{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB012", "name": "Service worker is present without a web app manifest", "shortDescription": {"text": "Service worker is present without a web app manifest"}, "fullDescription": {"text": "Add a valid manifest.json or site.webmanifest and reference it from the document head. Include name, icons, start_url, display, and theme colors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 34 more): Same pattern found in 34 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 57 more): Same pattern found in 57 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC049", "name": "[SEC049] GCP API key: Google Cloud API key (AIza prefix). Ported from gitleaks gcp-api-key (MIT).", "shortDescription": {"text": "[SEC049] GCP API key: Google Cloud API key (AIza prefix). Ported from gitleaks gcp-api-key (MIT)."}, "fullDescription": {"text": "Restrict the key in Cloud Console (HTTP referrers / IP whitelist) and rotate. Move to Secret Manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "secret", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/770"}, "properties": {"repository": "mui/material-ui", "repoUrl": "https://github.com/mui/material-ui", "branch": "master"}, "results": [{"ruleId": "WEB012", "level": "warning", "message": {"text": "Service worker is present without a web app manifest"}, "properties": {"repobilityId": 64586, "scanner": "repobility-web-presence", "fingerprint": "fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A service worker was discovered but no common web manifest file was found.", "evidence": {"rule_id": "WEB012", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/Manifest"], "correlation_key": "fp|fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manifest.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 64585, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 64584, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 64579, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 64547, "scanner": "repobility-threat-engine", "fingerprint": "d0ec35efdc58f6eeb45d9665c0e2075dfccd3bc8ddf816fb19a5a87e5a9ea0b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d0ec35efdc58f6eeb45d9665c0e2075dfccd3bc8ddf816fb19a5a87e5a9ea0b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/textarea-autosize/MaxHeightTextarea.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 64546, "scanner": "repobility-threat-engine", "fingerprint": "a491dfd92249f27df8de2477f254aa20e5da5f33700dcdf7077c827db812a9b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a491dfd92249f27df8de2477f254aa20e5da5f33700dcdf7077c827db812a9b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/textarea-autosize/MaxHeightTextarea.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 64583, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 64582, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 64581, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 64580, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64578, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d92d00aa6257868a0921d4f49a77e4ccd579326977763f4c3a7b6d110902f40", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/backdrop-props/test-cases/actual.js", "duplicate_line": 3, "correlation_key": "fp|0d92d00aa6257868a0921d4f49a77e4ccd579326977763f4c3a7b6d110902f40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/backdrop-props/test-cases/package.actual.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64577, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71ce986b5cff3199852e42182c4a69864c444ee38962f31342b465430d51cfc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/avatar-props/test-cases/expected.js", "duplicate_line": 3, "correlation_key": "fp|71ce986b5cff3199852e42182c4a69864c444ee38962f31342b465430d51cfc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/avatar-props/test-cases/package.expected.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64576, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4cc296b40b8eb38ed2fd8ee5bec81b0552509b6629f1d16a32b7ba47b0d6b5ab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/avatar-props/test-cases/actual.js", "duplicate_line": 3, "correlation_key": "fp|4cc296b40b8eb38ed2fd8ee5bec81b0552509b6629f1d16a32b7ba47b0d6b5ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/avatar-props/test-cases/package.actual.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64575, "scanner": "repobility-ai-code-hygiene", "fingerprint": "881c46c6c395d220911c1e183789ca4d4de6e0b879faf4702e04d170f918e195", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/avatar-group-props/test-cases/expected.js", "duplicate_line": 3, "correlation_key": "fp|881c46c6c395d220911c1e183789ca4d4de6e0b879faf4702e04d170f918e195"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/avatar-group-props/test-cases/package.expected.