100K LoC) Scanner says 73 (higher by 8)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 7 hours ago · v2 · 436 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
75.2
/100
Repobility
77
208 legacy
9-layer
73
100.0% cov · 228 gaps
Critical
7
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 89.6 0.25 22.40
testing_score 100.0 0.20 20.00
documentation_score 79.0 0.15 11.85
practices_score 84.0 0.15 12.60
code_quality 54.1 0.10 5.41
Overall 1.00 81.3
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 7 High 144 Medium 53 Low 198 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 208 9-layer 228 Crowd 0 Layer: Quality 193 Cicd 71 Software 134 Security 3 Frontend 32 Hardware 3
Corpus Intelligence Cross-corpus context (cohort percentile, top patterns, fix plan) is shown only on repositories you own. Sign up and connect your repo to view it.
Scan summary Repository scanned at 73.4/100 with 100.0% coverage. It contains 3924 nodes across 2 cross-layer flows, written primarily in mixed languages. Engine surfaced 228 findings — concentrated in software (80), cicd (63), quality (50). Risk profile is low: 0 critical, 0 high, 37 medium. Recommended next step: open the software layer findings first — that's where the highest-impact wins live.

Showing 315 of 436 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Legacy quality quality conf 1.00 ✓ Repobility [MINED035] Js New Function: new Function(...) compiles strings to functions.
Review and fix per the pattern semantics. See CWE-95 / for context.
packages/js-sdk/src/undici.ts:16 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
packages/python-sdk/e2b/sandbox_sync/commands/command_handle.py:121 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
packages/python-sdk/e2b/sandbox_async/filesystem/watch_handle.py:39 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
packages/python-sdk/e2b/sandbox_async/commands/command_handle.py:143 qualitylegacy
low Legacy software xss conf 1.00 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline.
For plain text: use el.textContent = data.value (auto-escapes). For HTML you need to render: el.innerHTML = DOMPurify.sanitize(html). For React/Vue/Svelte: stop using innerHTML; use the framework's binding. When data comes from CV/PDF parsers, sanitize at the parser boundary too.
packages/cli/src/commands/sandbox/info.ts:97 xsslegacy
high Legacy cicd docker conf 1.00 [SEC069] Dockerfile: no USER directive (runs as root): Container runs as root because no USER directive was set. Ported from trivy DS002 / checkov CKV_DOCKER_3 (Apache-2.0). Implement as a file-level rule: skip if file contains `^\s*USER\s+\S+` other than `root`.
Add `RUN adduser -D app && USER app` before the CMD/ENTRYPOINT.
packages/python-sdk/e2b/template/dockerfile_parser.py:1 dockerlegacy
high Legacy cicd docker conf 1.00 [SEC069] Dockerfile: no USER directive (runs as root): Container runs as root because no USER directive was set. Ported from trivy DS002 / checkov CKV_DOCKER_3 (Apache-2.0). Implement as a file-level rule: skip if file contains `^\s*USER\s+\S+` other than `root`.
Add `RUN adduser -D app && USER app` before the CMD/ENTRYPOINT.
packages/js-sdk/src/template/dockerfileParser.ts:1 dockerlegacy
low Legacy quality quality conf 1.00 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0).
Use a literal RegExp or whitelist-validate user input before constructing patterns.
