{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED075", "name": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.", "shortDescription": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-690 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED022", "name": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-120 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED015", "name": "[MINED015] Ruby Eval Call (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED015] Ruby Eval Call (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 64 more): Same pattern found in 64 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 64 more): Same pattern found in 64 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 11 more): Same pattern found in 11 additional files. Review if nee", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 12 more): Same pattern found in 12 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` reso", "shortDescription": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-file"}, "fullDescription": {"text": "Replace with: `uses: actions/upload-artifact@<40-char-sha>  # v4.4.0` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED028", "name": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line.", "shortDescription": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED011", "name": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match.", "shortDescription": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED017", "name": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.", "shortDescription": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED010", "name": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic.", "shortDescription": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.NPM_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, whic", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.NPM_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NPM_TOKEN }` lets a PR from any fork exfiltrate the secret (modify"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED025", "name": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection.", "shortDescription": {"text": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED013", "name": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages.", "shortDescription": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-200 / A07:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1408"}, "properties": {"repository": "facebook/flow", "repoUrl": "https://github.com/facebook/flow", "branch": "main"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 144467, "scanner": "repobility-threat-engine", "fingerprint": "0bdb1c018f98bef54c8e8aab9cc6bb25cb4a45af8b61d55e754418656344a203", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0bdb1c018f98bef54c8e8aab9cc6bb25cb4a45af8b61d55e754418656344a203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lsp/selectionRangeProvider.ml"}, "region": {"startLine": 82}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 144466, "scanner": "repobility-threat-engine", "fingerprint": "63f402497b62e55362b7385400b95962dc82ca7a6122a2dcae3e3fcc67322ca3", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (_error) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|63f402497b62e55362b7385400b95962dc82ca7a6122a2dcae3e3fcc67322ca3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/flow_dot_js_wasm_packager.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 144451, "scanner": "repobility-threat-engine", "fingerprint": "02ec118ea029fe1d0225a3c4c6918a619257e3ca710fbcaedbe4e25ae8fbd86b", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify = false", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|120|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/foregroundCheckCommands.ml"}, "region": {"startLine": 120}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 144416, "scanner": "repobility-threat-engine", "fingerprint": "d5e84636b01ee063bfe54063de05f9cb97fca0e53f9ccb1883b3d1ca7b113bf5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (_err) {\n    return null;\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d5e84636b01ee063bfe54063de05f9cb97fca0e53f9ccb1883b3d1ca7b113bf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-for-vscode/src/utils/which.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144397, "scanner": "repobility-threat-engine", "fingerprint": "d0766519ce6bc52c304f724b2acb0b84153dee6d08a2d5f607a7d4a166248b2d", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|87|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/comment/add-commentsRunner.js"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144396, "scanner": "repobility-threat-engine", "fingerprint": "b4c2d48f8934babd9db324adfa738cfb38de289ad6bce52252dcac6bfa274bcb", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|164|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/check-test/checkExecFilePromise.js"}, "region": {"startLine": 164}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 144395, "scanner": "repobility-threat-engine", "fingerprint": "9c47d208e6d200c6a35e215c05f18f63154aaec6fe9ef47f8cc33379c4ede0a9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|63|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/check-test/checkDiffCompare.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 144511, "scanner": "repobility-ai-code-hygiene", "fingerprint": "be77010338b367f9840a7c67a4a126154197eab90b074062057f436d2ac39689", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "Foo", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "newtests/lsp/completion/autoimports/foo.js", "correlation_key": "fp|be77010338b367f9840a7c67a4a126154197eab90b074062057f436d2ac39689"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/autocomplete_from_m_to_q/optional_chaining_new.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144510, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5bf367c9f06897a23fcec2ce3cca20061a1cfc25d2d8be9984b1f507c7f853f5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-typed/jest.js", "duplicate_line": 1, "correlation_key": "fp|5bf367c9f06897a23fcec2ce3cca20061a1cfc25d2d8be9984b1f507c7f853f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-upgrade/flow-typed/npm/jest_v27.x.x.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144509, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5ddeff345d29026cf10a017eec3022a5502155947da32368b4747bf5929f8d9b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-dev-tools/flow-typed/npm/chalk_v4.x.x.js", "duplicate_line": 73, "correlation_key": "fp|5ddeff345d29026cf10a017eec3022a5502155947da32368b4747bf5929f8d9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-upgrade/flow-typed/npm/chalk_v2.x.x.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144508, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba91d78438896019746fbd0ca773340179b59632a09c66d726da27f18e1525e5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-dev-tools/flow-typed/npm/glob_v7.x.x.js", "duplicate_line": 49, "correlation_key": "fp|ba91d78438896019746fbd0ca773340179b59632a09c66d726da27f18e1525e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-typed/glob.js"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144507, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7339e57a86412023a2c5cdf66e9a6a5084047a9d211f076ce263d9f471d6b5c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/print.js", "duplicate_line": 8, "correlation_key": "fp|a7339e57a86412023a2c5cdf66e9a6a5084047a9d211f076ce263d9f471d6b5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/print.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144506, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1db3e3658a0d3af5aac721a52817627bfef8f08559499e2a9adc9c6d979d4b05", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/prettier/main/comments.js", "duplicate_line": 1, "correlation_key": "fp|1db3e3658a0d3af5aac721a52817627bfef8f08559499e2a9adc9c6d979d4b05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/prettier/main/comments.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144505, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2e658dd267ecb8bac7ce7d7d43659479b0b5afbe6cbcad4f354137db460fae81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/prettier/language-js/utils.js", "duplicate_line": 1, "correlation_key": "fp|2e658dd267ecb8bac7ce7d7d43659479b0b5afbe6cbcad4f354137db460fae81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/prettier/language-js/utils.