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64574, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b920df22f0376d8a3790259df47dc67392282f75cd1cff7a7bbc0db939b4e86f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/avatar-group-props/test-cases/actual.js", "duplicate_line": 3, "correlation_key": "fp|b920df22f0376d8a3790259df47dc67392282f75cd1cff7a7bbc0db939b4e86f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/avatar-group-props/test-cases/package.actual.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64573, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3c16d9907e68bb40d5b0e7965fa3da61d3f420c5f3f323cd61b5c0806dc662e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/render-input.actual.js", "duplicate_line": 75, "correlation_key": "fp|a3c16d9907e68bb40d5b0e7965fa3da61d3f420c5f3f323cd61b5c0806dc662e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/render-input.expected.js"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64572, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58a5a5abacca91269f36b92e1aa3656f37320909035025d3ec8c06befcfcc99c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/render-input-package.expected.js", "duplicate_line": 4, "correlation_key": "fp|58a5a5abacca91269f36b92e1aa3656f37320909035025d3ec8c06befcfcc99c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/render-input.expected.js"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64571, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eefd5100820a0fe47b82fa733b63d52c4d38d7fff48b8535be8c6a604a99b29d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/render-input-package.actual.js", "duplicate_line": 22, "correlation_key": "fp|eefd5100820a0fe47b82fa733b63d52c4d38d7fff48b8535be8c6a604a99b29d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/render-input-package.expected.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64570, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ad20a71066d693e57495b355e86e50ca1a938c1452c5ded41f1e84d5d65dda20", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/package.actual.js", "duplicate_line": 50, "correlation_key": "fp|ad20a71066d693e57495b355e86e50ca1a938c1452c5ded41f1e84d5d65dda20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/package.expected.js"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64569, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f7867595979dcf9fbdbde605f2b1a78f4e59705c32730003f8d1ac8e0f8799d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/actual.js", "duplicate_line": 47, "correlation_key": "fp|4f7867595979dcf9fbdbde605f2b1a78f4e59705c32730003f8d1ac8e0f8799d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/package.expected.js"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64568, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f5a231cd5ece515e5936f318eda58a3a60536db8ea00cfc71dd1b470ce3a887", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/expected.js", "duplicate_line": 5, "correlation_key": "fp|4f5a231cd5ece515e5936f318eda58a3a60536db8ea00cfc71dd1b470ce3a887"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/package.expected.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64567, "scanner": "repobility-ai-code-hygiene", "fingerprint": "322ce9ab8a9815fad8b1123eee5059c43ee40e786f53dec5f32372e4a24d4ce7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/actual.js", "duplicate_line": 5, "correlation_key": "fp|322ce9ab8a9815fad8b1123eee5059c43ee40e786f53dec5f32372e4a24d4ce7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/package.actual.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64566, "scanner": "repobility-ai-code-hygiene", "fingerprint": "79a51cecd3859fe244edee2e372ad68dae0f4590289dcc41acb4cbac7cb7d2bd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/actual.js", "duplicate_line": 47, "correlation_key": "fp|79a51cecd3859fe244edee2e372ad68dae0f4590289dcc41acb4cbac7cb7d2bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/autocomplete-props/test-cases/expected.js"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64565, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b5a2135e57a61ae0cb725efd67adfe7c263a8220ea6ac583cd7907b32d1a3ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/alert-props/test-cases/expected.js", "duplicate_line": 2, "correlation_key": "fp|2b5a2135e57a61ae0cb725efd67adfe7c263a8220ea6ac583cd7907b32d1a3ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/alert-props/test-cases/package.expected.