{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Store the interval id and return a useEffect cleanup that calls clearInterval. Also clear the interval in explicit stop/end handlers when relevant."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED047] Emoji In Source (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 95 more): Same pattern found in 95 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 95 more): Same pattern found in 95 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 28 more): Same pattern found in 28 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED058] React Dangerously Set Html (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 52 more): Same pattern found in 52 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED051", "name": "[MINED051] Csharp Null Forgive (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED051] Csharp Null Forgive (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED008", "name": "[MINED008] Swift Force Unwrap (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED008] Swift Force Unwrap (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED002", "name": "[MINED002] Dart Null Bang (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED002] Dart Null Bang (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED070", "name": "[MINED070] Zig Undefined Init: var x: T = undefined leaves memory uninitialized. Often a foot-gun.", "shortDescription": {"text": "[MINED070] Zig Undefined Init: var x: T = undefined leaves memory uninitialized. Often a foot-gun."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED048", "name": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues.", "shortDescription": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 33 more): Same pattern found in 33 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 116 more): Same pattern found in 116 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 116 more): Same pattern found in 116 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 123 more): Same pattern found in 123 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 123 more): Same pattern found in 123 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED042", "name": "[MINED042] Cpp New Without Delete (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED042] Cpp New Without Delete (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED010", "name": "[MINED010] Ruby System Call (and 16 more): Same pattern found in 16 additional files. Review if needed.", "shortDescription": {"text": "[MINED010] Ruby System Call (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 22 more): Same pattern found in 22 additional files. Review if nee", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 17 more): Same pattern found in 17 additional f", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `@angular/compiler` pulled from URL/Git: `dependencies.@angular/compiler` = `link:./in-exist", "shortDescription": {"text": "[MINED122] package.json dep `@angular/compiler` pulled from URL/Git: `dependencies.@angular/compiler` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC027", "name": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not config", "shortDescription": {"text": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not configured. libxmljs in particular has had XXE CVEs."}, "fullDescription": {"text": "Pass `noent: false` to libxmljs. Avoid xml2js or pass explicit secure config. Prefer parsers that don't expand external entities at all."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "[MINED123] Trojan Source bidi character (LRM) in source: Line 60 contains a Unicode bidirectional override character (U+", "shortDescription": {"text": "[MINED123] Trojan Source bidi character (LRM) in source: Line 60 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see diffe"}, "fullDescription": {"text": "Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED035", "name": "[MINED035] Js New Function: new Function(...) compiles strings to functions.", "shortDescription": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/768"}, "properties": {"repository": "angular/angular", "repoUrl": "https://github.com/angular/angular", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 64420, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 64419, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 64416, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 64415, "scanner": "repobility-agent-runtime", "fingerprint": "47a73fb9407b1a48563e5853ab5ab96f894c0a10651f937827cba4a4546f9ea3", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|47a73fb9407b1a48563e5853ab5ab96f894c0a10651f937827cba4a4546f9ea3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/testing/testing-helper.ts"}, "region": {"startLine": 213}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 64414, "scanner": "repobility-agent-runtime", "fingerprint": "7d41ec7b266a41602c2f26b33463ecf92ed2554d25c20c96fad1f40b72ab07ed", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|7d41ec7b266a41602c2f26b33463ecf92ed2554d25c20c96fad1f40b72ab07ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/providers/local-storage.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 64371, "scanner": "repobility-threat-engine", "fingerprint": "3c8ad942bb9eb8df582ca8584e407d3a118f89056d59c8ec2a2f0257138c08e2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3c8ad942bb9eb8df582ca8584e407d3a118f89056d59c8ec2a2f0257138c08e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/signals/steps/10-reacting-to-signal-changes-with-effect/src/app/app.ts"}, "region": {"startLine": 75}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 64370, "scanner": "repobility-threat-engine", "fingerprint": "0e5fbb06d60a44f5e3727d3dd63aefee4db2be46c7f826c1462d29a8fa258e52", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0e5fbb06d60a44f5e3727d3dd63aefee4db2be46c7f826c1462d29a8fa258e52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/signals/steps/10-reacting-to-signal-changes-with-effect/answer/src/app/app.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 64366, "scanner": "repobility-threat-engine", "fingerprint": "6c2ed900604b2085dbb136d5bb8b19eb905495033082b39252dbe621949f5caa", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (e) {\n          return null;\n        }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6c2ed900604b2085dbb136d5bb8b19eb905495033082b39252dbe621949f5caa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/app/editor/code-editor/extensions/autocomplete.ts"}, "region": {"startLine": 84}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 64347, "scanner": "repobility-threat-engine", "fingerprint": "1bba6d48fbfe7a25cb7b62d3b847a299fab3ee79949cd339856d2f763baf5ed3", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(`https://angular.dev/${location.pathname}`, '_blank')", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|104|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/app/app.component.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 64346, "scanner": "repobility-threat-engine", "fingerprint": "48990275eea604f1ef10b7d283e32198476fcf32b13176815d153f91c4b48c9f", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a class=\"docs-github-links\" target=\"_blank\" href=\"${GITHUB_EDIT_CONTENT_URL}/${filePath}\" title=\"Ed", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|56|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/transformations/heading.mts"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 64345, "scanner": "repobility-threat-engine", "fingerprint": "fb14b383e5fe033756d94d81a1b079365563b8f4af16ca7ce0bec5244bb99943", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a\n            class=\"docs-github-links\"\n            target=\"_blank\"\n            href={sourceUrl}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|50|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/templates/header-api.tsx"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 64295, "scanner": "repobility-threat-engine", "fingerprint": "48356e0a1488c7eca0ff24e90eedd1854fa79e07d5080cbe732621f05e2c6bf8", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|41|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-alert.mts"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 64294, "scanner": "repobility-threat-engine", "fingerprint": "352738d12a3905b77107a00cb2045f6a917f28df2161a5950a15bbd4646b58fb", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|19|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/heading.mts"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 64293, "scanner": "repobility-threat-engine", "fingerprint": "e5f9810435815b07a3eca4c300c6e5ba996788350ffc693ccbc19e031a36eb5e", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|57|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/routes/generate-routes.mts"}, "region": {"startLine": 57}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 64418, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 64417, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "835678b7dbd723d5070900b029c9e2873191008010ed3608329d807fcd2c3bbc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/08-ngFor/src/app/housing-location/housing-location.ts", "duplicate_line": 5, "correlation_key": "fp|835678b7dbd723d5070900b029c9e2873191008010ed3608329d807fcd2c3bbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/10-routing/src/app/housing-location/housing-location.