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144504, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0570e448811f48469f813bd03d6d4a95348c5fc021abc88591fe7545120be02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/prettier/language-js/printer-estree.js", "duplicate_line": 1, "correlation_key": "fp|b0570e448811f48469f813bd03d6d4a95348c5fc021abc88591fe7545120be02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/prettier/language-js/printer-estree.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144503, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe9857f242f1016e8228910c4306960329861d251461e0e5a25b63fb6dabafcc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/prettier/language-js/loc.js", "duplicate_line": 1, "correlation_key": "fp|fe9857f242f1016e8228910c4306960329861d251461e0e5a25b63fb6dabafcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/prettier/language-js/loc.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144502, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f2cf61333d647b3b862758a472530d4e4b84f89e1c3faaa06ac390d68d4d8e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/prettier/language-js/comments.js", "duplicate_line": 1, "correlation_key": "fp|1f2cf61333d647b3b862758a472530d4e4b84f89e1c3faaa06ac390d68d4d8e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/prettier/language-js/comments.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144501, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f7aba0622fdf3e78bbd479e759d55f3efcfc28a962f10810eb728e2207890487", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/prettier/common/util.js", "duplicate_line": 1, "correlation_key": "fp|f7aba0622fdf3e78bbd479e759d55f3efcfc28a962f10810eb728e2207890487"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/prettier/common/util.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144500, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b07f8033b6e10e05fdbca0ba7a698e1bcba533961d4024c6ab32b631ce88ee40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-parser/oxidized-src/transform/print/comments/comments.js", "duplicate_line": 4, "correlation_key": "fp|b07f8033b6e10e05fdbca0ba7a698e1bcba533961d4024c6ab32b631ce88ee40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/comments/comments.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144499, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9798a91f00d7e9fd99bf6297ba850d5313cb08aba499032d47a3de8ea01f7bb2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-dev-tools/src/comment/remove-commentsRunner.js", "duplicate_line": 56, "correlation_key": "fp|9798a91f00d7e9fd99bf6297ba850d5313cb08aba499032d47a3de8ea01f7bb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/update-suppressions/update-suppressionsRunner.js"}, "region": {"startLine": 301}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144498, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8aa7aa7ee3218f7f87e9ab6977da5222b6e41fd5b6932a8b1055ec069f404e34", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-dev-tools/src/comment/remove-commentsCommand.js", "duplicate_line": 37, "correlation_key": "fp|8aa7aa7ee3218f7f87e9ab6977da5222b6e41fd5b6932a8b1055ec069f404e34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/update-suppressions/update-suppressionsCommand.js"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144497, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32a74027a07ece5d5beaf27c581d4a8cbae67ab1b94790a9fac4357ccaa5cf37", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/flow-dev-tools/src/check-test/checkTestCommand.js", "duplicate_line": 9, "correlation_key": "fp|32a74027a07ece5d5beaf27c581d4a8cbae67ab1b94790a9fac4357ccaa5cf37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/check-test/checkTestRunner.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144496, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d1bafaf252d00e75211ec98ce659a384494cfdb1b43137a7091ff7fbd3321b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/autofix-exports/test.js", "duplicate_line": 288, "correlation_key": "fp|1d1bafaf252d00e75211ec98ce659a384494cfdb1b43137a7091ff7fbd3321b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/workspaceSymbol/test.js"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144495, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f0883e27883cab13331f49e95bce178e3011e991ec9927e53c7a3981fb32bbe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/queries/test.js", "duplicate_line": 21, "correlation_key": "fp|9f0883e27883cab13331f49e95bce178e3011e991ec9927e53c7a3981fb32bbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/wait_for_recheck/test.js"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144494, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed7c0a69810244e38bc955154f4eaddd20e48c23ca6a95fc8f183c3a7f94daf3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/queries/outline.js", "duplicate_line": 11, "correlation_key": "fp|ed7c0a69810244e38bc955154f4eaddd20e48c23ca6a95fc8f183c3a7f94daf3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/wait_for_recheck/outline.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144493, "scanner": "repobility-ai-code-hygiene", "fingerprint": "acfa6fb6bb7b5852be3fe7086e9fe568f09f73228dffdcc6deb890c93636164d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/signatureHelp/calls_monomorphic.js", "duplicate_line": 2, "correlation_key": "fp|acfa6fb6bb7b5852be3fe7086e9fe568f09f73228dffdcc6deb890c93636164d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/signatureHelp/calls_overloaded.js"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144492, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc3044293cad4dc3e0d1eccef472f12ab6c23c5697fc676120f8b6876a5f7d26", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/documentHighlight/test.js", "duplicate_line": 24, "correlation_key": "fp|cc3044293cad4dc3e0d1eccef472f12ab6c23c5697fc676120f8b6876a5f7d26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/renameFileImports/test.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144491, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0881b12e09fc0c902bd11dcb01366385250091d237c5ae1e9e1ec9fdfeb8eb25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/findReferences/test.js", "duplicate_line": 1, "correlation_key": "fp|0881b12e09fc0c902bd11dcb01366385250091d237c5ae1e9e1ec9fdfeb8eb25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/rename/test.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144490, "scanner": "repobility-ai-code-hygiene", "fingerprint": "171f95c3ce860cca3d74f44bc5e5c18d4d37e11b0405d9afba7ed4da386112f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/auto_close_jsx/test.js", "duplicate_line": 1, "correlation_key": "fp|171f95c3ce860cca3d74f44bc5e5c18d4d37e11b0405d9afba7ed4da386112f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/linkedEditingRange/test.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144489, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24e3087b45c6482fa682a01bacad1fbc850a1b5d8ce12e8309aa461f6aa55de2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/findReferences/__fixtures__/private-name.js", "duplicate_line": 1, "correlation_key": "fp|24e3087b45c6482fa682a01bacad1fbc850a1b5d8ce12e8309aa461f6aa55de2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/globalReferencesAndRename/__fixtures__/private-name.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144488, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ec14816e8b687c99f0247e3968e0b0e90d5c6ad178c2fd4cff642fffbd8b874", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/documentHighlight/test.js", "duplicate_line": 24, "correlation_key": "fp|2ec14816e8b687c99f0247e3968e0b0e90d5c6ad178c2fd4cff642fffbd8b874"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/findReferences/test.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144487, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b99d4b93f5e258887f03b925be9ff0c01d2dc60f8acc8b4914769c0c88556a6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/documentHighlight/__fixtures__/locals.js", "duplicate_line": 1, "correlation_key": "fp|3b99d4b93f5e258887f03b925be9ff0c01d2dc60f8acc8b4914769c0c88556a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/findReferences/__fixtures__/locals.