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64564, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7690d11d09e943c6b6baefbc379fa1b06dc89129c87310642a4348c9687f1d59", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/alert-props/test-cases/actual.js", "duplicate_line": 2, "correlation_key": "fp|7690d11d09e943c6b6baefbc379fa1b06dc89129c87310642a4348c9687f1d59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/alert-props/test-cases/package.actual.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64563, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc4a12612840ee4524ad773da21a114b08c80a2e64ed4564f2d4d7903cce028c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/alert-classes/test-cases/expected.js", "duplicate_line": 2, "correlation_key": "fp|bc4a12612840ee4524ad773da21a114b08c80a2e64ed4564f2d4d7903cce028c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/alert-classes/test-cases/package.expected.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64562, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2cfda331e887bfae537155cda6ff7fa7da4dd44d75fefd98566765c83560f3ea", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/alert-classes/test-cases/actual.js", "duplicate_line": 2, "correlation_key": "fp|2cfda331e887bfae537155cda6ff7fa7da4dd44d75fefd98566765c83560f3ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/alert-classes/test-cases/package.actual.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64561, "scanner": "repobility-ai-code-hygiene", "fingerprint": "12763704d225b38ac2fa9c5d42d385212b9a13407bcc192034f2f2fb741cff54", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/accordion-summary-classes/test-cases/expected.js", "duplicate_line": 2, "correlation_key": "fp|12763704d225b38ac2fa9c5d42d385212b9a13407bcc192034f2f2fb741cff54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/accordion-summary-classes/test-cases/package.expected.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20e84a69a72fd007673137aff622177eb6de005b019060818e99f6c901b1caed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/accordion-summary-classes/test-cases/actual.js", "duplicate_line": 2, "correlation_key": "fp|20e84a69a72fd007673137aff622177eb6de005b019060818e99f6c901b1caed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/accordion-summary-classes/test-cases/package.actual.js"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "182aad5926a20516e0d4aba89e2595bb30dae1602b064f6bbb3e4b14c2119935", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/mui-codemod/src/deprecations/accordion-props/test-cases/expected.js", "duplicate_line": 3, "correlation_key": "fp|182aad5926a20516e0d4aba89e2595bb30dae1602b064f6bbb3e4b14c2119935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mui-codemod/src/deprecations/accordion-props/test-cases/package.expected.js"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64558, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9651e4cf77e7e06d29c6ceab4a1fbeb848db59e8b2b6f617e24b6d45fcb34b7c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/api-docs-builder/src/utils/getPropsFromComponentNode.ts", "duplicate_line": 1, "correlation_key": "fp|9651e4cf77e7e06d29c6ceab4a1fbeb848db59e8b2b6f617e24b6d45fcb34b7c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/docs-utils/src/getPropsFromComponentNode.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64557, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fbbb5bdac78d916396524c146ac44c4e880ca4a8991262450eb60834767c013", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/api-docs-builder/src/utils/createTypeScriptProject.ts", "duplicate_line": 1, "correlation_key": "fp|7fbbb5bdac78d916396524c146ac44c4e880ca4a8991262450eb60834767c013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/docs-utils/src/createTypeScriptProject.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64556, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd870000027f70049a4ba734758d72d09d5df5da5999567defd6f9f008c23fd1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/core-docs/src/AppLayout/components/Highlighter.tsx", "duplicate_line": 21, "correlation_key": "fp|bd870000027f70049a4ba734758d72d09d5df5da5999567defd6f9f008c23fd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/core-docs/src/AppLayout/components/More.