← Back to scan
File as GitHub Issue repo: RatLoopz/sahidawa-india

Push this scan report to RatLoopz/sahidawa-india

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

`self._fetch_openfda` used but never assigned in __init__

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED108 [MINED108] `self._extract_strength_from_ingredients` used but never assigned in __init__:… apps/ml/scrapers/commercial_mrp.py:304
HIGH MINED108 [MINED108] `self._lookup_mrp` used but never assigned in __init__: Method `_parse_openfda… apps/ml/scrapers/commercial_mrp.py:309
HIGH MINED108 [MINED108] `self._parse_openfda_response` used but never assigned in __init__: Method `_f… apps/ml/scrapers/commercial_mrp.py:258
HIGH MINED108 [MINED108] `self._sleep` used but never assigned in __init__: Method `scrape` of class `C… apps/ml/scrapers/commercial_mrp.py:225
HIGH MINED108 [MINED108] `self._fetch_openfda` used but never assigned in __init__: Method `scrape` of … apps/ml/scrapers/commercial_mrp.py:219
HIGH MINED108 [MINED108] `self._save_csv` used but never assigned in __init__: Method `scrape` of class… apps/ml/scrapers/commercial_mrp.py:237
HIGH MINED108 [MINED108] `self.close` used but never assigned in __init__: Method `finalize` of class `… apps/ml/routers/asr.py:712
HIGH MINED108 [MINED108] `self._run_transcription` used but never assigned in __init__: Method `finaliz… apps/ml/routers/asr.py:710
HIGH MINED108 [MINED108] `self._append_audio` used but never assigned in __init__: Method `finalize` of… apps/ml/routers/asr.py:708
HIGH MINED108 [MINED108] `self._run_transcription` used but never assigned in __init__: Method `append_… apps/ml/routers/asr.py:692
HIGH MINED108 [MINED108] `self._append_audio` used but never assigned in __init__: Method `append_and_m… apps/ml/routers/asr.py:675
HIGH MINED108 [MINED108] `self._get_decoder` used but never assigned in __init__: Method `append_and_ma… apps/ml/routers/asr.py:673
HIGH MINED108 [MINED108] `self._build_response` used but never assigned in __init__: Method `_run_trans… apps/ml/routers/asr.py:656
HIGH MINED108 [MINED108] `self._trim_audio_buffer` used but never assigned in __init__: Method `_run_tr… apps/ml/routers/asr.py:655
HIGH MINED108 [MINED108] `self._build_response` used but never assigned in __init__: Method `_run_trans… apps/ml/routers/asr.py:601
HIGH MINED108 [MINED108] `self._trim_audio_buffer` used but never assigned in __init__: Method `_append… apps/ml/routers/asr.py:569
HIGH MINED108 [MINED108] `self._wait_for_process_exit` used but never assigned in __init__: Method `clo… apps/ml/routers/asr.py:517
HIGH MINED108 [MINED108] `self.take_audio` used but never assigned in __init__: Method `finish` of clas… apps/ml/routers/asr.py:513
HIGH MINED108 [MINED108] `self._wait_for_process_exit` used but never assigned in __init__: Method `fin… apps/ml/routers/asr.py:511
HIGH MINED108 [MINED108] `self._decoder_error` used but never assigned in __init__: Method `push` of cl… apps/ml/routers/asr.py:464
HIGH MINED108 [MINED108] `self._decoder_error` used but never assigned in __init__: Method `push` of cl… apps/ml/routers/asr.py:458
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… apps/web/scripts/voice-a11y-audit.mjs:120
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… apps/ml/services/router_loader.py:19
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… apps/ml/services/telemetry.py:35
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… apps/ml/routers/verify.py:73
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). apps/ml/routers/tts.py:98
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). apps/etl/src/scrapers/commercial_medici…:138
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … apps/etl/src/validators/cdsco_validator…:176
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … apps/api/src/services/notifications.ts:106
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … apps/api/src/services/lasa.service.ts:44
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… apps/ml/routers/analyze.py:128
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… apps/api/src/routes/ml.ts:21
HIGH SEC135 [SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint g… apps/api/src/routes/alerts.ts:94
HIGH COMP001 [COMP001] High cognitive complexity: Function `run` has cognitive complexity 36 (SonarSou… apps/etl/run_all.py:55
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/devtrack.yml:34
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/auto-assign.yml:30
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/welcome-onboarding.yml:24
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/welcome-onboarding.yml:20
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/close-conflicting-prs…:17
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/labeler.yml:59
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/labeler.yml:30
HIGH MINED115 [MINED115] Action `actions/labeler` pinned to mutable ref `@v6`: `uses: actions/labeler@v… .github/workflows/labeler.yml:20
HIGH MINED115 [MINED115] Action `release-drafter/release-drafter` pinned to mutable ref `@v7`: `uses: r… .github/workflows/release-drafter.yml:19
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/detect-duplicate-issu…:23
HIGH MINED115 [MINED115] Action `actions/stale` pinned to mutable ref `@v10`: `uses: actions/stale@v10`… .github/workflows/close-stale.yml:17
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/anti-ping-spam.yml:23
HIGH MINED115 [MINED115] Action `peakoss/anti-slop` pinned to mutable ref `@v0`: `uses: peakoss/anti-sl… .github/workflows/pr-quality-check.yml:26
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/enforce-assignment.yml:17
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/label-guard.yml:21
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/issue-opened-autoflow…:36
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setu… .github/workflows/test.yml:43
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/test.yml:40
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-… .github/workflows/test.yml:21
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/test.yml:18
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v9`: `uses: actions/git… .github/workflows/auto-unassign.yml:19
HIGH MINED115 [MINED115] Action `github/codeql-action/analyze` pinned to mutable ref `@v4`: `uses: gith… .github/workflows/codeql.yml:39
HIGH MINED115 [MINED115] Action `github/codeql-action/autobuild` pinned to mutable ref `@v4`: `uses: gi… .github/workflows/codeql.yml:36