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144486, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5bdc88cbc1f1ccfa503cc01189165322db0a667f21116b13cf187b09ffa8124d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/documentHighlight/test.js", "duplicate_line": 1, "correlation_key": "fp|5bdc88cbc1f1ccfa503cc01189165322db0a667f21116b13cf187b09ffa8124d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/document_paste/test.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144485, "scanner": "repobility-ai-code-hygiene", "fingerprint": "53cf63ae42f45c046c63f9d0babada83882d6601d9a1947a19a60e0a81ee4303", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/completion/component_syntax_auto_imports/test.js", "duplicate_line": 1, "correlation_key": "fp|53cf63ae42f45c046c63f9d0babada83882d6601d9a1947a19a60e0a81ee4303"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/completion/haste_package_auto_imports/test.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144484, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d53ac496f6a545467d71ece7d62bcb79bead68057dcdcf2f82386e9b2bca2678", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/code-action/quickfix/test.js", "duplicate_line": 3, "correlation_key": "fp|d53ac496f6a545467d71ece7d62bcb79bead68057dcdcf2f82386e9b2bca2678"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/code-action/refactor/test.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144483, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dba2a7b5c8742d500db218a5619f7514c73a27e044a7354c8560622651f39c7b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/code-action/quickfix/enums/test.js", "duplicate_line": 1, "correlation_key": "fp|dba2a7b5c8742d500db218a5619f7514c73a27e044a7354c8560622651f39c7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/code-action/refactor/readonly_conversion/test.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144482, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80b32acc0dc5d8dce6fc9d87c4f405b40dc8d4a31d24d9e4ad07722ddb5c6c43", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/code-action/quickfix/match/test.js", "duplicate_line": 1, "correlation_key": "fp|80b32acc0dc5d8dce6fc9d87c4f405b40dc8d4a31d24d9e4ad07722ddb5c6c43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/code-action/quickfix/ts_and_legacy_syntax/test.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 144481, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6b570aa99be4bc0a1bc0e002ea2f9db3b1753171010e1f485e2af3fe479189a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "newtests/lsp/code-action/quickfix/enums/test.js", "duplicate_line": 3, "correlation_key": "fp|d6b570aa99be4bc0a1bc0e002ea2f9db3b1753171010e1f485e2af3fe479189a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/code-action/quickfix/react/test.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 144480, "scanner": "repobility-threat-engine", "fingerprint": "34073cdac04acd384bed821efaad85042c04ed2b179fad486e4abe2de243639b", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = g", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|46|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "website/src/try-flow/tokens-theme-provider.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 144479, "scanner": "repobility-threat-engine", "fingerprint": "8b8136271726c6f77549a2a8c9e4d2d07b79f78124ec9104edad6ada7e77a429", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b8136271726c6f77549a2a8c9e4d2d07b79f78124ec9104edad6ada7e77a429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "website/src/theme/Navbar/Content/index.js"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 144477, "scanner": "repobility-threat-engine", "fingerprint": "ab16f89adc7821f89781291fe5a1feae0a2abce47715291e0c03557882073e6b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ab16f89adc7821f89781291fe5a1feae0a2abce47715291e0c03557882073e6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third-party/ocaml-base64/src/base64.ml"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 144474, "scanner": "repobility-threat-engine", "fingerprint": "3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3a22ac02b2baf370d83ba17a8bec43c4e714d3f46e5467e1b51a8599f7854e5a", "aggregated_count": 1}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 144473, "scanner": "repobility-threat-engine", "fingerprint": "3a3bf85ba4c77e75ea0ecffd8337eedef6f4513bf354fe5827f105882b69264a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a3bf85ba4c77e75ea0ecffd8337eedef6f4513bf354fe5827f105882b69264a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third-party/sedlex/flow_sedlexing.ml"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 144472, "scanner": "repobility-threat-engine", "fingerprint": "ece6d1e29cd0d31f36a3a0967152bcd1459b57c59bff14ec1e72f8d70f6e5989", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ece6d1e29cd0d31f36a3a0967152bcd1459b57c59bff14ec1e72f8d70f6e5989"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parser/js_id.ml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 144471, "scanner": "repobility-threat-engine", "fingerprint": "35688f8e7fceb051c7472f2f58e6e3a99980e53032ced847b3fd1051a7474f1f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35688f8e7fceb051c7472f2f58e6e3a99980e53032ced847b3fd1051a7474f1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hack_forked/utils/buffered_line_reader/buffered_line_reader.ml"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 144470, "scanner": "repobility-threat-engine", "fingerprint": "890a65e76de8a3f7c67d97718581d60a18301bdd7beae73281a7fe046f6eaded", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|890a65e76de8a3f7c67d97718581d60a18301bdd7beae73281a7fe046f6eaded"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third-party/fuzzy-path/src/fuzzy_path_wrapper.cpp"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 144469, "scanner": "repobility-threat-engine", "fingerprint": "d40cc942f7adb01e8f2096c90466308af575dc3bdda463529da8fef9f1c22d3e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d40cc942f7adb01e8f2096c90466308af575dc3bdda463529da8fef9f1c22d3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hack_forked/utils/core/fast_compare.c"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED075", "level": "none", "message": {"text": "[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL."}, "properties": {"repobilityId": 144468, "scanner": "repobility-threat-engine", "fingerprint": "044d0f18b3277b201504953b2789e8d2cd2e96a0f9b64d4bfbc0aabe9aba8cce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-malloc-no-check", "owasp": null, "cwe_ids": ["CWE-690"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348076+00:00", "triaged_in_corpus": 12, "observations_count": 11735, "ai_coder_pattern_id": 131}, "scanner": "repobility-threat-engine", "correlation_key": "fp|044d0f18b3277b201504953b2789e8d2cd2e96a0f9b64d4bfbc0aabe9aba8cce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hack_forked/fsnotify_win/fsnotify_stubs.c"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 144465, "scanner": "repobility-threat-engine", "fingerprint": "62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|62ff231053d16ded91f5d63a99a8b7f9a8d879f1bee1b23442cfa6701d92f730", "aggregated_count": 2}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 144464, "scanner": "repobility-threat-engine", "fingerprint": "b582e692e4fa567e034429bc97920f0fe19f24b86dc032268d4f6e9faf1f83d0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b582e692e4fa567e034429bc97920f0fe19f24b86dc032268d4f6e9faf1f83d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hack_forked/utils/collections/union_find.ml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 144463, "scanner": "repobility-threat-engine", "fingerprint": "bc89078805ee9a4259d76c7526a7c9151718a48813ad55e7641f087e2a2d4f6f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bc89078805ee9a4259d76c7526a7c9151718a48813ad55e7641f087e2a2d4f6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/tarjan/tarjan.ml"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 