packages/js-sdk/src/utils.ts:99 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._create_stream_timeout` used but never assigned in __init__
Method `_prepare_server_stream_request` of class `Client` reads `self._create_stream_timeout`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:341 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._get_request_timeout` used but never assigned in __init__
Method `get_request_timeout` of class `ConnectionConfig` reads `self._get_request_timeout`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b/connection_config.py:138 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._prepare_server_stream_request` used but never assigned in __init__
Method `call_server_stream` of class `Client` reads `self._prepare_server_stream_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:410 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._prepare_server_stream_request` used but never assigned in __init__
Method `acall_server_stream` of class `Client` reads `self._prepare_server_stream_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:376 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._prepare_unary_request` used but never assigned in __init__
Method `call_unary` of class `Client` reads `self._prepare_unary_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:298 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._prepare_unary_request` used but never assigned in __init__
Method `acall_unary` of class `Client` reads `self._prepare_unary_request`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:277 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._process_unary_response` used but never assigned in __init__
Method `call_unary` of class `Client` reads `self._process_unary_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:306 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._process_unary_response` used but never assigned in __init__
Method `acall_unary` of class `Client` reads `self._process_unary_response`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:285 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.get_host` used but never assigned in __init__
Method `get_sandbox_direct_url` of class `ConnectionConfig` reads `self.get_host`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b/connection_config.py:158 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.get_host` used but never assigned in __init__
Method `get_sandbox_direct_url` of class `ConnectionConfig` reads `self.get_host`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b/connection_config.py:160 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.get_host` used but never assigned in __init__
Method `get_sandbox_url` of class `ConnectionConfig` reads `self.get_host`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b/connection_config.py:145 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.get_host` used but never assigned in __init__
Method `get_sandbox_url` of class `ConnectionConfig` reads `self.get_host`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b/connection_config.py:151 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.get_request_timeout` used but never assigned in __init__
Method `get_api_params` of class `ConnectionConfig` reads `self.get_request_timeout`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b/connection_config.py:211 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.header` used but never assigned in __init__
Method `parse` of class `ServerStreamParser` reads `self.header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:499 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.header` used but never assigned in __init__
Method `parse` of class `ServerStreamParser` reads `self.header`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:483 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.shift_buffer` used but never assigned in __init__
Method `parse` of class `ServerStreamParser` reads `self.shift_buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:488 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.shift_buffer` used but never assigned in __init__
Method `header` of class `ServerStreamParser` reads `self.shift_buffer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/python-sdk/e2b_connect/client.py:470 qualitylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v3`
`uses: actions/checkout@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:27 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pkg_artifacts.yml:18 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/create-github-app-token` pinned to mutable ref `@v1`
`uses: actions/create-github-app-token@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:20 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v6`
`uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pkg_artifacts.yml:32 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v6`
`uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:56 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v4`
`uses: actions/setup-python@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:39 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-artifact` pinned to mutable ref `@v4`
`uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pkg_artifacts.yml:62 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `changesets/action` pinned to mutable ref `@v1`
`uses: changesets/action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:81 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `pnpm/action-setup` pinned to mutable ref `@v4`
`uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pkg_artifacts.yml:26 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `pnpm/action-setup` pinned to mutable ref `@v4`
`uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:50 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `snok/install-poetry` pinned to mutable ref `@v1`
`uses: snok/install-poetry@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:44 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `wistia/parse-tool-versions` pinned to mutable ref `@v2.1.1`
`uses: wistia/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pkg_artifacts.yml:21 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `wistia/parse-tool-versions` pinned to mutable ref `@v2.1.1`
`uses: wistia/[email protected]` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/publish_packages.yml:32 dependencylegacy
high Legacy security auth conf 0.78 Consent is collected in UI without visible backend audit persistence
A frontend journey appears to ask for consent to share identity/KYC/biometric data, but backend code does not show a consent audit model with scope, purpose, legal text version, timestamp, IP, or user-agent evidence.
packages/js-sdk/src/envd/schema.gen.ts:56 authlegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `golang:1.23` not pinned by digest
`FROM golang:1.23` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
codegen.Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `python:3.10` not pinned by digest
`FROM python:3.10` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
codegen.Dockerfile:11 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `python:3.11.6` not pinned by digest
`FROM python:3.11.6` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
templates/base/e2b.Dockerfile:1 dependencylegacy
medium Legacy security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
authlegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
packages/python-sdk/e2b/template/dockerfile_parser.py:276 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
packages/python-sdk/e2b/sandbox_async/filesystem/watch_handle.py:39 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
packages/python-sdk/e2b/sandbox_async/commands/command_handle.py:143 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
packages/cli/src/commands/sandbox/create.ts:116 error_handlinglegacy
medium Legacy cicd docker conf 1.00 [SEC068] Dockerfile: base image uses :latest or no tag: FROM uses :latest or no tag — builds are not reproducible and may pull a compromised parent image. Ported from trivy DS001 (Apache-2.0).