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "09966b7f950f7e5f112a84e9c8bbba6f29fddd84d0488d263d189d09229631e0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/09-services/src/app/housing-location/housing-location.ts", "duplicate_line": 1, "correlation_key": "fp|09966b7f950f7e5f112a84e9c8bbba6f29fddd84d0488d263d189d09229631e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/10-routing/src/app/housing-location/housing-location.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9926c5d39aeed983ea09e8bf3b857a4ddbdbb35377a84306f75c278764933638", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/09-services/src/app/home/home.ts", "duplicate_line": 4, "correlation_key": "fp|9926c5d39aeed983ea09e8bf3b857a4ddbdbb35377a84306f75c278764933638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/10-routing/src/app/home/home.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64410, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3941e8688b16b3454035e3f5c9d3b657efd5f0a3d52cb97e81effabe2f265e15", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|3941e8688b16b3454035e3f5c9d3b657efd5f0a3d52cb97e81effabe2f265e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/10-routing/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64409, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2dbee3d9494222bfb206e4965553e1161b62f9d19e1d525a0497ec73e1d319b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/08-ngFor/src/app/housing-location/housing-location.ts", "duplicate_line": 5, "correlation_key": "fp|2dbee3d9494222bfb206e4965553e1161b62f9d19e1d525a0497ec73e1d319b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/09-services/src/app/housing-location/housing-location.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f7a96de8497ff957608b71f39d15e0bb9834a12911ed502e3be04901c1f2136", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/05-inputs/src/app/home/home.ts", "duplicate_line": 1, "correlation_key": "fp|8f7a96de8497ff957608b71f39d15e0bb9834a12911ed502e3be04901c1f2136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/09-services/src/app/home/home.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d706d605e742a8f6db13e56c86ef43ede215e0aefbd47c962815a2eaf841ca73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|d706d605e742a8f6db13e56c86ef43ede215e0aefbd47c962815a2eaf841ca73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/09-services/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b878a5803c1a006cf26c5f1334af04d489118acb437d89e0490a94de2ff2d2ad", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/06-property-binding/src/app/home/home.ts", "duplicate_line": 4, "correlation_key": "fp|b878a5803c1a006cf26c5f1334af04d489118acb437d89e0490a94de2ff2d2ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/08-ngFor/src/app/home/home.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64405, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8dd8b8f63f60859ddad38821ae3ec6045ae82764d8d45add90faaa580f27cc58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/05-inputs/src/app/home/home.ts", "duplicate_line": 1, "correlation_key": "fp|8dd8b8f63f60859ddad38821ae3ec6045ae82764d8d45add90faaa580f27cc58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/08-ngFor/src/app/home/home.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64404, "scanner": "repobility-ai-code-hygiene", "fingerprint": "49647eb5fe3129e4d999ea5bf9a84422e068cbc1694e1b53653047156b36d403", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|49647eb5fe3129e4d999ea5bf9a84422e068cbc1694e1b53653047156b36d403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/08-ngFor/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64403, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e410d50fedd3825723ed8d40318123bffa7dd9d784201265ea39ba2fc161ce4d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/06-property-binding/src/app/home/home.ts", "duplicate_line": 4, "correlation_key": "fp|e410d50fedd3825723ed8d40318123bffa7dd9d784201265ea39ba2fc161ce4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/07-dynamic-template-values/src/app/home/home.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64402, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4515a2858563217e952c9dbb39ae9b479d42c7640c57b6790980a8461bb58f76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/05-inputs/src/app/home/home.ts", "duplicate_line": 1, "correlation_key": "fp|4515a2858563217e952c9dbb39ae9b479d42c7640c57b6790980a8461bb58f76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/07-dynamic-template-values/src/app/home/home.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64401, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bcfa0202819f79a5536457c2f86e7b46adf8c6610b0d5b2a19d2985b8464bd9c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|bcfa0202819f79a5536457c2f86e7b46adf8c6610b0d5b2a19d2985b8464bd9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/07-dynamic-template-values/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64400, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e6f410e573b8b4abfed5cafc4a79452d1a0835da51e6eb21f373407847768cd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/05-inputs/src/app/home/home.ts", "duplicate_line": 1, "correlation_key": "fp|5e6f410e573b8b4abfed5cafc4a79452d1a0835da51e6eb21f373407847768cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/06-property-binding/src/app/home/home.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64399, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31877f799d612cd4b0268da31ed2ce5f7f5f95af0981b21515a3672135d70d4f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|31877f799d612cd4b0268da31ed2ce5f7f5f95af0981b21515a3672135d70d4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/06-property-binding/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64398, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a090a3944e2c69f43bca95bc4efe8e9e7b6572c13649798c7b44540c587ffb53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/04-interfaces/src/app/home/home.ts", "duplicate_line": 3, "correlation_key": "fp|a090a3944e2c69f43bca95bc4efe8e9e7b6572c13649798c7b44540c587ffb53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/05-inputs/src/app/home/home.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64397, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37ab361e57e67b95b08bb38f970c46a3f3342e0b88c6f1b38c8ecaae38f1f77c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|37ab361e57e67b95b08bb38f970c46a3f3342e0b88c6f1b38c8ecaae38f1f77c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/05-inputs/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64396, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0e59fa71aeb7252d8ea85e9152dcd0e37fef21d5fcc78fbd1cac47b13ab79d36", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/first-app/steps/03-HousingLocation/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|0e59fa71aeb7252d8ea85e9152dcd0e37fef21d5fcc78fbd1cac47b13ab79d36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/first-app/steps/04-interfaces/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64395, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb1fc9a923bda29b15db1116ae57ae8a6a4884959f6f71659dc4f6f450662789", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/article-comments.ts", "duplicate_line": 1, "correlation_key": "fp|fb1fc9a923bda29b15db1116ae57ae8a6a4884959f6f71659dc4f6f450662789"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/3-defer-triggers/src/app/article-comments.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64394, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c963e802b2497c2dedad3e5fd97b6e8fa407e8a94a5bf8512063c6c0b651beb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/2-loading-error-placeholder/answer/src/app/app.ts", "duplicate_line": 6, "correlation_key": "fp|6c963e802b2497c2dedad3e5fd97b6e8fa407e8a94a5bf8512063c6c0b651beb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/3-defer-triggers/src/app/app.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64393, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6265088490c8726cce900f93aa29619b675bcc769b187c517d262add98622d25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|6265088490c8726cce900f93aa29619b675bcc769b187c517d262add98622d25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/3-defer-triggers/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64392, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f62eb5eaa2184608ee1f12787b99d65d85bad3a668d41605204e77a0681b9193", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/article-comments.ts", "duplicate_line": 1, "correlation_key": "fp|f62eb5eaa2184608ee1f12787b99d65d85bad3a668d41605204e77a0681b9193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/3-defer-triggers/answer/src/app/article-comments.