HIGH MINED115 [MINED115] Action `github/codeql-action/init` pinned to mutable ref `@v4`: `uses: github/… .github/workflows/codeql.yml:31
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout… .github/workflows/codeql.yml:28
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/api/Dockerfile:39
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/api/Dockerfile:4
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-sli… apps/ml/Dockerfile:25
HIGH MINED118 [MINED118] Dockerfile FROM `python:3.12-slim` not pinned by digest: `FROM python:3.12-sli… apps/ml/Dockerfile:4
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/web/Dockerfile:41
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/web/Dockerfile:4
HIGH DKC011 Database service publishes a host port docker-compose.yml:65
HIGH JRN009 Secret-like setting is echoed into a password input value apps/web/app/[locale]/login/page.tsx:188
HIGH MINED113 [MINED113] Express POST /check has no auth: Express route POST /check declared without an… apps/api/src/routes/lasa.ts:14
HIGH MINED113 [MINED113] Express POST / has no auth: Express route POST / declared without an auth midd… apps/api/src/routes/verify.ts:134
HIGH MINED113 [MINED113] Express POST /report has no auth: Express route POST /report declared without … apps/api/src/routes/batch.ts:307
HIGH MINED113 [MINED113] Express POST /verify-brand has no auth: Express route POST /verify-brand decla… apps/api/src/routes/scan.ts:720
HIGH MINED113 [MINED113] Express POST /match has no auth: Express route POST /match declared without an… apps/api/src/routes/scan.ts:649
HIGH MINED113 [MINED113] Express POST /extract has no auth: Express route POST /extract declared withou… apps/api/src/routes/scan.ts:203
HIGH MINED113 [MINED113] Express POST /analyze has no auth: Express route POST /analyze declared withou… apps/api/src/routes/ml.ts:21
HIGH MINED113 [MINED113] Express POST / has no auth: Express route POST / declared without an auth midd… apps/api/src/routes/pharmacies.ts:85
HIGH MINED113 [MINED113] Express POST /medicines has no auth: Express route POST /medicines declared wi… apps/api/src/routes/admin.routes.ts:18
HIGH MINED113 [MINED113] Express PATCH /reports/:id/status has no auth: Express route PATCH /reports/:i… apps/api/src/routes/admin.routes.ts:16
HIGH MINED112 [MINED112] FastAPI POST /generate has no auth: Handler `generate_tts` is registered with … apps/ml/routers/tts.py:199
HIGH MINED112 [MINED112] FastAPI POST /transcribe has no auth: Handler `transcribe_audio` is registered… apps/ml/routers/asr.py:723
HIGH MINED112 [MINED112] FastAPI POST /batch has no auth: Handler `verify_batch` is registered with rou… apps/ml/routers/verify.py:40
HIGH MINED112 [MINED112] FastAPI POST /match has no auth: Handler `match_medicine` is registered with r… apps/ml/routers/ocr.py:72
HIGH MINED112 [MINED112] FastAPI POST /extract has no auth: Handler `extract_text` is registered with r… apps/ml/routers/ocr.py:17
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `analyze_image` is registered… apps/ml/routers/analyze.py:129
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/etl/src/scrapers/jan_aushadhi.py:153
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/ml/scrapers/commercial_mrp.py:321
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/ml/services/telemetry.py:94
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/ml/routers/verify.py:18
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/linkedin_shoutout.py:285
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/linkedin_shoutout.py:206
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. src/services/advanced_cache_manager.py:99
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… ml_model_dev_pipeline/fine_tune_cloud.py:4
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … scripts/check-migrations.js:100
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… apps/web/app/components/Map.tsx:249
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. apps/web/components/ServiceWorkerProvid…:29
MED ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. apps/web/app/[locale]/layout.tsx:99
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… apps/ml/services/telemetry.py:35
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… apps/ml/routers/verify.py:73
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED JRN002 Browser storage is used for session token material apps/web/src/components/AuthSync.tsx:33
MED JRN002 Browser storage is used for session token material apps/web/src/components/AuthSync.tsx:22
MED JRN002 Browser storage is used for session token material apps/web/components/alerts/RecallPushSu…:63
MED JRN002 Browser storage is used for session token material apps/web/app/[locale]/reports/me/page.t…:46
MED JRN002 Browser storage is used for session token material apps/web/app/[locale]/profile/page.tsx:95
MED JRN002 Browser storage is used for session token material apps/web/app/[locale]/admin/dashboard/p…:68
MED JRN002 Browser storage is used for session token material apps/web/app/[locale]/admin/analytics/p…:54
MED AGT007 localStorage write failures are swallowed silently apps/web/src/components/MedicineSearchS…:52
MED AGT007 localStorage write failures are swallowed silently apps/web/app/[locale]/voice/page.tsx:1223
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore apps/web/Dockerfile:32
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore apps/web/Dockerfile:21
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore apps/ml/Dockerfile:51
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore apps/api/Dockerfile:31
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore apps/api/Dockerfile:20
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/routes/batch.ts:136
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/routes/batch.ts:119
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:209
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:205
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:204
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:203
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:202
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:201
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:200
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:199
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:198
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:197
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:196
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:138