144462, "scanner": "repobility-threat-engine", "fingerprint": "64cf323b55922a5ae4a2a1e62ac99a20c53cd2e46cc772ff46f3d113509a8518", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|64cf323b55922a5ae4a2a1e62ac99a20c53cd2e46cc772ff46f3d113509a8518"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/semver/semver.ml"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 144461, "scanner": "repobility-threat-engine", "fingerprint": "8c6a027494f92e9c7f08314e152da757664ea01767aedf28604f4ffa76394170", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c6a027494f92e9c7f08314e152da757664ea01767aedf28604f4ffa76394170"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/lwt/lwtUtils.ml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 144460, "scanner": "repobility-threat-engine", "fingerprint": "8d22d234ff6e522558f501e2b961809b56638e20faacee3f5f64166e5b05aa03", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8d22d234ff6e522558f501e2b961809b56638e20faacee3f5f64166e5b05aa03", "aggregated_count": 2}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 144459, "scanner": "repobility-threat-engine", "fingerprint": "e86b415079d8c5f9ef7af67d3a2be45c0fb20fa1e019f49cdd2d2072e4e3eea1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e86b415079d8c5f9ef7af67d3a2be45c0fb20fa1e019f49cdd2d2072e4e3eea1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hack_forked/dfind/dfindEnv.mli"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 144458, "scanner": "repobility-threat-engine", "fingerprint": "04c6178481fa583730713985a0600912e93ee2830bde64c6f9070c7e4ad2ceca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04c6178481fa583730713985a0600912e93ee2830bde64c6f9070c7e4ad2ceca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hack_forked/dfind/dfindEnv.ml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 144457, "scanner": "repobility-threat-engine", "fingerprint": "aac1d4042478ea60acf7b4493dd4917f169417b7faa150f46b17e0b49250d084", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aac1d4042478ea60acf7b4493dd4917f169417b7faa150f46b17e0b49250d084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/hint.ml"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED022", "level": "none", "message": {"text": "[MINED022] C Strcpy (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 144456, "scanner": "repobility-threat-engine", "fingerprint": "58fe92dfe6e97b6adfe63db871e448034175d2b56584210bf8112c2ee07eac96", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|58fe92dfe6e97b6adfe63db871e448034175d2b56584210bf8112c2ee07eac96", "aggregated_count": 1}}}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 144448, "scanner": "repobility-threat-engine", "fingerprint": "e75f8f7d8afae83a493ceaa53bf8714e23d0f9b8116887b0e3c2fbc4f80c0ecc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e75f8f7d8afae83a493ceaa53bf8714e23d0f9b8116887b0e3c2fbc4f80c0ecc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/autofixCommand.ml"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED015", "level": "none", "message": {"text": "[MINED015] Ruby Eval Call (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 144443, "scanner": "repobility-threat-engine", "fingerprint": "702d53f89dfd657f79cda7e3d18589ce2edd65b6e0c69d40dc050e25b4f03ad0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|702d53f89dfd657f79cda7e3d18589ce2edd65b6e0c69d40dc050e25b4f03ad0", "aggregated_count": 17}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 144439, "scanner": "repobility-threat-engine", "fingerprint": "f750e9b52aa36da165819b613c3ca0d439cfcba82c79937f1432026997561558", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f750e9b52aa36da165819b613c3ca0d439cfcba82c79937f1432026997561558"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_lazy/src/lib.rs"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 144438, "scanner": "repobility-threat-engine", "fingerprint": "92855841bc1638ac5d14b0665095a4e35c87ee9072b31a9ad532f3ad459b52f6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92855841bc1638ac5d14b0665095a4e35c87ee9072b31a9ad532f3ad459b52f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_flowlib/src/lib.rs"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 36 more): Same pattern found in 36 additional files. Review if needed."}, "properties": {"repobilityId": 144432, "scanner": "repobility-threat-engine", "fingerprint": "16a942d2d2648c47b186659f4889c75b15a674030104c399d1ad2997d45e5cae", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 36 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|16a942d2d2648c47b186659f4889c75b15a674030104c399d1ad2997d45e5cae", "aggregated_count": 36}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144431, "scanner": "repobility-threat-engine", "fingerprint": "1702f702d7ca88b34b5f3ff341d0256c18373dd75f7efa859174432afc19dfac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1702f702d7ca88b34b5f3ff341d0256c18373dd75f7efa859174432afc19dfac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_cli/src/env_builder_debug_command.rs"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144430, "scanner": "repobility-threat-engine", "fingerprint": "099747479d19013278db63d4374567e02c4b04e3ef0b764811b398faf37ed239", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|099747479d19013278db63d4374567e02c4b04e3ef0b764811b398faf37ed239"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_cli/src/check_contents_command.rs"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 144429, "scanner": "repobility-threat-engine", "fingerprint": "335049f4ec93497d072ea8ed47d722d5acbc813cdf6756a524b40b4664b69ca9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|335049f4ec93497d072ea8ed47d722d5acbc813cdf6756a524b40b4664b69ca9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_cli/src/autocomplete_command.rs"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 144428, "scanner": "repobility-threat-engine", "fingerprint": "b71825dff6a859ee4361bbcb50129eedeb37fd9b50ec7cc30f8bd4d28c8925aa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b71825dff6a859ee4361bbcb50129eedeb37fd9b50ec7cc30f8bd4d28c8925aa", "aggregated_count": 26}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 144427, "scanner": "repobility-threat-engine", "fingerprint": "c8eae1096442c342afdcef437060931b320e08b648ee590ee2192c2d0cbbf97f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c8eae1096442c342afdcef437060931b320e08b648ee590ee2192c2d0cbbf97f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_codemods/src/utils/codemod_utils.rs"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 144426, "scanner": "repobility-threat-engine", "fingerprint": "b8610081eee04d1368d9919eae7bb3fcd7e09b5ee3a0484c7aa379c4732e9f93", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b8610081eee04d1368d9919eae7bb3fcd7e09b5ee3a0484c7aa379c4732e9f93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_cli/src/init_command.rs"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 144425, "scanner": "repobility-threat-engine", "fingerprint": "4aca932e6ddf33232d03ac60ec5bc256eac6d10a492c2afd5ea777b52e09636b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4aca932e6ddf33232d03ac60ec5bc256eac6d10a492c2afd5ea777b52e09636b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_analysis/src/scope_api.rs"}, "region": {"startLine": 201}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 64 more): Same pattern found in 64 additional files. Review if needed."