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64391, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f02a4d12a53b4a9f462ab68a3e96932dd0af27de19687d61ca73b6b3d2c8f01", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/2-loading-error-placeholder/answer/src/app/app.ts", "duplicate_line": 16, "correlation_key": "fp|7f02a4d12a53b4a9f462ab68a3e96932dd0af27de19687d61ca73b6b3d2c8f01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/3-defer-triggers/answer/src/app/app.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64390, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51e464a91c1fd3fa606843bc3f0a4550358123e1e973a43ee3bc7d68784dcbde", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|51e464a91c1fd3fa606843bc3f0a4550358123e1e973a43ee3bc7d68784dcbde"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/3-defer-triggers/answer/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64389, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8438709a787886e8b06fef824d830c584f253f9e25f1fb01df10a937cbc26dc4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/article-comments.ts", "duplicate_line": 1, "correlation_key": "fp|8438709a787886e8b06fef824d830c584f253f9e25f1fb01df10a937cbc26dc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/2-loading-error-placeholder/src/app/article-comments.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64388, "scanner": "repobility-ai-code-hygiene", "fingerprint": "586d223bb438a1d322c27add5471cb15c34cb7e884098aa416831f3bf691ce3d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|586d223bb438a1d322c27add5471cb15c34cb7e884098aa416831f3bf691ce3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/2-loading-error-placeholder/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64387, "scanner": "repobility-ai-code-hygiene", "fingerprint": "296e5f8d4f475ce918063e4d985973203c8d86e33202944b8d737a246699bf30", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/article-comments.ts", "duplicate_line": 1, "correlation_key": "fp|296e5f8d4f475ce918063e4d985973203c8d86e33202944b8d737a246699bf30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/2-loading-error-placeholder/answer/src/app/article-comments.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64386, "scanner": "repobility-ai-code-hygiene", "fingerprint": "846e899412c6ad3a91f0f824dab002e0a59bf6e60517de055d3b775420840fd5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|846e899412c6ad3a91f0f824dab002e0a59bf6e60517de055d3b775420840fd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/2-loading-error-placeholder/answer/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64385, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca67bc98a14ef8fa1f2561e79527764cdf4f0a3717bd81ef3f1962aad194fe54", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/article-comments.ts", "duplicate_line": 1, "correlation_key": "fp|ca67bc98a14ef8fa1f2561e79527764cdf4f0a3717bd81ef3f1962aad194fe54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/src/app/article-comments.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64384, "scanner": "repobility-ai-code-hygiene", "fingerprint": "830d48a93fdf31e9b5a99041d3927f32c9bb3e150887def3041e62c1e185979c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/answer/src/app/app.ts", "duplicate_line": 1, "correlation_key": "fp|830d48a93fdf31e9b5a99041d3927f32c9bb3e150887def3041e62c1e185979c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/deferrable-views/steps/1-what-are-deferrable-views/src/app/app.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 64383, "scanner": "repobility-ai-code-hygiene", "fingerprint": "934b85eaedbe1ae929a60c3689f2743821f23263df2f174c7c59451bbeaa0eea", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "rewrite", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|934b85eaedbe1ae929a60c3689f2743821f23263df2f174c7c59451bbeaa0eea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/zone.js/lib/common/error-rewrite.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 64358, "scanner": "repobility-threat-engine", "fingerprint": "e490b6b2c1d04bc12d618565ca6b6ab683fe8c73efeeace1db868263779db4a5", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|48|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/services/table-of-contents-loader.service.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 64357, "scanner": "repobility-threat-engine", "fingerprint": "6ddcc32ff7192cfbe229d5571377a88d5002f5fe28b91a4a0c83e508c24304d4", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|168|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/examples/stackblitz/builder.mts"}, "region": {"startLine": 168}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 64380, "scanner": "repobility-threat-engine", "fingerprint": "f19e176743b1e204aa93938d2f5fbdd4b4c2064e5aa10efb955e27c30e97071f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f19e176743b1e204aa93938d2f5fbdd4b4c2064e5aa10efb955e27c30e97071f", "aggregated_count": 4}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 64379, "scanner": "repobility-threat-engine", "fingerprint": "0359adc9ca4bc52910e2f4713d265e6b7becb4711c5c1cafe15942eaf2eb85e3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0359adc9ca4bc52910e2f4713d265e6b7becb4711c5c1cafe15942eaf2eb85e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/common/locales/ff-MR.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 64378, "scanner": "repobility-threat-engine", "fingerprint": "15005ca2e857ea6a9f0ef9761324f8423c20863cc5afe0e2571fdf2d9f781bbe", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15005ca2e857ea6a9f0ef9761324f8423c20863cc5afe0e2571fdf2d9f781bbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/common/locales/ff-GN.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 64377, "scanner": "repobility-threat-engine", "fingerprint": "eedf34eab5c0207c83df9e4a62d5fe8d5e909c4fb7506b83edeb9819f8df6582", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eedf34eab5c0207c83df9e4a62d5fe8d5e909c4fb7506b83edeb9819f8df6582"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/common/locales/ff-CM.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 64372, "scanner": "repobility-threat-engine", "fingerprint": "f5ff7e5d219169b13698b7aa6cd714180be4e708f8fbaf2124fa92dd317c02c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5ff7e5d219169b13698b7aa6cd714180be4e708f8fbaf2124fa92dd317c02c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/tutorials/signals/steps/9-query-child-elements-with-signal-queries/src/app/app.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 64369, "scanner": "repobility-threat-engine", "fingerprint": "1b46bc40152cce8033773115d465c4ac26afb37dfea551fee8222e0c6660e039", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b46bc40152cce8033773115d465c4ac26afb37dfea551fee8222e0c6660e039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/examples/signal-forms/src/compat-form-control-integration/app/app.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 64368, "scanner": "repobility-threat-engine", "fingerprint": "159e6283ea9a4d381ea545025c0d9aa89fea75f1738da63edfbe0877a67ac8ab", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log(this.f.password()", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|4|console.log this.f.password"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/examples/signal-forms/src/compat-form-control-integration/app/app.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 95 more): Same pattern found in 95 additional files. Review if needed."}, "properties": {"repobilityId": 64365, "scanner": "repobility-threat-engine", "fingerprint": "317ed5a8687d1e82ef7723271ae7ec23e08b1885d8766797f82dd5a9f0065579", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 95 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|317ed5a8687d1e82ef7723271ae7ec23e08b1885d8766797f82dd5a9f0065579", "aggregated_count": 95}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 64364, "scanner": "repobility-threat-engine", "fingerprint": "9191f78e5dba4a8b7c7e05ee0c89366b19339855dbfa59e33e1dc10162d7040e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9191f78e5dba4a8b7c7e05ee0c89366b19339855dbfa59e33e1dc10162d7040e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/app/core/services/errors-handling/error-handler.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 64363, "scanner": "repobility-threat-engine", "fingerprint": "6d8210b0b4dfd768df0807a61ef99a234d055b09308b703d049e45104e3e1c72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6d8210b0b4dfd768df0807a61ef99a234d055b09308b703d049e45104e3e1c72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/utils/zip.utils.