Pin to a specific version tag (e.g. python:3.12.4-slim) or digest (image@sha256:...).
packages/python-sdk/e2b/template/dockerfile_parser.py:5 dockerlegacy
high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.
packages/python-sdk/e2b/sandbox_sync/main.py:193 qualitylegacy
high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.
packages/python-sdk/e2b/sandbox_async/main.py:195 qualitylegacy
high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.
packages/python-sdk/e2b/sandbox/sandbox_api.py:1 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_sync/commands/command_handle.py:123 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox/_git/parse.py:46 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox/_git/parse.py:41 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_async/filesystem/watch_handle.py:61 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_async/commands/command_handle.py:163 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_async/git.py:224 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_async/git.py:210 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_async/git.py:144 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_sync/git.py:245 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_sync/git.py:231 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/sandbox_sync/git.py:144 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/python-sdk/e2b/template/utils.py:348 qualitylegacy
medium Legacy quality quality conf 0.76 Calendar/event date parsing can crash on malformed persisted data
Browser storage, migrations, and partial writes can leave invalid date strings. Rendering `new Date(event.startAt)` without a validity guard can crash React views.
packages/js-sdk/src/sandbox/sandboxApi.ts:854 qualitylegacy
medium Legacy quality quality conf 0.76 Calendar/event date parsing can crash on malformed persisted data
Browser storage, migrations, and partial writes can leave invalid date strings. Rendering `new Date(event.startAt)` without a validity guard can crash React views.
packages/cli/src/commands/sandbox/list.ts:98 qualitylegacy
medium Legacy cicd docker conf 0.90 Docker build context has no .dockerignore
Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts.
.dockerignore dockerlegacy
medium Legacy quality quality conf 1.00 ✓ Repobility Mutable default argument in `wait_for_build_finish` (list)
`def wait_for_build_finish(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
packages/python-sdk/e2b/template_async/build_api.py:203 qualitylegacy
medium Legacy quality quality conf 1.00 ✓ Repobility Mutable default argument in `wait_for_build_finish` (list)
`def wait_for_build_finish(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
packages/python-sdk/e2b/template_sync/build_api.py:202 qualitylegacy
medium Legacy quality quality conf 0.78 Public web service has no security.txt
security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt.
.well-known/security.txt qualitylegacy
medium Legacy software dependency conf 0.90 ✓ Repobility requirements.txt: `build` has no version pin
Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
packages/connect-python/requirements-dev.txt:4 dependencylegacy
medium Legacy software dependency conf 0.90 ✓ Repobility requirements.txt: `ruff` has no version pin
Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
packages/connect-python/requirements-dev.txt:3 dependencylegacy
medium Legacy software dependency conf 0.90 ✓ Repobility requirements.txt: `twine` has no version pin
Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
packages/connect-python/requirements-dev.txt:5 dependencylegacy
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/cli/src/commands/template/buildWithProxy.ts:126
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/js-sdk/src/template/buildApi.ts:150
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — supabase/functions/new_user/index.ts:15
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: packages/cli/testground/demo-basic/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_packages.yml:32 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
snok/install-poetry@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_packages.yml:44 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
changesets/action@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_packages.yml:81 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:21 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
snok/install-poetry@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:89 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/typecheck.yml:18 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
snok/install-poetry@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/typecheck.yml:48 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/lint.yml:18 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
snok/install-poetry@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/lint.yml:48 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
supabase/setup-cli@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/supabase.yml:31 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/setup-buildx-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/templates.yml:27 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/login-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/templates.yml:30 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:66 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
pnpm/action-setup@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:73 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
rtCamp/action-slack-notify@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:156 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_candidates.yml:38 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
snok/install-poetry@v1 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_candidates.yml:76 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
wistia/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/generated_files.yml:18 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
pnpm/action-setup@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/generated_files.yml:25 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/setup-buildx-action@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/generated_files.yml:47 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
docker/build-push-action@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/generated_files.yml:50 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/publish_packages.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/release.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/publish_candidates.yml supply-chaingithub-actionsleast-privilege
low Legacy cicd docker conf 1.00 [SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive — orchestrators can't detect a wedged process. Ported from trivy DS026 / checkov CKV_DOCKER_2 (Apache-2.0). Implement file-level: skip if file contains `^\s*HEALTHCHECK\b`.