MED JRN003 Frontend API reference is not matched by discovered backend routes apps/api/src/app.ts:131
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 41.7% of discovered …
MED DKC013 Database service has no persistent data volume docker-compose.yml:65
MED AGT012 Agent control bridge may listen on a network interface without visible auth apps/etl/src/scrapers/jan_aushadhi.py:33
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/web/app/api/voice/tts/route.ts:22
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/web/app/api/voice/transcribe/route…:20
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/web/app/api/upload/route.ts:6
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/web/app/api/chat/route.ts:145
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/web/app/api/overpass/route.ts:11
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/api/src/routes/scan.ts:203
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/api/src/routes/notifications.ts:51
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … apps/api/src/app.ts:91
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/reports.ts:137
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/reports.ts:109
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/admin.routes.ts:19
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/admin.routes.ts:18
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/admin.routes.ts:17
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/admin.routes.ts:16
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/admin.routes.ts:15
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/notifications.ts:70
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/routes/notifications.ts:66
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… apps/api/src/app.ts:140
LOW COMP001 [COMP001] High cognitive complexity: Function `_infer_form_from_name` has cognitive compl… apps/etl/src/scrapers/jan_aushadhi.py:263
LOW COMP001 [COMP001] High cognitive complexity: Function `_infer_dosage_form` has cognitive complexi… apps/etl/src/scrapers/commercial_medici…:119
LOW AIC003 Duplicated implementation block across source files src/services/user_notifications_8.py:29
LOW AIC003 Duplicated implementation block across source files src/services/user_notifications_8.py:4
LOW AIC003 Duplicated implementation block across source files src/services/user_notifications.py:29
LOW AIC003 Duplicated implementation block across source files src/services/user_notifications.py:4
LOW AIC003 Duplicated implementation block across source files src/services/user_auth_dashboard.py:29
LOW AIC003 Duplicated implementation block across source files src/services/user_auth_dashboard.py:4
LOW AIC003 Duplicated implementation block across source files src/services/distributed_lock_manager_5…:4
LOW AIC003 Duplicated implementation block across source files src/services/distributed_lock_manager_4…:4
LOW AIC003 Duplicated implementation block across source files src/services/distributed_lock_manager.py:4
LOW AIC003 Duplicated implementation block across source files apps/web/src/utils/medicineParser.ts:56
LOW AIC003 Duplicated implementation block across source files apps/web/public/workers/imageEnhancer.w…:5
LOW AIC003 Duplicated implementation block across source files apps/web/app/api/voice/tts/route.ts:7
LOW AIC003 Duplicated implementation block across source files apps/web/app/api/overpass/route.ts:25
LOW AIC003 Duplicated implementation block across source files apps/web/app/[locale]/page.tsx:27
LOW AIC003 Duplicated implementation block across source files apps/api/src/routes/verify.ts:67
LOW DKC015 Database service has no healthcheck docker-compose.yml:65
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKC016 App service does not wait for database health docker-compose.yml:28
LOW WEB008 Public docs site has no llms.txt llms.txt
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:53
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:28
LOW DKC010 Compose service lacks no-new-privileges hardening docker-compose.yml:1
LOW DKC006 Compose service does not declare a runtime user docker-compose.yml:53
LOW WEB011 Public web app has no humans.txt humans.txt
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… nginx/nginx.conf:60
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… docker-compose.yml:47
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… apps/web/app/[locale]/layout.tsx:91
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… apps/web/app/[locale]/map/loading.tsx:65
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… apps/web/app/[locale]/faq/page.tsx:47
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… apps/web/app/[locale]/components/Chatbo…:146
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… ml_model_dev_pipeline/fine_tune_cloud.py:5
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… apps/ml/services/telemetry.py:36
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… apps/ml/routers/verify.py:74
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… apps/ml/agent/cdsco_alert_agent.py:37
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… apps/etl/src/scrapers/commercial_medici…:36
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… apps/etl/src/scrapers/cdsco.py:57
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… apps/etl/run_all.py:29
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. apps/web/app/components/Map.tsx:12
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. apps/web/app/[locale]/layout.tsx:80
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. apps/api/src/validators/medicine.valida…:15
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. apps/web/app/[locale]/components/Chatbo…:95
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. apps/api/src/services/lasa.service.ts:88
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. apps/api/src/controllers/admin.controll…:198
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … apps/web/app/[locale]/layout.tsx:94
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … apps/api/src/routes/notifications.ts:40
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … apps/api/src/controllers/admin.controll…:80
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … .github/scripts/score-impact.mjs:163
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … .github/scripts/manage-labels.mjs:39
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … .github/scripts/generate-doc.mjs:33
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `RatLoopz/sahidawa-india`