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 64362, "scanner": "repobility-threat-engine", "fingerprint": "59cd328eff14a584fb283feb725b37e5dfd5eb1f161c82e2faa3d2fc6bf3521e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|59cd328eff14a584fb283feb725b37e5dfd5eb1f161c82e2faa3d2fc6bf3521e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/regions/remove-eslint-comments.mts"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 64361, "scanner": "repobility-threat-engine", "fingerprint": "ef0cb80ce287ad1bb62d915bf11746bd60e6e20d285d37ae155efe259ad9e9bf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ef0cb80ce287ad1bb62d915bf11746bd60e6e20d285d37ae155efe259ad9e9bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/utils/navigation.utils.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 64360, "scanner": "repobility-threat-engine", "fingerprint": "90e01880a1079c8618260b0c39c70b6b21c69d4dff13427282c1c5cc553f735c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|90e01880a1079c8618260b0c39c70b6b21c69d4dff13427282c1c5cc553f735c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/transformations/link.mts"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC006", "level": "none", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 64359, "scanner": "repobility-threat-engine", "fingerprint": "35061089a170e0bb1533befd9bbbbf5e17c7cf76e58336cccd126cc51f38c89f", "category": "injection", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Sanitization detected ('sanitize') \u2014 output is likely sanitized", "evidence": {"match": ".innerHTML = s", "reason": "Sanitization detected ('sanitize') \u2014 output is likely sanitized", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|injection|token|103|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/app/editor/code-editor/extensions/tooltip.ts"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 28 more): Same pattern found in 28 additional files. Review if needed."}, "properties": {"repobilityId": 64356, "scanner": "repobility-threat-engine", "fingerprint": "1e4f61a7cc798e772fe465a9b2fc3f5eeb9e4e9ca1f8bbff71b19875a5a6edc8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 28 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|1e4f61a7cc798e772fe465a9b2fc3f5eeb9e4e9ca1f8bbff71b19875a5a6edc8"}}}, {"ruleId": "SEC083", "level": "none", "message": {"text": "[SEC083] JS: new RegExp() with non-literal (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 64352, "scanner": "repobility-threat-engine", "fingerprint": "f18933be2d43a6f2b86aba60a194501d92b01604e86efa860079d4abf0349f9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f18933be2d43a6f2b86aba60a194501d92b01604e86efa860079d4abf0349f9e"}}}, {"ruleId": "SEC041", "level": "none", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\" (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 64348, "scanner": "repobility-threat-engine", "fingerprint": "445e143bfb9fa42d815d6c9ae398165a70589a79a844fb4f61e3e95a91105bbd", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|445e143bfb9fa42d815d6c9ae398165a70589a79a844fb4f61e3e95a91105bbd"}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 64344, "scanner": "repobility-threat-engine", "fingerprint": "b00d577a1057957f67ad2302cbc95a6a91a9ef4fe2a39ce058aadf87e6fd4ded", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b00d577a1057957f67ad2302cbc95a6a91a9ef4fe2a39ce058aadf87e6fd4ded", "aggregated_count": 4}}}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 64343, "scanner": "repobility-threat-engine", "fingerprint": "ca9baf80b0a785df1e4e039cb641c749b1d36eb729cbb346405846c05c009c26", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ca9baf80b0a785df1e4e039cb641c749b1d36eb729cbb346405846c05c009c26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/templates/code-table-of-contents.tsx"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 64342, "scanner": "repobility-threat-engine", "fingerprint": "9540c99f2f535f211de96992f47b84d3d1abe771e7cf6e36d6ce12934ef7c9bf", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9540c99f2f535f211de96992f47b84d3d1abe771e7cf6e36d6ce12934ef7c9bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/templates/code-line.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 64341, "scanner": "repobility-threat-engine", "fingerprint": "302902122125144b4cef8b6e00f3088e1ec98940c73ac550c9650c80b1d1a4e5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|302902122125144b4cef8b6e00f3088e1ec98940c73ac550c9650c80b1d1a4e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/templates/cli-card.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 64340, "scanner": "repobility-threat-engine", "fingerprint": "7dbe4cb6504eac49440f796093e45e0e0e36f4e4bb1cbbbca9da289d7d87b6d3", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7dbe4cb6504eac49440f796093e45e0e0e36f4e4bb1cbbbca9da289d7d87b6d3", "aggregated_count": 52}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 64339, "scanner": "repobility-threat-engine", "fingerprint": "a1111ec36d3aa57272deedf084a1ae4ff61c9be437a05d5f35caa98bd05331c1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1111ec36d3aa57272deedf084a1ae4ff61c9be437a05d5f35caa98bd05331c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/transformations/link.mts"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 64338, "scanner": "repobility-threat-engine", "fingerprint": "223b06d0da897bdc4f7c030c778962915158fcb016cf3aa2073ef02896e9a97d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|223b06d0da897bdc4f7c030c778962915158fcb016cf3aa2073ef02896e9a97d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/range.mts"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 64337, "scanner": "repobility-threat-engine", "fingerprint": "41bf330980e007f336ea03be360ea044aedca62e3677406af58c6945b5fae640", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41bf330980e007f336ea03be360ea044aedca62e3677406af58c6945b5fae640"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/index.mts"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 64336, "scanner": "repobility-threat-engine", "fingerprint": "f9fc2a223db2834daab3006a3efb2fac31ea1f1326067fd7b257c3903e6b9c60", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f9fc2a223db2834daab3006a3efb2fac31ea1f1326067fd7b257c3903e6b9c60", "aggregated_count": 1}}}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 64335, "scanner": "repobility-threat-engine", "fingerprint": "b8d08ede41bef123b645d529f1ded8442c70602797136c12f72db31faed68bc4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b8d08ede41bef123b645d529f1ded8442c70602797136c12f72db31faed68bc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/index.mts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 64334, "scanner": "repobility-threat-engine", "fingerprint": "acb04aa969d117d5bcdee52ea6fbd670488544eecef33e0da677dfda3d8f683a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|acb04aa969d117d5bcdee52ea6fbd670488544eecef33e0da677dfda3d8f683a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/highlight.mts"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED051", "level": "none", "message": {"text": "[MINED051] Csharp Null Forgive: x! tells compiler \"definitely not null\" \u2014 bypasses nullable check. NRE risk if wrong."}, "properties": {"repobilityId": 64333, "scanner": "repobility-threat-engine", "fingerprint": "92b291f45fcdc7b02b98d5421ed505191ca11d885049f093766e65fc2c541a24", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "csharp-null-forgive", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["csharp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348020+00:00", "triaged_in_corpus": 12, "observations_count": 518114, "ai_coder_pattern_id": 173}, "scanner": "repobility-threat-engine", "correlation_key": "fp|92b291f45fcdc7b02b98d5421ed505191ca11d885049f093766e65fc2c541a24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/index.mts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED008", "level": "none", "message": {"text": "[MINED008] Swift Force Unwrap (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 64332, "scanner": "repobility-threat-engine", "fingerprint": "c3c148d3976c92913f3342659e9404f9e65f514113192ca64a4e0178bc5917f9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "swift-force-unwrap", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["swift"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347916+00:00", "triaged_in_corpus": 15, "observations_count": 210453, "ai_coder_pattern_id": 157}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c3c148d3976c92913f3342659e9404f9e65f514113192ca64a4e0178bc5917f9", "aggregated_count": 1}}}, {"ruleId": "MINED002", "level": "none", "message": {"text": "[MINED002] Dart Null Bang (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 64328, "scanner": "repobility-threat-engine", "fingerprint": "774a6e12fbd896f7609d087669e1afb8bb978bdc7fe630aa1d12772ea8f9d552", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|774a6e12fbd896f7609d087669e1afb8bb978bdc7fe630aa1d12772ea8f9d552", "aggregated_count": 1}}}, {"ruleId": "MINED070", "level": "none", "message": {"text": "[MINED070] Zig Undefined Init: var x: T = undefined leaves memory uninitialized. Often a foot-gun."