Add `HEALTHCHECK CMD curl -f http://localhost:PORT/health || exit 1`.
packages/python-sdk/e2b/template/dockerfile_parser.py:1 dockerlegacy
low Legacy cicd docker conf 1.00 [SEC075] Dockerfile: no HEALTHCHECK: No HEALTHCHECK directive — orchestrators can't detect a wedged process. Ported from trivy DS026 / checkov CKV_DOCKER_2 (Apache-2.0). Implement file-level: skip if file contains `^\s*HEALTHCHECK\b`.
Add `HEALTHCHECK CMD curl -f http://localhost:PORT/health || exit 1`.
packages/js-sdk/src/template/dockerfileParser.ts:1 dockerlegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/tags/post_templates_tags.py:26 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/tags/delete_templates_tags.py:29 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/tags/delete_templates_tags.py:26 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/put_sandboxes_sandbox_id_network.py:22 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/put_sandboxes_sandbox_id_network.py:21 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/put_sandboxes_sandbox_id_network.py:17 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_timeout.py:23 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_timeout.py:19 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_snapshots.py:33 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_snapshots.py:30 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_snapshots.py:29 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_resume.py:42 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_resume.py:37 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_resume.py:28 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_refreshes.py:23 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_pause.py:14 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_connect.py:40 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/js-sdk/src/envd/http2.ts:51 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_connect.py:34 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_connect.py:31 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes.py:27 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_v_2_sandboxes_sandbox_id_logs.py:43 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_v_2_sandboxes_sandbox_id_logs.py:42 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_v2_sandboxes.py:32 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_sandboxes_sandbox_id_metrics.py:36 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_sandboxes_sandbox_id_logs.py:29 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_sandboxes_sandbox_id_logs.py:28 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_sandboxes_sandbox_id.py:22 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/python-sdk/e2b/api/client/api/sandboxes/get_sandboxes_metrics.py:26 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/js-sdk/src/envd/process/process_pb.ts:1 qualitylegacy
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/src/commands/auth/info.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/src/commands/auth/logout.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/src/commands/template/create.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/src/commands/template/generators/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/src/docker/constants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/src/options.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/sandbox/exec_helpers.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/delete.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/complex-python/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/complex-python/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/complex-python/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/complex-python/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/complex-python/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/copy-variations/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/copy-variations/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/copy-variations/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/copy-variations/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/copy-variations/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/custom-commands/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/custom-commands/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/custom-commands/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/custom-commands/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/custom-commands/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/minimal-dockerfile/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/minimal-dockerfile/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/minimal-dockerfile/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/minimal-dockerfile/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/minimal-dockerfile/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multi-stage/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multi-stage/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multi-stage/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multi-stage/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multi-stage/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multiple-env/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multiple-env/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multiple-env/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multiple-env/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/multiple-env/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/start-cmd/expected/python-async/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/start-cmd/expected/python-sync/build_dev.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/start-cmd/expected/python-sync/build_prod.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/start-cmd/expected/python-sync/template.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/fixtures/start-cmd/expected/typescript/template.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/commands/template/publish.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tests/utils/errors.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/tsup.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/cli/vitest.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/python-sdk/e2b/api/metadata.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/python-sdk/e2b/sandbox_async/utils.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: spec/remove_extra_tags.