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64555, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a0d4a01d63f6fea7d02a4c76f04c1a93a29899dbd67e9adb555b229d840e5646", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/core-docs/src/ApiPage/list/PropertiesList.tsx", "duplicate_line": 230, "correlation_key": "fp|a0d4a01d63f6fea7d02a4c76f04c1a93a29899dbd67e9adb555b229d840e5646"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/core-docs/src/ApiPage/table/PropertiesTable.tsx"}, "region": {"startLine": 270}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64554, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d9075b948fb7b1262198a71b0a0f4698aa2c1e0e67930150632a3dd4ea5202e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/core-docs/src/ApiPage/list/ClassesList.tsx", "duplicate_line": 78, "correlation_key": "fp|3d9075b948fb7b1262198a71b0a0f4698aa2c1e0e67930150632a3dd4ea5202e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/core-docs/src/ApiPage/table/PropertiesTable.tsx"}, "region": {"startLine": 227}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64553, "scanner": "repobility-ai-code-hygiene", "fingerprint": "33414b054bd403e907cdf7b83ed77b5a78638f7921ca110a040f22e21b3533ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/core-docs/src/ApiPage/list/ClassesList.tsx", "duplicate_line": 79, "correlation_key": "fp|33414b054bd403e907cdf7b83ed77b5a78638f7921ca110a040f22e21b3533ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/core-docs/src/ApiPage/table/ClassesTable.tsx"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64552, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dfbfe41b60063e6ef1e9bcca9d5ae7dfbccfb92f6f96d62a83fe8b6c9eb4be41", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/core-docs/src/ApiPage/list/ClassesList.tsx", "duplicate_line": 79, "correlation_key": "fp|dfbfe41b60063e6ef1e9bcca9d5ae7dfbccfb92f6f96d62a83fe8b6c9eb4be41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/core-docs/src/ApiPage/list/PropertiesList.tsx"}, "region": {"startLine": 255}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64551, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b4b233c1911ff06ec5ea2aa9ade233515a374a5a0f89a3ed185431cb443a1a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/core-docs/src/ApiPage/ApiPage.tsx", "duplicate_line": 146, "correlation_key": "fp|3b4b233c1911ff06ec5ea2aa9ade233515a374a5a0f89a3ed185431cb443a1a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/core-docs/src/ApiPage/ComponentsApiContent.tsx"}, "region": {"startLine": 92}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64550, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbe5b10b125f43ee18c3069044e9dd3222a0d13145bdfe13073fa1c224abac51", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/api-docs-builder/src/utils/generatePropDescription.ts", "duplicate_line": 50, "correlation_key": "fp|cbe5b10b125f43ee18c3069044e9dd3222a0d13145bdfe13073fa1c224abac51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/api-docs-builder/src/utils/generatePropTypeDescription.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 64549, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d6493cb8a0098fc0e31e53e0cd73c04cc26b9432570069d43abee096346af8c7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages-internal/api-docs-builder/src/ApiBuilders/ComponentApiBuilder.ts", "duplicate_line": 57, "correlation_key": "fp|d6493cb8a0098fc0e31e53e0cd73c04cc26b9432570069d43abee096346af8c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages-internal/api-docs-builder/src/ApiBuilders/HookApiBuilder.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 64548, "scanner": "repobility-threat-engine", "fingerprint": "9f93d08a8d8b927bf54e780aa0698b389ddba841e54d68bffe69c1b23661ee55", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f93d08a8d8b927bf54e780aa0698b389ddba841e54d68bffe69c1b23661ee55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/pages/index.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 64545, "scanner": "repobility-threat-engine", "fingerprint": "410f90b276e1b63c3007f78e55f98ea459a9e77cbd9015c3f03211da3128697a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|410f90b276e1b63c3007f78e55f98ea459a9e77cbd9015c3f03211da3128697a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/text-fields/SelectTextFields.