}, "properties": {"repobilityId": 64324, "scanner": "repobility-threat-engine", "fingerprint": "9904661a0a9c27b0b3dc031a83c6c1a8d70047ddbac83eae07a72904d791e143", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "zig-undefined-init", "owasp": null, "cwe_ids": [], "languages": ["zig"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348065+00:00", "triaged_in_corpus": 12, "observations_count": 36548, "ai_coder_pattern_id": 171}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9904661a0a9c27b0b3dc031a83c6c1a8d70047ddbac83eae07a72904d791e143"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/entities/categorization.mts"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 64323, "scanner": "repobility-threat-engine", "fingerprint": "52d2e4554039052e0db4927506264b6a3a0dd9d1145326364ad2b4bfcc7d5c14", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|52d2e4554039052e0db4927506264b6a3a0dd9d1145326364ad2b4bfcc7d5c14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/ng-modules-importability/index.mts"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 64322, "scanner": "repobility-threat-engine", "fingerprint": "275ffb57d45331aa87ce415f261be9ac5f819083bbb2ef89ee47d00ac29d56d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|275ffb57d45331aa87ce415f261be9ac5f819083bbb2ef89ee47d00ac29d56d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/examples/template/src/app/app.component.mts"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED048", "level": "none", "message": {"text": "[MINED048] Php Error Suppress: @function() suppresses errors silently. Hides real issues."}, "properties": {"repobilityId": 64321, "scanner": "repobility-threat-engine", "fingerprint": "153afb7fd43779407db3c945ebf01683bdf7298ba36779a1956d125ff0d0f1ce", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "php-error-suppress", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["php"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348013+00:00", "triaged_in_corpus": 12, "observations_count": 849118, "ai_coder_pattern_id": 166}, "scanner": "repobility-threat-engine", "correlation_key": "fp|153afb7fd43779407db3c945ebf01683bdf7298ba36779a1956d125ff0d0f1ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/extraction/interpolate_code_examples.mts"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "properties": {"repobilityId": 64320, "scanner": "repobility-threat-engine", "fingerprint": "09a29f6fb06578b561d63ae2dd291a76dfe5468697d8e07ddfb477e23b1df4cf", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|09a29f6fb06578b561d63ae2dd291a76dfe5468697d8e07ddfb477e23b1df4cf"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 116 more): Same pattern found in 116 additional files. Review if needed."}, "properties": {"repobilityId": 64316, "scanner": "repobility-threat-engine", "fingerprint": "7ced2b6dcb2128329ad27c864f53b766309258cc059f4883f8ae0aa1edaaec47", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 116 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7ced2b6dcb2128329ad27c864f53b766309258cc059f4883f8ae0aa1edaaec47", "aggregated_count": 116}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 64315, "scanner": "repobility-threat-engine", "fingerprint": "98af88cc03f1ffcd7a8f869d2608a300aaade941c06f6548a8625fcd0c0f9c30", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98af88cc03f1ffcd7a8f869d2608a300aaade941c06f6548a8625fcd0c0f9c30"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/templates/header-api.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 64314, "scanner": "repobility-threat-engine", "fingerprint": "28beed7333ba684b5ebfa363aac17543cbfdedf89d85808e030721a58676d084", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|28beed7333ba684b5ebfa363aac17543cbfdedf89d85808e030721a58676d084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/index.mts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 64313, "scanner": "repobility-threat-engine", "fingerprint": "3c2cdb794f5dd1ed3190356fbe68d9df81ae2d77872e3b9650d971ed2e022b72", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c2cdb794f5dd1ed3190356fbe68d9df81ae2d77872e3b9650d971ed2e022b72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/components/navigation-list/navigation-list.component.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 123 more): Same pattern found in 123 additional files. Review if needed."}, "properties": {"repobilityId": 64312, "scanner": "repobility-threat-engine", "fingerprint": "14f205050aff585a53d1685e01a38a7ea4d3efb321f02d0663fc061c079bacbf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 123 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|14f205050aff585a53d1685e01a38a7ea4d3efb321f02d0663fc061c079bacbf", "aggregated_count": 123}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 64311, "scanner": "repobility-threat-engine", "fingerprint": "97ed53d3e9ca842581f10ccbb50a8663855ce4c19cee7861433a3518b8319291", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|97ed53d3e9ca842581f10ccbb50a8663855ce4c19cee7861433a3518b8319291"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/update-cross-repo-docs/index.mjs"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 64310, "scanner": "repobility-threat-engine", "fingerprint": "2b0636e134198505d66a4e54a270e78a07c9c48d49ed871dc17d1c565882643a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b0636e134198505d66a4e54a270e78a07c9c48d49ed871dc17d1c565882643a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/synonyms/update-synonyms.mts"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 64309, "scanner": "repobility-threat-engine", "fingerprint": "45785ec56b309f01e6725e0b5437aabcf6277d3731306b428a7bdf1551b03b7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|45785ec56b309f01e6725e0b5437aabcf6277d3731306b428a7bdf1551b03b7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/routes/generate-routes.mts"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 64308, "scanner": "repobility-threat-engine", "fingerprint": "56e48aa5cf243fe3deb0c5ca8264cc3a80bfac2ccdcb24e3771dca42d95dda33", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|56e48aa5cf243fe3deb0c5ca8264cc3a80bfac2ccdcb24e3771dca42d95dda33", "aggregated_count": 17}}}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 64307, "scanner": "repobility-threat-engine", "fingerprint": "5b74be0be4c00d70c33c217040c02ce8ceadcfdda6177407a893591fffa399c0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5b74be0be4c00d70c33c217040c02ce8ceadcfdda6177407a893591fffa399c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/extraction/index.mts"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 64306, "scanner": "repobility-threat-engine", "fingerprint": "2406e6447bc70975000e9a674965985ca390c28400483b03cec9367cdca0b7b0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2406e6447bc70975000e9a674965985ca390c28400483b03cec9367cdca0b7b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/synonyms/update-synonyms.mts"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED042", "level": "none", "message": {"text": "[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr \u2014 memory leak risk."}, "properties": {"repobilityId": 64305, "scanner": "repobility-threat-engine", "fingerprint": "e2b4f9265ebe8a1e2b980043f20b95f456a165b609cc8b415f570a055247f25b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cpp-new-without-delete", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["cpp"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347996+00:00", "triaged_in_corpus": 12, "observations_count": 4658256, "ai_coder_pattern_id": 134}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2b4f9265ebe8a1e2b980043f20b95f456a165b609cc8b415f570a055247f25b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/routes/generate-routes.mts"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED010", "level": "none", "message": {"text": "[MINED010] Ruby System Call (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 64304, "scanner": "repobility-threat-engine", "fingerprint": "9deea5c1f55af9d3bf5bab70517f3df0cd37807603b2184a548507d37892da17", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9deea5c1f55af9d3bf5bab70517f3df0cd37807603b2184a548507d37892da17", "aggregated_count": 16}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 64300, "scanner": "repobility-threat-engine", "fingerprint": "5ca54ab90029902728d161c57b6d45a92251ea1746ca58f27efad90d2ccb4080", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5ca54ab90029902728d161c57b6d45a92251ea1746ca58f27efad90d2ccb4080"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 64296, "scanner": "repobility-threat-engine", "fingerprint": "935ca1bcfb4d5d281bd63348c3a3354eb0a4b201cfe472375901be41ecd40841", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|935ca1bcfb4d5d281bd63348c3a3354eb0a4b201cfe472375901be41ecd40841"}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 64292, "scanner": "repobility-threat-engine", "fingerprint": "be4b4090fe4da3db9e1834a41ae3e355ca64f3bf63ce85cc290054ae6c948e10", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|be4b4090fe4da3db9e1834a41ae3e355ca64f3bf63ce85cc290054ae6c948e10"}}}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler` pulled from URL/Git: `dependencies.