}, "properties": {"repobilityId": 144424, "scanner": "repobility-threat-engine", "fingerprint": "884b59b3dbd69ccd8a6cd36ca062a354eb5f9b5589dac4363f7d803e1bdf58b2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 64 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|884b59b3dbd69ccd8a6cd36ca062a354eb5f9b5589dac4363f7d803e1bdf58b2", "aggregated_count": 64}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 144420, "scanner": "repobility-threat-engine", "fingerprint": "8771d103cbd3eb0d9e311b3d638838f108b822163d69cea915e891e072831e47", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8771d103cbd3eb0d9e311b3d638838f108b822163d69cea915e891e072831e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/serve-website.sh"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 144419, "scanner": "repobility-threat-engine", "fingerprint": "5e1505620a3439bff8eec4c744e8b2f25697ab939733c3955b783d1e6f29790b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5e1505620a3439bff8eec4c744e8b2f25697ab939733c3955b783d1e6f29790b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/scripts/runOxidizedJestTests.sh"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 144418, "scanner": "repobility-threat-engine", "fingerprint": "65fdb04c8d6e3c5e7d691266550538a68764992068d7841c83c7d4ec534de466", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|65fdb04c8d6e3c5e7d691266550538a68764992068d7841c83c7d4ec534de466"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/scripts/build.sh"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 144413, "scanner": "repobility-threat-engine", "fingerprint": "7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 144409, "scanner": "repobility-threat-engine", "fingerprint": "976bb413e58f70f53fa6a891d8be3bb3844b6ff3fd9e04272cb46082ff0a16ea", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|976bb413e58f70f53fa6a891d8be3bb3844b6ff3fd9e04272cb46082ff0a16ea", "aggregated_count": 1}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 144408, "scanner": "repobility-threat-engine", "fingerprint": "2a548079cf941761f0cd8cffdb4b0600158c4db6ee23c7fdf3902f8dd57152e5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2a548079cf941761f0cd8cffdb4b0600158c4db6ee23c7fdf3902f8dd57152e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-for-vscode/src/utils/getFlowPath.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 144407, "scanner": "repobility-threat-engine", "fingerprint": "e9b8a0b2ddf5404f47afba3968f640b960e251b98e4c967c7cbbef1ed57a26b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e9b8a0b2ddf5404f47afba3968f640b960e251b98e4c967c7cbbef1ed57a26b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-for-vscode/src/PluginCommands.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 144406, "scanner": "repobility-threat-engine", "fingerprint": "bfb8389e08c972fba00fe157faef26f3e57673b7c90bae1d5206ca184ec54cfb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bfb8389e08c972fba00fe157faef26f3e57673b7c90bae1d5206ca184ec54cfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-for-vscode/src/FlowLanguageClient/FlowLanguageClient.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 144405, "scanner": "repobility-threat-engine", "fingerprint": "4707ff94c641e1a24252b51d475a328e654d88b051f1ff3d287ea4e85b926297", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4707ff94c641e1a24252b51d475a328e654d88b051f1ff3d287ea4e85b926297"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 144398, "scanner": "repobility-threat-engine", "fingerprint": "d14be0fefa073ce5d7f9e06ddc2458b70958a5bc036469eafe870ed8d062de60", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d14be0fefa073ce5d7f9e06ddc2458b70958a5bc036469eafe870ed8d062de60"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 144394, "scanner": "repobility-threat-engine", "fingerprint": "0190d4d3317f3451b6ed1e876fd6829280a4bb59402f9117c5f5c5de7b266624", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0190d4d3317f3451b6ed1e876fd6829280a4bb59402f9117c5f5c5de7b266624", "aggregated_count": 12}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144393, "scanner": "repobility-threat-engine", "fingerprint": "1b5ae078a775f2a2fffd9ce8c108c01985bf5e7ba9870b067c0cbd508147e13f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b5ae078a775f2a2fffd9ce8c108c01985bf5e7ba9870b067c0cbd508147e13f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/comment/remove-commentsRunner.js"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144392, "scanner": "repobility-threat-engine", "fingerprint": "0a343e42d4b26ae82b97c7e8626f809c4badf6204f11da32e3fa71ecc18d2f9a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a343e42d4b26ae82b97c7e8626f809c4badf6204f11da32e3fa71ecc18d2f9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/comment/add-commentsRunner.js"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 144391, "scanner": "repobility-threat-engine", "fingerprint": "f15cbd6c3c32237e63bdc2fe12ce3ef81638b65a52d2e67c61a616edd038b189", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f15cbd6c3c32237e63bdc2fe12ce3ef81638b65a52d2e67c61a616edd038b189"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "newtests/lsp/documentHighlight/__fixtures__/locals.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144536, "scanner": "repobility-supply-chain", "fingerprint": "137524ce14ba7b3178b4f010c158c44dfca9d9d7de53cd057d2ff2f4d0629150", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|137524ce14ba7b3178b4f010c158c44dfca9d9d7de53cd057d2ff2f4d0629150"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144535, "scanner": "repobility-supply-chain", "fingerprint": "df44d2b1d110d5fe3140b42a37d3fa9936d1feaa47a2683e0890538bb37ad32b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df44d2b1d110d5fe3140b42a37d3fa9936d1feaa47a2683e0890538bb37ad32b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 218}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `maxim-lobanov/setup-xcode` pinned to mutable ref `@v1.6.0`: `uses: maxim-lobanov/setup-xcode@v1.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144534, "scanner": "repobility-supply-chain", "fingerprint": "9265f2fea808323bbd01e2f82e2f30a3385a580d707ea8fa08061fcebe94a8de", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9265f2fea808323bbd01e2f82e2f30a3385a580d707ea8fa08061fcebe94a8de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 206}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3.6.0`: `uses: actions/checkout@v3.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144533, "scanner": "repobility-supply-chain", "fingerprint": "253e241e0d295520fc12766def13120f29a590a71e7dd51df57dd037291d10d0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|253e241e0d295520fc12766def13120f29a590a71e7dd51df57dd037291d10d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144532, "scanner": "repobility-supply-chain", "fingerprint": "ab46d5bb560432372ef886ea429b0a426bfc237c7830be0b355f25da65f1d6ba", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ab46d5bb560432372ef886ea429b0a426bfc237c7830be0b355f25da65f1d6ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144531, "scanner": "repobility-supply-chain", "fingerprint": "c44e7b0946c5dd29621cb7df25ad0124a6265716c47b85c223c630e7294d15f2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c44e7b0946c5dd29621cb7df25ad0124a6265716c47b85c223c630e7294d15f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3.6.0`: `uses: actions/checkout@v3.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144530, "scanner": "repobility-supply-chain", "fingerprint": "e439049caf2e0eae0374df04cca1ccf42b6984419d27b4955b1711dedb88a0e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e439049caf2e0eae0374df04cca1ccf42b6984419d27b4955b1711dedb88a0e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144529, "scanner": "repobility-supply-chain", "fingerprint": "709868178d1cc2a27fec398a5f313c96055bf3aa214513766e7868b2624ee333", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|709868178d1cc2a27fec398a5f313c96055bf3aa214513766e7868b2624ee333"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144528, "scanner": "repobility-supply-chain", "fingerprint": "7f156d81b1d4313e15cabf8da47d8579adfe204d04135dd6620d80ebbfac9133", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7f156d81b1d4313e15cabf8da47d8579adfe204d04135dd6620d80ebbfac9133"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144527, "scanner": "repobility-supply-chain", "fingerprint": "c9659c154c4fee53eda3d7654c98970ee6e8d7e40d9024d3d9a10a17506190a0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c9659c154c4fee53eda3d7654c98970ee6e8d7e40d9024d3d9a10a17506190a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3.6.0`: `uses: actions/checkout@v3.