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 64544, "scanner": "repobility-threat-engine", "fingerprint": "85086e78009bb3c7cec1c2ef5c676726efdcf31d303cae36ee17d926dde24a25", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|85086e78009bb3c7cec1c2ef5c676726efdcf31d303cae36ee17d926dde24a25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/text-fields/SelectTextFields.js"}, "region": {"startLine": 20}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 64543, "scanner": "repobility-threat-engine", "fingerprint": "7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|7a4b0f5540cad034a1707c0e9f6ef94d621d463e55602684599877ea4071a670"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 64539, "scanner": "repobility-threat-engine", "fingerprint": "deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|deede2eb215d875636a96303401dd81bf1c025789980c14394da92c4eaa2dcca", "aggregated_count": 1}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 64538, "scanner": "repobility-threat-engine", "fingerprint": "816dbe80c3c7d27c623b38b585955382f9a6037e1b01eea1a4d521ee41f66653", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|816dbe80c3c7d27c623b38b585955382f9a6037e1b01eea1a4d521ee41f66653"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/getting-started/templates/crud-dashboard/components/DashboardSidebarPageItem.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 64537, "scanner": "repobility-threat-engine", "fingerprint": "c888af37823516ca3ef817fcf7254fd4bb2ac6f4d539614271690a9e9dec77c1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c888af37823516ca3ef817fcf7254fd4bb2ac6f4d539614271690a9e9dec77c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/checkboxes/CustomizedCheckbox.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 64536, "scanner": "repobility-threat-engine", "fingerprint": "36ea65626a98946a7dcb4ad0fc8182ad277a427982f1a94f8bd3bb208d7aef39", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36ea65626a98946a7dcb4ad0fc8182ad277a427982f1a94f8bd3bb208d7aef39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/checkboxes/CustomizedCheckbox.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 34 more): Same pattern found in 34 additional files. Review if needed."}, "properties": {"repobilityId": 64535, "scanner": "repobility-threat-engine", "fingerprint": "99618db61bfa174777786564587e6ffbd7a6065eec577cae95271e5fe437835e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 34 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|99618db61bfa174777786564587e6ffbd7a6065eec577cae95271e5fe437835e", "aggregated_count": 34}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 64534, "scanner": "repobility-threat-engine", "fingerprint": "cdf12427e85e9b1dbc40c841c16e039043da849b7c7d3042d68587f2e3b116e9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cdf12427e85e9b1dbc40c841c16e039043da849b7c7d3042d68587f2e3b116e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/breadcrumbs/BasicBreadcrumbs.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 64533, "scanner": "repobility-threat-engine", "fingerprint": "50ded5a19706c86ffe6ef260ff47826c3d80ecbf18c252ab921c3aca6e8bfa3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|50ded5a19706c86ffe6ef260ff47826c3d80ecbf18c252ab921c3aca6e8bfa3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/breadcrumbs/ActiveLastBreadcrumb.tsx"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 64532, "scanner": "repobility-threat-engine", "fingerprint": "36b944d302e9f093cd50247c106cd0397300c43e5a9768a23bb9bd2f6cb68a62", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36b944d302e9f093cd50247c106cd0397300c43e5a9768a23bb9bd2f6cb68a62"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/breadcrumbs/ActiveLastBreadcrumb.js"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 64528, "scanner": "repobility-threat-engine", "fingerprint": "769c18fadda3776f4c38242101c83cdc970a936cb8fb23d80e2d64c6a29f9cf6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|769c18fadda3776f4c38242101c83cdc970a936cb8fb23d80e2d64c6a29f9cf6", "aggregated_count": 5}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 64527, "scanner": "repobility-threat-engine", "fingerprint": "2feb26b59b35a815ef0511a5b9802482a601c8bc33d5879907964bb2252fadb3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2feb26b59b35a815ef0511a5b9802482a601c8bc33d5879907964bb2252fadb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/breadcrumbs/RouterBreadcrumbs.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 64526, "scanner": "repobility-threat-engine", "fingerprint": "e1d4146b9b1a7403f13646553f5937dd721706af567358e7f1363dff3ac6587b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e1d4146b9b1a7403f13646553f5937dd721706af567358e7f1363dff3ac6587b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/Virtualize.tsx"}, "region": {"startLine": 195}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 64525, "scanner": "repobility-threat-engine", "fingerprint": "809c6fe84f002da5a5fd84e1367264f3efe05f026563b80e88d7f2d3d6be033c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|809c6fe84f002da5a5fd84e1367264f3efe05f026563b80e88d7f2d3d6be033c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/InfiniteLoading.tsx"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "properties": {"repobilityId": 