@angular/compiler` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64445, "scanner": "repobility-supply-chain", "fingerprint": "df318adc4ebb675e48894a23b932dc619463eb048e0f1ffeda4f23a07913fa19", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|df318adc4ebb675e48894a23b932dc619463eb048e0f1ffeda4f23a07913fa19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/defer/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/common` pulled from URL/Git: `dependencies.@angular/common` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64444, "scanner": "repobility-supply-chain", "fingerprint": "39eac8e31488ee18116c967a6e455188eb3396a176884f091113d3a08702d7c8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|39eac8e31488ee18116c967a6e455188eb3396a176884f091113d3a08702d7c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/defer/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/animations` pulled from URL/Git: `dependencies.@angular/animations` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64443, "scanner": "repobility-supply-chain", "fingerprint": "0870f0668c573fdbc8c056ab25d9102177ac9162c216782b364c24587f450027", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0870f0668c573fdbc8c056ab25d9102177ac9162c216782b364c24587f450027"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/defer/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/core` pulled from URL/Git: `dependencies.@angular/core` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64442, "scanner": "repobility-supply-chain", "fingerprint": "7cf6430a8827f0724363efd38b2deb67e6ec4f0b92d116268347282be1c84bf9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7cf6430a8827f0724363efd38b2deb67e6ec4f0b92d116268347282be1c84bf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/no_ts_linker/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler-cli` pulled from URL/Git: `dependencies.@angular/compiler-cli` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64441, "scanner": "repobility-supply-chain", "fingerprint": "3a6887078d513f790535707d6b6dbbbe51ca7779bb3d90451fc004402b8e1e1d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3a6887078d513f790535707d6b6dbbbe51ca7779bb3d90451fc004402b8e1e1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/no_ts_linker/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler` pulled from URL/Git: `dependencies.@angular/compiler` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64440, "scanner": "repobility-supply-chain", "fingerprint": "4900b0f52082a9f50da712be55ef8695c47ff4dccc6ab6f6f83042e6de7a7bad", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4900b0f52082a9f50da712be55ef8695c47ff4dccc6ab6f6f83042e6de7a7bad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/no_ts_linker/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler-cli` pulled from URL/Git: `devDependencies.@angular/compiler-cli` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64439, "scanner": "repobility-supply-chain", "fingerprint": "a80e5ed9ef7b575872719ec416e0449b4c5b2963c0ccfef044ea8fa00baba92a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a80e5ed9ef7b575872719ec416e0449b4c5b2963c0ccfef044ea8fa00baba92a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/router` pulled from URL/Git: `dependencies.@angular/router` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64438, "scanner": "repobility-supply-chain", "fingerprint": "48859101562fcdacb1788d088323e7bbfac1096a70524654a47fd99f0bd120e2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48859101562fcdacb1788d088323e7bbfac1096a70524654a47fd99f0bd120e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/platform-browser` pulled from URL/Git: `dependencies.@angular/platform-browser` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64437, "scanner": "repobility-supply-chain", "fingerprint": "5ef7a2757a7883c927148d18d28b15ee13e1ffa5eceee84c829707f7f7d1b55e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ef7a2757a7883c927148d18d28b15ee13e1ffa5eceee84c829707f7f7d1b55e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/forms` pulled from URL/Git: `dependencies.@angular/forms` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64436, "scanner": "repobility-supply-chain", "fingerprint": "714763851f0c5ae6f382950b66064d9a2d817872003679260cdbb27cefb6aede", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|714763851f0c5ae6f382950b66064d9a2d817872003679260cdbb27cefb6aede"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/core` pulled from URL/Git: `dependencies.@angular/core` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64435, "scanner": "repobility-supply-chain", "fingerprint": "5e3b60e0183a1ad02a4adc215cd761eab88d2c4af160df3b1f6c8064018a1696", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5e3b60e0183a1ad02a4adc215cd761eab88d2c4af160df3b1f6c8064018a1696"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler` pulled from URL/Git: `dependencies.@angular/compiler` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64434, "scanner": "repobility-supply-chain", "fingerprint": "113bbdec39cc3a5facb7ae5c53c82140caf73ea1f682a99f45c5f4bfb1158634", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|113bbdec39cc3a5facb7ae5c53c82140caf73ea1f682a99f45c5f4bfb1158634"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/common` pulled from URL/Git: `dependencies.@angular/common` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64433, "scanner": "repobility-supply-chain", "fingerprint": "c8154fbf91ca63ca07722ee2994d7f9987195ae2f38463d6306a98f9063dbc00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c8154fbf91ca63ca07722ee2994d7f9987195ae2f38463d6306a98f9063dbc00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/animations` pulled from URL/Git: `dependencies.@angular/animations` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64432, "scanner": "repobility-supply-chain", "fingerprint": "230326ab0305c8636c6acca5fcf4587b1cc008a5bcb489828860c37598e1740d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|230326ab0305c8636c6acca5fcf4587b1cc008a5bcb489828860c37598e1740d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/trusted-types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler-cli` pulled from URL/Git: `devDependencies.@angular/compiler-cli` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64431, "scanner": "repobility-supply-chain", "fingerprint": "e4e81a60cdbb7cfd505855e0a1c247a45e7de1ccfc232c1676b527ae5a11ad00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e4e81a60cdbb7cfd505855e0a1c247a45e7de1ccfc232c1676b527ae5a11ad00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/router` pulled from URL/Git: `dependencies.@angular/router` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64430, "scanner": "repobility-supply-chain", "fingerprint": "42697257504588f9e22fbc9a57a1c6462af4ca9c85b7e41bd7816089f5e03a6f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|42697257504588f9e22fbc9a57a1c6462af4ca9c85b7e41bd7816089f5e03a6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/platform-server` pulled from URL/Git: `dependencies.@angular/platform-server` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64429, "scanner": "repobility-supply-chain", "fingerprint": "12d0106d07bdf00ebabd384a2412f0e852c70fdb49eb184aa4f8033e6690d2a2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|12d0106d07bdf00ebabd384a2412f0e852c70fdb49eb184aa4f8033e6690d2a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/platform-browser` pulled from URL/Git: `dependencies.@angular/platform-browser` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64428, "scanner": "repobility-supply-chain", "fingerprint": "d6e05f419f918620f822ed0c881a246f85f770910347bb5b32f75e5299ef2d2f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d6e05f419f918620f822ed0c881a246f85f770910347bb5b32f75e5299ef2d2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/forms` pulled from URL/Git: `dependencies.@angular/forms` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64427, "scanner": "repobility-supply-chain", "fingerprint": "25345d93e07062b6ed097e24f5dbb833ff78f90bce8ace576688e6b2e5474a00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25345d93e07062b6ed097e24f5dbb833ff78f90bce8ace576688e6b2e5474a00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/core` pulled from URL/Git: `dependencies.@angular/core` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64426, "scanner": "repobility-supply-chain", "fingerprint": "70866a2a7158d11716963e5e5f9f57ff6cc10acec841d015c64a7858d9ca8a3d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|70866a2a7158d11716963e5e5f9f57ff6cc10acec841d015c64a7858d9ca8a3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/compiler` pulled from URL/Git: `dependencies.@angular/compiler` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64425, "scanner": "repobility-supply-chain", "fingerprint": "b0512acc85810da0cf3e9d2414ad247b2414c387e16a6e6dc16976874f23c3d7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b0512acc85810da0cf3e9d2414ad247b2414c387e16a6e6dc16976874f23c3d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/common` pulled from URL/Git: `dependencies.