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144526, "scanner": "repobility-supply-chain", "fingerprint": "b8465c306efea51ba69bed3eeb81e3e7084850b04211253c3a3028dbe2d90b7a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b8465c306efea51ba69bed3eeb81e3e7084850b04211253c3a3028dbe2d90b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144525, "scanner": "repobility-supply-chain", "fingerprint": "85d633868d3aaa691fcef2bd13676577adf6f5e826af6c86b0b5457dd61eaa6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85d633868d3aaa691fcef2bd13676577adf6f5e826af6c86b0b5457dd61eaa6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144524, "scanner": "repobility-supply-chain", "fingerprint": "3d5346f6e6fe212da5864fd1c432356dcad82cfd3a28018c2889fe1948b9535f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3d5346f6e6fe212da5864fd1c432356dcad82cfd3a28018c2889fe1948b9535f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144523, "scanner": "repobility-supply-chain", "fingerprint": "f676f3059aa1f2714dde4f17da529482cfab7948081451bcdd01e4d3550d8e32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f676f3059aa1f2714dde4f17da529482cfab7948081451bcdd01e4d3550d8e32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `mymindstorm/setup-emsdk` pinned to mutable ref `@v14`: `uses: mymindstorm/setup-emsdk@v14` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144522, "scanner": "repobility-supply-chain", "fingerprint": "ad1dcbff380cfeb1d193bd9db286d5e42ce9488e87936839dbe9c4aac87cd464", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad1dcbff380cfeb1d193bd9db286d5e42ce9488e87936839dbe9c4aac87cd464"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@nightly`: `uses: dtolnay/rust-toolchain@nightly` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144521, "scanner": "repobility-supply-chain", "fingerprint": "f4ec3ab6ea23b4f527af50b735094a9f26087e9633a90c19fc8603bde3b65dbb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f4ec3ab6ea23b4f527af50b735094a9f26087e9633a90c19fc8603bde3b65dbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 99}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3.6.0`: `uses: actions/checkout@v3.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144520, "scanner": "repobility-supply-chain", "fingerprint": "0c9e10b68c588345f4abfd8bbcafb799c9b0da1d0e783203e2887f703c5da1f0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0c9e10b68c588345f4abfd8bbcafb799c9b0da1d0e783203e2887f703c5da1f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144519, "scanner": "repobility-supply-chain", "fingerprint": "69be82f39b2d226e96e6ec05e262653fb8197631bf0d4b21f1ce6a87f5b1259c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69be82f39b2d226e96e6ec05e262653fb8197631bf0d4b21f1ce6a87f5b1259c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144518, "scanner": "repobility-supply-chain", "fingerprint": "5665a204f34d6331d913596e7fdcb4e4bd9d053d7ce05e680fa427d56096fe96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5665a204f34d6331d913596e7fdcb4e4bd9d053d7ce05e680fa427d56096fe96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4.4.0`: `uses: actions/upload-artifact@v4.4.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144517, "scanner": "repobility-supply-chain", "fingerprint": "64bdbbd2f6bcf341e2787fcd3be876bb96a03c3e9eeab53fc29d5f1d62a3ce5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|64bdbbd2f6bcf341e2787fcd3be876bb96a03c3e9eeab53fc29d5f1d62a3ce5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144516, "scanner": "repobility-supply-chain", "fingerprint": "4babe49521a125cc91d3aaf0cd95cf237fa98299486f0bca57459ade2dc4068a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4babe49521a125cc91d3aaf0cd95cf237fa98299486f0bca57459ade2dc4068a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3.6.0`: `uses: actions/checkout@v3.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144515, "scanner": "repobility-supply-chain", "fingerprint": "89bd8feefcc85de28badc6bca9ef0f2a652c118a9806049bb29b261cd5670a26", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|89bd8feefcc85de28badc6bca9ef0f2a652c118a9806049bb29b261cd5670a26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144514, "scanner": "repobility-supply-chain", "fingerprint": "307890edf12a8398dbe4001afc295fe7bbcb8e47629b6a7062790bb68588ddd2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|307890edf12a8398dbe4001afc295fe7bbcb8e47629b6a7062790bb68588ddd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@nightly`: `uses: dtolnay/rust-toolchain@nightly` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144513, "scanner": "repobility-supply-chain", "fingerprint": "84b308d5c2229117edcbad4fb103123df7556c61bd56ad7979f014878b41fd4a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|84b308d5c2229117edcbad4fb103123df7556c61bd56ad7979f014878b41fd4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v3.6.0`: `uses: actions/checkout@v3.6.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 144512, "scanner": "repobility-supply-chain", "fingerprint": "0e6e0abaacbfcec0825bafa3c095883555422816b371d569f2545329b7cf1e4c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0e6e0abaacbfcec0825bafa3c095883555422816b371d569f2545329b7cf1e4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED028", "level": "error", "message": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "properties": {"repobilityId": 144478, "scanner": "repobility-threat-engine", "fingerprint": "7d10d720b0d1c0296b7ecde2c8512a8527bcd1694125d37d878435bbb833b608", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-ignore-comment", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347964+00:00", "triaged_in_corpus": 15, "observations_count": 9364, "ai_coder_pattern_id": 99}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d10d720b0d1c0296b7ecde2c8512a8527bcd1694125d37d878435bbb833b608"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/typing/errors/suppression_comments.ml"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 144476, "scanner": "repobility-threat-engine", "fingerprint": "3520e53d8027e87c1f0b91a3e84bf9e68e3b0c9a5efe87e3e7b57ef616935d96", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3520e53d8027e87c1f0b91a3e84bf9e68e3b0c9a5efe87e3e7b57ef616935d96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/state/heaps/context/context_heaps.ml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED011", "level": "error", "message": {"text": "[MINED011] Scala Get On Option: Option.get throws NoSuchElementException on None. Use getOrElse / fold / match."}, "properties": {"repobilityId": 144475, "scanner": "repobility-threat-engine", "fingerprint": "504727e0d6b97b3154a13e9e07cf27e3eaf369236059f8d5ee0784301f2ae6a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "scala-get-on-option", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["scala"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347923+00:00", "triaged_in_corpus": 15, "observations_count": 140164, "ai_coder_pattern_id": 159}, "scanner": "repobility-threat-engine", "correlation_key": "fp|504727e0d6b97b3154a13e9e07cf27e3eaf369236059f8d5ee0784301f2ae6a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server/serverEnvBuild.ml"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 144452, "scanner": "repobility-threat-engine", "fingerprint": "c40cb6b005b369f2578725b61ac4d391665b2e67b1c4f0621df3cd0d33bd9931", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c40cb6b005b369f2578725b61ac4d391665b2e67b1c4f0621df3cd0d33bd9931"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/foregroundCheckCommands.ml"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED017", "level": "error", "message": {"text": "[MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic."}, "properties": {"repobilityId": 144450, "scanner": "repobility-threat-engine", "fingerprint": "362ad4b758c89e29227f0b00bb168546b5bdd465793298d9a6e05682692c6e75", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347937+00:00", "triaged_in_corpus": 15, "observations_count": 77748, "ai_coder_pattern_id": 132}, "scanner": "repobility-threat-engine", "correlation_key": "fp|362ad4b758c89e29227f0b00bb168546b5bdd465793298d9a6e05682692c6e75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/forceRecheckCommand.ml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 144449, "scanner": "repobility-threat-engine", "fingerprint": "c76ceede6cd4d0677b1a22a989991b654af5998a2c7e4a3eb17ddc0b90eb292d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c76ceede6cd4d0677b1a22a989991b654af5998a2c7e4a3eb17ddc0b90eb292d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/forceRecheckCommand.ml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 144437, "scanner": "repobility-threat-engine", "fingerprint": "f7c2e95f8937b1ee6fce92729761dc8ead8ffaf228680ef81287ef8d05cd2ebd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7c2e95f8937b1ee6fce92729761dc8ead8ffaf228680ef81287ef8d05cd2ebd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/third-party/lz4/xxhash.h"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 