64524, "scanner": "repobility-threat-engine", "fingerprint": "bac6b4c00ee84ec9c2cf44dd6a5076fd7d8bfc75e55a19741ec476d5ea2bde5b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bac6b4c00ee84ec9c2cf44dd6a5076fd7d8bfc75e55a19741ec476d5ea2bde5b", "aggregated_count": 57}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 64523, "scanner": "repobility-threat-engine", "fingerprint": "2d8e0d6b3544dc01a21cc6c91b0bab1026ebc6883d85cd7a959b9caf76da7482", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d8e0d6b3544dc01a21cc6c91b0bab1026ebc6883d85cd7a959b9caf76da7482"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/Highlights.tsx"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 64522, "scanner": "repobility-threat-engine", "fingerprint": "e9f7733a0ddbfba075bec4e6388de8f2c5078407118d4f529d860eb212217099", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e9f7733a0ddbfba075bec4e6388de8f2c5078407118d4f529d860eb212217099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/Highlights.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 64521, "scanner": "repobility-threat-engine", "fingerprint": "61ead149dca17867ed4f57b35ce66a975f0f30cb67ae252efbcf87fcadb9a39b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|61ead149dca17867ed4f57b35ce66a975f0f30cb67ae252efbcf87fcadb9a39b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/GoogleMaps.js"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 64516, "scanner": "repobility-threat-engine", "fingerprint": "8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "aggregated_count": 10}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 64515, "scanner": "repobility-threat-engine", "fingerprint": "08f60e7106e8a06e7fda77fc60e5de2cefedf7d39d1ab21255784b3104982225", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|08f60e7106e8a06e7fda77fc60e5de2cefedf7d39d1ab21255784b3104982225"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/icons/FontAwesomeIconSize.tsx"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 64514, "scanner": "repobility-threat-engine", "fingerprint": "a1d7bae91b4ab8d5f7c3f8fcd435eab0b09f530d66470a2a978c38c54d67ac9c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1d7bae91b4ab8d5f7c3f8fcd435eab0b09f530d66470a2a978c38c54d67ac9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/icons/FontAwesomeIcon.tsx"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 64513, "scanner": "repobility-threat-engine", "fingerprint": "3b59eac0a9c4e812fdc45284e76008156aae81d84af4e0a3a4c250acea809008", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b59eac0a9c4e812fdc45284e76008156aae81d84af4e0a3a4c250acea809008"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/CustomizedHook.tsx"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 64512, "scanner": "repobility-threat-engine", "fingerprint": "17dd83cf3397cfa50961ed7a1eb16167dc11286eb212fcf82fd3bf6e3376bd8c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|17dd83cf3397cfa50961ed7a1eb16167dc11286eb212fcf82fd3bf6e3376bd8c", "aggregated_count": 7}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 64511, "scanner": "repobility-threat-engine", "fingerprint": "d54f36a74a4784f743777ff63c8dad9c13f1b82cd83567b6b1d4f9d90ccfd0bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d54f36a74a4784f743777ff63c8dad9c13f1b82cd83567b6b1d4f9d90ccfd0bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/Playground.tsx"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 64510, "scanner": "repobility-threat-engine", "fingerprint": "05cd1ccbe8a359c876bad0ffde66242b15118926e0f0a2530c1574ce4a2a5c21", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05cd1ccbe8a359c876bad0ffde66242b15118926e0f0a2530c1574ce4a2a5c21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/GitHubLabel.tsx"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 64509, "scanner": "repobility-threat-engine", "fingerprint": "a9a0e888553f2f002920b7040cec522d8fdc56abece3aba36d339d5a515304c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9a0e888553f2f002920b7040cec522d8fdc56abece3aba36d339d5a515304c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/ControllableStates.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 64542, "scanner": "repobility-threat-engine", "fingerprint": "1671a52e78e3b6399d02b93f116bc01f6fc1f34334854dfdc6e5f2baf31c7f03", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "popperRef.current.