@angular/common` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64424, "scanner": "repobility-supply-chain", "fingerprint": "e46c4a32f5a9ad2731172351b0e5eb6f544b5f57d0c2fac59eb62023bf2cdb52", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e46c4a32f5a9ad2731172351b0e5eb6f544b5f57d0c2fac59eb62023bf2cdb52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/animations` pulled from URL/Git: `dependencies.@angular/animations` = `link:./in-existing-linked-by-bazel` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64423, "scanner": "repobility-supply-chain", "fingerprint": "1621fffda2b554a58f5bcc795e597b6440ca195b228f171f223208f6beb1e6cc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1621fffda2b554a58f5bcc795e597b6440ca195b228f171f223208f6beb1e6cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integration/platform-server-zoneless/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `@angular/ng-dev` pulled from URL/Git: `devDependencies.@angular/ng-dev` = `https://github.com/angular/dev-infra-private-ng-dev-builds.git#9b87b795ac1eac0e33f8169f021ab20b57f09c40` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64422, "scanner": "repobility-supply-chain", "fingerprint": "4306cf096a32cc928da0dbdf9e5f94fb6071d64e5d1631ea7242f3dc99a7f2b4", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4306cf096a32cc928da0dbdf9e5f94fb6071d64e5d1631ea7242f3dc99a7f2b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `domino` pulled from URL/Git: `dependencies.domino` = `https://github.com/angular/domino.git#a9e9e17af7a54af8dde66f651bfde671c3a10444` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 64421, "scanner": "repobility-supply-chain", "fingerprint": "739b8412760bde84e80a41ee0b1b644a6f7d2b61835edd5225e3277eef46a649", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|739b8412760bde84e80a41ee0b1b644a6f7d2b61835edd5225e3277eef46a649"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC027", "level": "error", "message": {"text": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not configured. libxmljs in particular has had XXE CVEs."}, "properties": {"repobilityId": 64382, "scanner": "repobility-threat-engine", "fingerprint": "3e7ab3e3fafc0fabbb5ecd62acce820ee7060dd3cb13c463b3bb367eb1542116", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new XmlParser()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC027", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3e7ab3e3fafc0fabbb5ecd62acce820ee7060dd3cb13c463b3bb367eb1542116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/compiler/src/i18n/serializers/xtb.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 64381, "scanner": "repobility-threat-engine", "fingerprint": "7cf80518c448fa6067d004952b7b50765edfd76fbed7568f93cf22c0cb95cfc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7cf80518c448fa6067d004952b7b50765edfd76fbed7568f93cf22c0cb95cfc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/compiler/src/i18n/digest.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 64355, "scanner": "repobility-threat-engine", "fingerprint": "cc43cc9b4a3c625f6801967c73e11a2dcf58595eeba06f29501bbf98f20f2439", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map.delete(id);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cc43cc9b4a3c625f6801967c73e11a2dcf58595eeba06f29501bbf98f20f2439"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/services/search-history.service.ts"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 64354, "scanner": "repobility-threat-engine", "fingerprint": "a6fca513eef76966dc16d7c57af03077fb7caecffe08e83dd097dfe240537054", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "readStream.destroy();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a6fca513eef76966dc16d7c57af03077fb7caecffe08e83dd097dfe240537054"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/navigation/nav-items-gen.mts"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 64353, "scanner": "repobility-threat-engine", "fingerprint": "0205bd28bbe274c11cd9fc2d7bb3a56d3e26d64f8247fa57a5d0143312e5e04f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0205bd28bbe274c11cd9fc2d7bb3a56d3e26d64f8247fa57a5d0143312e5e04f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/examples/previews/index.mts"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 64351, "scanner": "repobility-threat-engine", "fingerprint": "de9a34adaaf4ae7b09ab822b6ff88c60aecaad46f6ebb4255145da00c552abcc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(this", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|de9a34adaaf4ae7b09ab822b6ff88c60aecaad46f6ebb4255145da00c552abcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/content/examples/form-validation/src/app/shared/forbidden-name.directive.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 64350, "scanner": "repobility-threat-engine", "fingerprint": "ca6a11fbf5c020a3deca95fdd723ae2c070160460bc0bb8727d5c1cd0b609ff4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(regexes", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ca6a11fbf5c020a3deca95fdd723ae2c070160460bc0bb8727d5c1cd0b609ff4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/regions/remove-eslint-comments.mts"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 64349, "scanner": "repobility-threat-engine", "fingerprint": "c9c3c592a452b84316930de99b1878da14a0a05f2082523cb000b6f00f8b86ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(jsDoclinkRegex", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9c3c592a452b84316930de99b1878da14a0a05f2082523cb000b6f00f8b86ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/transforms/jsdoc-transforms.mts"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED008", "level": "error", "message": {"text": "[MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let."}, "properties": {"repobilityId": 64331, "scanner": "repobility-threat-engine", "fingerprint": "76f53d743e293ee05857306d690f768ca0ae9467eab36161f1c7b75e6362edb1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "swift-force-unwrap", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["swift"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347916+00:00", "triaged_in_corpus": 15, "observations_count": 210453, "ai_coder_pattern_id": 157}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76f53d743e293ee05857306d690f768ca0ae9467eab36161f1c7b75e6362edb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/index.mts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED008", "level": "error", "message": {"text": "[MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let."}, "properties": {"repobilityId": 64330, "scanner": "repobility-threat-engine", "fingerprint": "a01510231adbb98d07761ae5eafc2afde8020c8198b86fefe5d7ab7b15c3e37f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "swift-force-unwrap", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["swift"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347916+00:00", "triaged_in_corpus": 15, "observations_count": 210453, "ai_coder_pattern_id": 157}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a01510231adbb98d07761ae5eafc2afde8020c8198b86fefe5d7ab7b15c3e37f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/highlight.mts"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED008", "level": "error", "message": {"text": "[MINED008] Swift Force Unwrap: optional! crashes on nil. Use guard let or if let."}, "properties": {"repobilityId": 64329, "scanner": "repobility-threat-engine", "fingerprint": "3e6ec30c631ad868d0f9fbf5abd752ade7d13d8a59767e9d723f2107cc5546ca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "swift-force-unwrap", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["swift"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347916+00:00", "triaged_in_corpus": 15, "observations_count": 210453, "ai_coder_pattern_id": 157}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e6ec30c631ad868d0f9fbf5abd752ade7d13d8a59767e9d723f2107cc5546ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/index.mts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 64327, "scanner": "repobility-threat-engine", "fingerprint": "0a58d362a6c7d79def628cffc5f67f179720d88c3cde7df04c69fc198517e0eb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a58d362a6c7d79def628cffc5f67f179720d88c3cde7df04c69fc198517e0eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/index.mts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 64326, "scanner": "repobility-threat-engine", "fingerprint": "b13740e59efc1c2a7ff77c6aa2e0679f387fa3de3b6b588e55d6aae1ba5d1faf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b13740e59efc1c2a7ff77c6aa2e0679f387fa3de3b6b588e55d6aae1ba5d1faf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-code/format/highlight.mts"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED002", "level": "error", "message": {"text": "[MINED002] Dart Null Bang: value! throws on null. Use ?. or null check."