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_packages.yml:27 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_packages.yml:39 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_packages.yml:56 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:18 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:32 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:62 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:78 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:84 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/pkg_artifacts.yml:104 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/typecheck.yml:15 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/typecheck.yml:29 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/typecheck.yml:43 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/lint.yml:15 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/lint.yml:29 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/lint.yml:43 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/supabase.yml:28 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/templates.yml:24 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v3 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:63 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/release.yml:79 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/checkout@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_candidates.yml:35 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v6 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_candidates.yml:50 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-python@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/publish_candidates.yml:70 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/setup-node@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/generated_files.yml:31 supply-chaingithub-actionspinned-dependencies
low 9-layer quality integrity conf 1.00 Legacy-named symbol `server_v2` in packages/cli/tests/commands/template/init.test.ts:101
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_build_request_v2` in packages/python-sdk/e2b/api/client/api/templates/post_v2_templates.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_build_request_v2` in packages/python-sdk/e2b/api/client/models/__init__.py:79
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_build_request_v2` in packages/python-sdk/e2b/api/client/models/template_build_request_v2.py:64
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_build_start_v2` in packages/python-sdk/e2b/api/client/api/templates/post_v_2_templates_template_id_builds_build_id.py:9
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_build_start_v2` in packages/python-sdk/e2b/api/client/models/template_build_start_v2.py:157
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_legacy` in packages/python-sdk/e2b/api/client/api/templates/post_templates.py:10
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `template_legacy` in packages/python-sdk/e2b/api/client/api/templates/post_templates_template_id.py:10
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `TemplateLegacy` in packages/js-sdk/src/api/schema.gen.ts:840
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `TemplateLegacy` in packages/python-sdk/e2b/api/client/models/template_legacy.py:13
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_from_dockerfile_with_multi_source_copy` in packages/python-sdk/tests/async/template_async/methods/test_from_dockerfile.py:70
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_from_dockerfile_with_multi_source_copy` in packages/python-sdk/tests/sync/template_sync/methods/test_from_dockerfile.py:70
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_rename_old` in packages/js-sdk/tests/sandbox/files/rename.test.ts:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_rename_old` in packages/python-sdk/tests/async/sandbox_async/files/test_rename.py:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_rename_old` in packages/python-sdk/tests/sync/sandbox_sync/files/test_rename.py:6
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_traces_on_copy` in packages/python-sdk/tests/async/template_async/test_stacktrace.py:161
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_traces_on_copy` in packages/python-sdk/tests/sync/template_sync/test_stacktrace.py:165
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:make_error_from_http_code, packages/python-sdk/e2b_connect/client.py:make_error This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate o…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:retry, packages/python-sdk/e2b_connect/client.py:retry This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're se…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:acall_unary, packages/python-sdk/e2b_connect/client.py:call_unary This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:acall_server_stream, packages/python-sdk/e2b_connect/client.py:call_server_stream This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:header, packages/python-sdk/e2b_connect/client.py:header This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/connection_config.py:get_sandbox_url, packages/python-sdk/e2b/connection_config.py:get_sandbox_direct_url This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Conso…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/connection_config.py:get_host, packages/python-sdk/e2b/sandbox/main.py:get_host This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why the…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:request_build, packages/python-sdk/e2b/template_sync/build_api.py:request_build This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Con…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:get_file_upload_link, packages/python-sdk/e2b/template_sync/build_api.py:get_file_upload_link This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:upload_file, packages/python-sdk/e2b/template_sync/build_api.py:upload_file This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:trigger_build, packages/python-sdk/e2b/template_sync/build_api.py:trigger_build This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Con…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:wait_for_build_finish, packages/python-sdk/e2b/template_sync/build_api.py:wait_for_build_finish This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-co…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:check_alias_exists, packages/python-sdk/e2b/template_sync/build_api.py:check_alias_exists This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hyg…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:assign_tags, packages/python-sdk/e2b/template_sync/build_api.py:assign_tags This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:remove_tags, packages/python-sdk/e2b/template_sync/build_api.py:remove_tags This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/build_api.py:get_template_tags, packages/python-sdk/e2b/template_sync/build_api.py:get_template_tags