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1671a52e78e3b6399d02b93f116bc01f6fc1f34334854dfdc6e5f2baf31c7f03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/tooltips/AnchorElTooltips.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 64541, "scanner": "repobility-threat-engine", "fingerprint": "e1fc60abcb5ec55ebbb8cf7df85a31fc0dcf71df74df37ee4c1d678c807e931c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "newSkipped.delete(activeStep);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1fc60abcb5ec55ebbb8cf7df85a31fc0dcf71df74df37ee4c1d678c807e931c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/steppers/HorizontalLinearStepper.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 64540, "scanner": "repobility-threat-engine", "fingerprint": "22e81369f9558b19fa8b06bb6e833cd6daf2e0316b5eff03640a6a3e8b192d60", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "newSkipped.delete(activeStep);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|22e81369f9558b19fa8b06bb6e833cd6daf2e0316b5eff03640a6a3e8b192d60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/steppers/HorizontalLinearStepper.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 64531, "scanner": "repobility-threat-engine", "fingerprint": "4c2c58af7cd36e6408f7cde3e7d080aaf1a8929d3d2001fa8f085fbca16badef", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4c2c58af7cd36e6408f7cde3e7d080aaf1a8929d3d2001fa8f085fbca16badef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/pages/_app.tsx"}, "region": {"startLine": 156}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 64530, "scanner": "repobility-threat-engine", "fingerprint": "f450719f38ed79144f61d41609ea66e1646e97da6b25a8fa9708e6a871a64a7f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f450719f38ed79144f61d41609ea66e1646e97da6b25a8fa9708e6a871a64a7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/avatars/UploadAvatars.tsx"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 64529, "scanner": "repobility-threat-engine", "fingerprint": "8d5effd86c469da375d179aee10c93eca7a28d213929f93499648ca4ec89d15e", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8d5effd86c469da375d179aee10c93eca7a28d213929f93499648ca4ec89d15e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/avatars/UploadAvatars.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 64518, "scanner": "repobility-threat-engine", "fingerprint": "ba2fb8a7b10791e06f78723011dd6d3027663d7bb4d72e66e1330a5c1b6d1e51", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n  (_, index) =>\n    `${index < 20 ? '0' : ''}${Math.floor(index / 2)}:${\n      index % 2 === 0", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ba2fb8a7b10791e06f78723011dd6d3027663d7bb4d72e66e1330a5c1b6d1e51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/DisabledOptions.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 64517, "scanner": "repobility-threat-engine", "fingerprint": "e9c57840ac652c4b2996d35963cf37943157cbb47a10468653d1bf1c0d1a3e1f", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n  (_, index) =>\n    `${index < 20 ? '0' : ''}${Math.floor(index / 2)}:${\n      index % 2 === 0", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e9c57840ac652c4b2996d35963cf37943157cbb47a10468653d1bf1c0d1a3e1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/DisabledOptions.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC049", "level": "error", "message": {"text": "[SEC049] GCP API key: Google Cloud API key (AIza prefix). Ported from gitleaks gcp-api-key (MIT)."}, "properties": {"repobilityId": 64520, "scanner": "repobility-threat-engine", "fingerprint": "508db37c4f2630c16b6e4261a4dea318b9e4cc4122dddfdaf7b3c6f08ac4240e", "category": "secret", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "AIzaSyC3aviU6KHXAjoSnxcw6qbOhjnFctbxPkE'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC049", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/GoogleMaps.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 64519, "scanner": "repobility-threat-engine", "fingerprint": "bcb787fb348e7a28c3de6bd38023d0fa4007d92d577ba1921aaddc0def261064", "category": "credential_exposure", "severity": "critical", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "High entropy value (4.8 bits) \u2014 likely real secret | [R34 auto-suppress: documentation/example path]", "evidence": {"match": "API_KEY = '<redacted>'", "reason": "High entropy value (4.8 bits) \u2014 likely real secret | [R34 auto-suppress: documentation/example path]", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "secret|token|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/data/material/components/autocomplete/GoogleMaps.js"}, "region": {"startLine": 18}}}]}]}]}