}, "properties": {"repobilityId": 64325, "scanner": "repobility-threat-engine", "fingerprint": "950625cccdebb43f1f53a0ec11e7fdfabf51f88938affe185bd4afe472085a9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "dart-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["dart"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347899+00:00", "triaged_in_corpus": 15, "observations_count": 1434931, "ai_coder_pattern_id": 167}, "scanner": "repobility-threat-engine", "correlation_key": "fp|950625cccdebb43f1f53a0ec11e7fdfabf51f88938affe185bd4afe472085a9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/index.mts"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 64319, "scanner": "repobility-threat-engine", "fingerprint": "53bd3322c929eb01acbfe687f35ff27e4b4ecd06c30e9e46e37f676de5c164d2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(s", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|53bd3322c929eb01acbfe687f35ff27e4b4ecd06c30e9e46e37f676de5c164d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/rendering/symbol-context.mts"}, "region": {"startLine": 43}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 64318, "scanner": "repobility-threat-engine", "fingerprint": "8f6d31f015c5813df096af1482ece3b51d385e143e1320854e6b7bf102d2c9b4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8f6d31f015c5813df096af1482ece3b51d385e143e1320854e6b7bf102d2c9b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/components/search-history/search-history.component.ts"}, "region": {"startLine": 102}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 64317, "scanner": "repobility-threat-engine", "fingerprint": "665dc491698bacc58364718bbcb1a7fb467cd90af6dd0d0e1ec84ac0086dfb28", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(g", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|665dc491698bacc58364718bbcb1a7fb467cd90af6dd0d0e1ec84ac0086dfb28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/components/search-dialog/search-dialog.component.ts"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 64303, "scanner": "repobility-threat-engine", "fingerprint": "3d343794ca3cea7c5490c4ee65cd21e877d488057adedc323b9f857cca7c6523", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3d343794ca3cea7c5490c4ee65cd21e877d488057adedc323b9f857cca7c6523"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-alert.mts"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 64302, "scanner": "repobility-threat-engine", "fingerprint": "c282991002077b079ad129beac8ab1ad981a6005ac710f3e4da57cb895693803", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c282991002077b079ad129beac8ab1ad981a6005ac710f3e4da57cb895693803"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/heading.mts"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED010", "level": "error", "message": {"text": "[MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dynamic."}, "properties": {"repobilityId": 64301, "scanner": "repobility-threat-engine", "fingerprint": "05bc6033dc76ee6d3835a57fb43848d550ffebdb02f2744b44fad3e0ce120be5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ruby-system-call", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["ruby"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347921+00:00", "triaged_in_corpus": 15, "observations_count": 189513, "ai_coder_pattern_id": 162}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05bc6033dc76ee6d3835a57fb43848d550ffebdb02f2744b44fad3e0ce120be5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/routes/generate-routes.mts"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 64299, "scanner": "repobility-threat-engine", "fingerprint": "efe3182dc73e0ca53535669c610b154aa75da4320f09280ee8cb61249c6c6afe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(src", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|efe3182dc73e0ca53535669c610b154aa75da4320f09280ee8cb61249c6c6afe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-alert.mts"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 64298, "scanner": "repobility-threat-engine", "fingerprint": "ca3d5f36e473d6028f7f8b5b855cf20e7b2d5f628857af5307d908f4e6c3f704", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(heading", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ca3d5f36e473d6028f7f8b5b855cf20e7b2d5f628857af5307d908f4e6c3f704"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/heading.mts"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 64297, "scanner": "repobility-threat-engine", "fingerprint": "0dec28ee65491f69ec26ca4142c544dd81df76a7ada82f754ab2760c838a88a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0dec28ee65491f69ec26ca4142c544dd81df76a7ada82f754ab2760c838a88a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/routes/generate-routes.mts"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 64291, "scanner": "repobility-threat-engine", "fingerprint": "40940a7685b4257a9dcc32c43be4ca0c0529a25a428b986fc342017f3a60d581", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((lvl) => `${lvl}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|40940a7685b4257a9dcc32c43be4ca0c0529a25a428b986fc342017f3a60d581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/shared/marked/extensions/docs-alert.mts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 64290, "scanner": "repobility-threat-engine", "fingerprint": "ebf20c567d3a239834b8b59bd8eee492f514792a68c2a96e5266d2eac2f05eee", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((member) => `${entry.name}.${member.name}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ebf20c567d3a239834b8b59bd8eee492f514792a68c2a96e5266d2eac2f05eee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/shared-docs/pipeline/api-gen/extraction/index.mts"}, "region": {"startLine": 124}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 64289, "scanner": "repobility-threat-engine", "fingerprint": "622004264d7a701ca36e37a0d6998b055e286daf7086498efa0387b04eb09d5f", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n            (heading) => `${item.path}#${heading.toLowerCase().replace(/\\s+/g, '-')}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|622004264d7a701ca36e37a0d6998b055e286daf7086498efa0387b04eb09d5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/scripts/routes/generate-routes.mts"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (LRM) in source: Line 60 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 64446, "scanner": "repobility-supply-chain", "fingerprint": "e0d841eb413362d0bfe1130203d843c1f5ed64faeca9b0f86ed8090245acf93e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 6 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|token", "duplicate_count": 6, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["30e5bf7fa21fbba6afe9783127f5eeae2d9b97b5707dc7112997d820390bef3a", "37294cc2895b72a8975521d7da455b2d2c5fee971ad3b7ca23c4e5ff046d15d4", "88c86b4c6bbd3288f9f7dac83357e88b36436b09cba8f61e1f1e27dd7e9a6d27", "b422f10e31ac729b557965f0654577066e45b705ce0c4fc00dda9c0a6da6871f", "e0d841eb413362d0bfe1130203d843c1f5ed64faeca9b0f86ed8090245acf93e", "f81cfca28ca2325268c3d77c82d0ee4dbf030f916373ed4a3c70c38f75ee3ae1", "ff590074aa2e20cc4c2ea2d1dbc873db96d8925c65001ad67efe6a26cb45bfbc"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/common/locales/closure-locale.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 64376, "scanner": "repobility-threat-engine", "fingerprint": "5c5712fb394136471b071e81268939ab1aab54e2ba85347916335be6ea5012e1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c5712fb394136471b071e81268939ab1aab54e2ba85347916335be6ea5012e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/schematics/utils/load_esm.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 64375, "scanner": "repobility-threat-engine", "fingerprint": "41185d93c6759055b8be058a1cd49b573d88f2e1722f8332da356cdf545de110", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|41185d93c6759055b8be058a1cd49b573d88f2e1722f8332da356cdf545de110"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/compiler/src/output/output_jit_trusted_types.ts"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 64374, "scanner": "repobility-threat-engine", "fingerprint": "6df119b7e81e1337cb18db4c1331066c39b44d248e2cf136d69e4e5abad853e1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6df119b7e81e1337cb18db4c1331066c39b44d248e2cf136d69e4e5abad853e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "modules/utilities/perf_util.ts"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 64373, "scanner": "repobility-threat-engine", "fingerprint": "d267a1619cac8ddb1197bfada3c28d70f7e78d0c232bfb3d6075ccb79b28f25c", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d267a1619cac8ddb1197bfada3c28d70f7e78d0c232bfb3d6075ccb79b28f25c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "devtools/projects/shell-browser/src/app/chrome-application-operations.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 64367, "scanner": "repobility-threat-engine", "fingerprint": "95546873f5fbd4fdfd11bacbbaafaa20253b03a083303fd842184faad17c20f3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|95546873f5fbd4fdfd11bacbbaafaa20253b03a083303fd842184faad17c20f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adev/src/app/editor/code-editor/utils/component-ts-syntax.ts"}, "region": {"startLine": 33}}}]}]}]}