This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygie…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/main.py:get_build_status, packages/python-sdk/e2b/template_sync/main.py:get_build_status This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:encode_envelope, packages/python-sdk/e2b_connect/client.py:encode, packages/python-sdk/e2b_connect/client.py:encode This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://j…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b_connect/client.py:decode_envelope_header, packages/python-sdk/e2b_connect/client.py:decode, packages/python-sdk/e2b_connect/client.py:decode This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see ht…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: packages/python-sdk/e2b/template_async/main.py:build, packages/python-sdk/e2b/template_async/main.py:build_in_background, packages/python-sdk/e2b/template_sync/main.py:build, packages/python-sdk/e2b/template_sync/main.py:build_in_background This is *…
integrityduplicatedry
low 9-layer software dead-code conf 1.00 Possibly dead Python function: acall_bidi_stream
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b_connect/client.py:441 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: call_bidi_stream
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b_connect/client.py:438 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: decorator
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b_connect/client.py:137 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: format_execution_timeout_error
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/exceptions.py:13 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: format_sandbox_timeout_exception
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/exceptions.py:1 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: retry
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b_connect/client.py:124 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: set_async_httpx_client
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/client.py:252 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: set_httpx_client
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/client.py:218 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/post_v2_templates.py:98 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/patch_templates_template_id.py:100 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/get_templates_template_id_builds_build_id_status.py:122 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/get_templates_template_id_builds_build_id_logs.py:144 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/get_templates_aliases_alias.py:93 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/post_templates_template_id_builds_build_id.py:87 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/post_templates.py:98 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/post_templates_template_id.py:98 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/post_v3_templates.py:102 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/patch_v_2_templates_template_id.py:102 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/get_templates_template_id.py:103 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/post_v_2_templates_template_id_builds_build_id.py:100 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/get_templates.py:98 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/get_templates_template_id_files_hash.py:97 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/templates/delete_templates_template_id.py:83 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/sandboxes/put_sandboxes_sandbox_id_network.py:107 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_timeout.py:104 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_resume.py:106 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/api/sandboxes/post_sandboxes_sandbox_id_connect.py:110 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: to_tuple
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/types.py:36 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: with_cookies
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/client.py:202 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: with_headers
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
packages/python-sdk/e2b/api/client/client.py:194 dead-code
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/auth/configure.ts:22
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/auth/info.ts:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/auth/login.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/auth/logout.ts:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/connect.ts:43
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/create.ts:57
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/info.ts:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/kill.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/list.ts:49
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/logs.ts:103
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/metrics.ts:42
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/pause.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/sandbox/resume.ts:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/build.ts:118
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/buildWithProxy.ts:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/create.ts:110
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/delete.ts:104
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/generators/template-generator.ts:43
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/init.ts:78
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/list.ts:33
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/migrate.ts:120
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/commands/template/publish.ts:82
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/utils/commands2md.ts:79
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/cli/src/utils/urls.ts:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/js-sdk/src/sandbox/sandboxApi.ts:1183
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/js-sdk/src/template/index.ts:290
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/js-sdk/tests/integration/randomness.test.ts:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak

Showing first 300 of 315. Refine filters or use the legacy findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/40abc3d1-0134-4adb-a0b0-f6d2e010ea31/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/40abc3d1-0134-4adb-a0b0-f6d2e010ea31/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.