144436, "scanner": "repobility-threat-engine", "fingerprint": "4b366f85884de7eddc0b601f27aa21622d6bc57de445f28effda693e9834e5e8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b366f85884de7eddc0b601f27aa21622d6bc57de445f28effda693e9834e5e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_server_files/src/server_files_js.rs"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 144435, "scanner": "repobility-threat-engine", "fingerprint": "8a70a7dbbe8073807fa746997e987a74fbf1e7d7ae6214706e2442a2e1589243", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a70a7dbbe8073807fa746997e987a74fbf1e7d7ae6214706e2442a2e1589243"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_common_socket/src/socket.rs"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144434, "scanner": "repobility-threat-engine", "fingerprint": "24f154b2fd2ef6c29948fe59be2850db5a1e4f15c368c9edd69fe7d1e9a81e97", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(v", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|24f154b2fd2ef6c29948fe59be2850db5a1e4f15c368c9edd69fe7d1e9a81e97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "website/src/try-flow/flow-loader.js"}, "region": {"startLine": 82}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 144433, "scanner": "repobility-threat-engine", "fingerprint": "6446c527eb832e75a20e3454d01b1cac8dc64ccbdd2a08a0cc29d3129637e12c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6446c527eb832e75a20e3454d01b1cac8dc64ccbdd2a08a0cc29d3129637e12c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_cli/src/extra_commands.rs"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144423, "scanner": "repobility-threat-engine", "fingerprint": "7b6062a37fe1387cefcf0daf90e2ec107a53c6738abe809402d70c912a4fe623", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b6062a37fe1387cefcf0daf90e2ec107a53c6738abe809402d70c912a4fe623"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_analysis/src/ssa_api.rs"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144422, "scanner": "repobility-threat-engine", "fingerprint": "4df3ff8c201b8c0c62cd2d2280ed3167dc281699c95a8e382be960a0b63b4aa0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4df3ff8c201b8c0c62cd2d2280ed3167dc281699c95a8e382be960a0b63b4aa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_analysis/src/scope_api.rs"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 144421, "scanner": "repobility-threat-engine", "fingerprint": "9f6258e9c10c03de8dbfeb02f0e52624a8dac5bc8107bab034417fb7ec9d56f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f6258e9c10c03de8dbfeb02f0e52624a8dac5bc8107bab034417fb7ec9d56f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "rust_port/crates/flow_analysis/src/bindings.rs"}, "region": {"startLine": 101}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 144417, "scanner": "repobility-threat-engine", "fingerprint": "304870e442c79c115daaee1d9a251a19d6ff56fc6d6cff586f8de755afe15222", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((line, i) => `${i === 0 ? chalk.grey('- ') : '  '}${line}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|304870e442c79c115daaee1d9a251a19d6ff56fc6d6cff586f8de755afe15222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-upgrade/src/Styled.js"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 144412, "scanner": "repobility-threat-engine", "fingerprint": "c35f7fd4d03891023d9b1ee53d8dbeb1a10e52f0d1b67b7007fbb40ef1ddfca2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "commentsToRemove.delete(comment);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c35f7fd4d03891023d9b1ee53d8dbeb1a10e52f0d1b67b7007fbb40ef1ddfca2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-transform/src/transform/mutations/RemoveComment.js"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 144411, "scanner": "repobility-threat-engine", "fingerprint": "d2147c76ba9911311556da188fe5d8feb9bd098ad4319676e2fea291f12958db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Object.create(null);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d2147c76ba9911311556da188fe5d8feb9bd098ad4319676e2fea291f12958db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-parser/oxidized-src/getModuleDocblock.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 144410, "scanner": "repobility-threat-engine", "fingerprint": "1fb46cb5b0723ee59bf2d3067441f15ae4ab85e292eb33bb25da4bc4c7e34bd0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this._cache.delete(document.uri.fsPath);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1fb46cb5b0723ee59bf2d3067441f15ae4ab85e292eb33bb25da4bc4c7e34bd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-for-vscode/src/utils/FlowconfigCache.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144404, "scanner": "repobility-threat-engine", "fingerprint": "3bf2231f30397938ed20d0e2dd93c2e8ad70c3de496ee9154cdd44a6e6c7c35e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(\n          error", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3bf2231f30397938ed20d0e2dd93c2e8ad70c3de496ee9154cdd44a6e6c7c35e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/comment/add-commentsRunner.js"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144403, "scanner": "repobility-threat-engine", "fingerprint": "c3d4cfcc70283159e8ae80ead614df43f2a2d865d106c324329d68191e8bdff2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(\n      cmdString", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c3d4cfcc70283159e8ae80ead614df43f2a2d865d106c324329d68191e8bdff2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/check-test/checkExecFilePromise.js"}, "region": {"startLine": 164}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 144402, "scanner": "repobility-threat-engine", "fingerprint": "821e5089bbf8166ef206849f7ce62550608e56155ea1ffa1f1758c4e622546e0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(lines", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|821e5089bbf8166ef206849f7ce62550608e56155ea1ffa1f1758c4e622546e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/check-test/checkDiffCompare.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 144401, "scanner": "repobility-threat-engine", "fingerprint": "138c5b2cd59130be1e6a35405afef6e1c364aa40b121f1079621de8298f76992", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(pattern", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|138c5b2cd59130be1e6a35405afef6e1c364aa40b121f1079621de8298f76992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-remove-types/register.js"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 144400, "scanner": "repobility-threat-engine", "fingerprint": "04ff215c0dd8573bcd40ab742e0006ca9cea56a28969d8b4343451527c7b99c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(args", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|04ff215c0dd8573bcd40ab742e0006ca9cea56a28969d8b4343451527c7b99c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/error-summary/error-summaryRunner.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 144399, "scanner": "repobility-threat-engine", "fingerprint": "c92ed0adb72b242ff28f8d6829e79e4a77f4c98fd568931b6c62c1dbb98a525e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(escaped", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c92ed0adb72b242ff28f8d6829e79e4a77f4c98fd568931b6c62c1dbb98a525e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-dev-tools/src/check-test/checkDiffCompare.js"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.NPM_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NPM_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 144540, "scanner": "repobility-supply-chain", "fingerprint": "5d61399f3a5669056f479dba2c85f92de37db053c6d21f05cead689f854ea229", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5d61399f3a5669056f479dba2c85f92de37db053c6d21f05cead689f854ea229"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.FLOW_BOT_TOKEN` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.FLOW_BOT_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 144539, "scanner": "repobility-supply-chain", "fingerprint": "b28533a0fb8a5810a8b532c73d16ce7c98389390286d47c20dea5196003d5a51", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b28533a0fb8a5810a8b532c73d16ce7c98389390286d47c20dea5196003d5a51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.FLOW_BOT_EMAIL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.FLOW_BOT_EMAIL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 144538, "scanner": "repobility-supply-chain", "fingerprint": "366a0837a4f061ffd64dadf014058bb00772ba7f4433289789297a5dd95b9407", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|366a0837a4f061ffd64dadf014058bb00772ba7f4433289789297a5dd95b9407"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.FLOW_BIN_PRIVATE_KEY_BASE64` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.FLOW_BIN_PRIVATE_KEY_BASE64 }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 144537, "scanner": "repobility-supply-chain", "fingerprint": "70f8f9e4d3a06d5c7a12756907cb2b1e85f33eeedd8b7ceaf2df6f65b927b884", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70f8f9e4d3a06d5c7a12756907cb2b1e85f33eeedd8b7ceaf2df6f65b927b884"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build_and_test.