**Score: 73/100 (A)**  ·  221 findings  ·  scanned 2026-06-05 16:47 UTC  ·  43,057 LOC

| Severity | Count |
|---|---|
| CRITICAL | 11 |
| HIGH | 88 |
| MEDIUM | 66 |
| LOW | 26 |

📊 [Full filterable report](https://repobility.com/scan/4c48c577-63cb-4638-9527-779d7e52f1c2/)  ·  ![scorecard](https://repobility.com/scan/4c48c577-63cb-4638-9527-779d7e52f1c2/report.png?v=1780678023-s2)

### Top findings

1. **HIGH** `MINED108` — `self._extract_strength_from_ingredients` used but never assigned in __init__
   `apps/ml/scrapers/commercial_mrp.py:304` · ✓ Repobility
2. **HIGH** `MINED108` — `self._lookup_mrp` used but never assigned in __init__
   `apps/ml/scrapers/commercial_mrp.py:309` · ✓ Repobility
3. **HIGH** `MINED108` — `self._parse_openfda_response` used but never assigned in __init__
   `apps/ml/scrapers/commercial_mrp.py:258` · ✓ Repobility
4. **HIGH** `MINED108` — `self._sleep` used but never assigned in __init__
   `apps/ml/scrapers/commercial_mrp.py:225` · ✓ Repobility
5. **HIGH** `MINED108` — `self._fetch_openfda` used but never assigned in __init__
   `apps/ml/scrapers/commercial_mrp.py:219` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/4c48c577-63cb-4638-9527-779d7e52f1c2/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 16 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'RatLoopz/sahidawa-india' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.