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 144455, "scanner": "repobility-threat-engine", "fingerprint": "582388afcd84e58fb889f9ca0342e785346f1af862501a9ad04ec10ee90e1b88", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|582388afcd84e58fb889f9ca0342e785346f1af862501a9ad04ec10ee90e1b88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/lwt/lwtInit.ml"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 144454, "scanner": "repobility-threat-engine", "fingerprint": "97b23c4eeed9c043af17b7a8b2fb93e45167fc5454b1345c03df77a143c37930", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97b23c4eeed9c043af17b7a8b2fb93e45167fc5454b1345c03df77a143c37930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/common/dirent/dirent_stubs.c"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED022", "level": "error", "message": {"text": "[MINED022] C Strcpy: strcpy/strcat dont bounds-check; use strncpy or snprintf."}, "properties": {"repobilityId": 144453, "scanner": "repobility-threat-engine", "fingerprint": "e8e7b0a126981c829471218eca132f858e341625066689abc1d34f04fd4a54bf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "c-strcpy", "owasp": null, "cwe_ids": ["CWE-120"], "languages": ["c", "cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347949+00:00", "triaged_in_corpus": 20, "observations_count": 39114, "ai_coder_pattern_id": 130}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8e7b0a126981c829471218eca132f858e341625066689abc1d34f04fd4a54bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/commands/statusCommands.ml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED025", "level": "error", "message": {"text": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection."}, "properties": {"repobilityId": 144447, "scanner": "repobility-threat-engine", "fingerprint": "9c7db23cf8c0ed0ae02a86830c9816928e3e06ce6e965568a8c29ad13d967a32", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-eval", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347956+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 164}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9c7db23cf8c0ed0ae02a86830c9816928e3e06ce6e965568a8c29ad13d967a32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parser_utils/type_sig/type_sig_hash.ml"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED025", "level": "error", "message": {"text": "[MINED025] Php Eval: eval() executes arbitrary PHP. Code injection."}, "properties": {"repobilityId": 144446, "scanner": "repobility-threat-engine", "fingerprint": "1579cdc73004f6c9892788df7aeb626c2590faac5f731401fcd07c55ed68594d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-eval", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347956+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 164}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1579cdc73004f6c9892788df7aeb626c2590faac5f731401fcd07c55ed68594d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analysis/env_builder/nonvoid_return.ml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 144445, "scanner": "repobility-threat-engine", "fingerprint": "2b7be83afd493081a9c4e64e5aa6611cabe2c8286467964dab2bec7bf0782278", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b7be83afd493081a9c4e64e5aa6611cabe2c8286467964dab2bec7bf0782278"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/parser_utils/type_sig/type_sig_hash.ml"}, "region": {"startLine": 150}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 144444, "scanner": "repobility-threat-engine", "fingerprint": "8b1fd2241fae7604c6ab02829fda0c35149f785d9e249a8acb6d4f35af7f8ce3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b1fd2241fae7604c6ab02829fda0c35149f785d9e249a8acb6d4f35af7f8ce3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analysis/env_builder/nonvoid_return.ml"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED015", "level": "error", "message": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "properties": {"repobilityId": 144442, "scanner": "repobility-threat-engine", "fingerprint": "69f00d1ae07c60935be0ccbafe82a91ae060df4bf50088f3be7001697449beec", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "correlation_key": "fp|69f00d1ae07c60935be0ccbafe82a91ae060df4bf50088f3be7001697449beec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lsp/selectionRangeProvider.ml"}, "region": {"startLine": 267}}}]}, {"ruleId": "MINED015", "level": "error", "message": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "properties": {"repobilityId": 144441, "scanner": "repobility-threat-engine", "fingerprint": "50801c0757e39b43967079941c8462cf7071416e7cdf5440c74182f7e33999f5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50801c0757e39b43967079941c8462cf7071416e7cdf5440c74182f7e33999f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/codemods/remove_react_import.ml"}, "region": {"startLine": 146}}}]}, {"ruleId": "MINED015", "level": "error", "message": {"text": "[MINED015] Ruby Eval Call: eval() executes arbitrary code. Code injection."}, "properties": {"repobilityId": 144440, "scanner": "repobility-threat-engine", "fingerprint": "786bafa1ab0c6e0e56a6ecdb78a7a7446c1db098735b1aef7355b258256e933f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-eval-call", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347933+00:00", "triaged_in_corpus": 20, "observations_count": 85733, "ai_coder_pattern_id": 161}, "scanner": "repobility-threat-engine", "correlation_key": "fp|786bafa1ab0c6e0e56a6ecdb78a7a7446c1db098735b1aef7355b258256e933f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analysis/env_builder/nonvoid_return.ml"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 144415, "scanner": "repobility-threat-engine", "fingerprint": "681c7466b25810f38cae66396b416938736ee9d33cd3b467dfb9c73ae29c0071", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(key", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|681c7466b25810f38cae66396b416938736ee9d33cd3b467dfb9c73ae29c0071"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-upgrade/flow-typed/npm/yargs_v17.x.x.js"}, "region": {"startLine": 272}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 144414, "scanner": "repobility-threat-engine", "fingerprint": "ec943de80df9125e62eeb62af0ba42737126cf8355122076e8bc49a05f8f1aad", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(moduleId", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ec943de80df9125e62eeb62af0ba42737126cf8355122076e8bc49a05f8f1aad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/flow-for-vscode/src/utils/importFresh.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED013", "level": "error", "message": {"text": "[MINED013] Password In Url: https://user:password@host \u2014 leaks creds via logs, referrer, error messages."}, "properties": {"repobilityId": 144390, "scanner": "repobility-threat-engine", "fingerprint": "fc219c20861202fb66134c1ca7d44c9285762b41155e0c596ca7a79152def755", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "password-in-url", "owasp": "A07:2021", "cwe_ids": ["CWE-200"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347928+00:00", "triaged_in_corpus": 20, "observations_count": 121646, "ai_coder_pattern_id": 37}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc219c20861202fb66134c1ca7d44c9285762b41155e0c596ca7a79152def755"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".circleci/deploy_flow_bin.sh"}, "region": {"startLine": 20}}}]}]}]}