← Back to scan
File as GitHub Issue repo: boxlite-ai/boxlite

Push this scan report to boxlite-ai/boxlite

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

`self._start_playwright_server` used but never assigned in __init__

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED110 [MINED110] Blocking call `urllib.request.urlopen` inside async function `main`: `urllib.r… examples/python/02_features/forward_por…:40
HIGH MINED108 [MINED108] `self.playwright_endpoint` used but never assigned in __init__: Method `connec… sdks/python/boxlite/browserbox.py:600
HIGH MINED108 [MINED108] `self._start_puppeteer_browser` used but never assigned in __init__: Method `e… sdks/python/boxlite/browserbox.py:556
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `endpoint` of class `B… sdks/python/boxlite/browserbox.py:567
HIGH MINED108 [MINED108] `self._start_playwright_server` used but never assigned in __init__: Method `p… sdks/python/boxlite/browserbox.py:517
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_cdp_forwarder`… sdks/python/boxlite/browserbox.py:481
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_cdp_forwarder`… sdks/python/boxlite/browserbox.py:476
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_cdp_forwarder`… sdks/python/boxlite/browserbox.py:473
HIGH MINED108 [MINED108] `self._poll_until_ready` used but never assigned in __init__: Method `_start_f… sdks/python/boxlite/browserbox.py:389
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_firefox_bidi` … sdks/python/boxlite/browserbox.py:382
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_firefox_bidi` … sdks/python/boxlite/browserbox.py:373
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_firefox_bidi` … sdks/python/boxlite/browserbox.py:363
HIGH MINED108 [MINED108] `self._poll_until_ready` used but never assigned in __init__: Method `_start_c… sdks/python/boxlite/browserbox.py:355
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_chromium_cdp` … sdks/python/boxlite/browserbox.py:345
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_chromium_cdp` … sdks/python/boxlite/browserbox.py:325
HIGH MINED108 [MINED108] `self._start_firefox_bidi` used but never assigned in __init__: Method `_start… sdks/python/boxlite/browserbox.py:309
HIGH MINED108 [MINED108] `self._start_chromium_cdp` used but never assigned in __init__: Method `_start… sdks/python/boxlite/browserbox.py:307
HIGH MINED108 [MINED108] `self._start_cdp_forwarder` used but never assigned in __init__: Method `_star… sdks/python/boxlite/browserbox.py:313
HIGH MINED108 [MINED108] `self._poll_until_ready` used but never assigned in __init__: Method `_start_p… sdks/python/boxlite/browserbox.py:264
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_start_playwright_ser… sdks/python/boxlite/browserbox.py:257
HIGH MINED108 [MINED108] `self.exec` used but never assigned in __init__: Method `_poll_until_ready` of… sdks/python/boxlite/browserbox.py:224
HIGH MINED118 [MINED118] Dockerfile FROM `lscr.io/linuxserver/webtop:ubuntu-xfce` not pinned by digest:… src/boxlite/resources/images/skillbox/D…:8
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/build-wheels.yml:28
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/git… .github/workflows/warm-caches.yml:66
HIGH MINED115 [MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses… .github/workflows/warm-caches.yml:63
HIGH MINED115 [MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `… .github/workflows/warm-caches.yml:58
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/warm-caches.yml:53
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/git… .github/workflows/test.yml:269
HIGH MINED115 [MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses… .github/workflows/test.yml:265
HIGH MINED115 [MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `… .github/workflows/test.yml:257
HIGH MINED115 [MINED115] Action `actions/setup-go` pinned to mutable ref `@v5`: `uses: actions/setup-go… .github/workflows/test.yml:252
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/test.yml:249
HIGH MINED115 [MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-… .github/workflows/test.yml:224
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/test.yml:221
HIGH MINED115 [MINED115] Action `actions/setup-python` pinned to mutable ref `@v5`: `uses: actions/setu… .github/workflows/test.yml:194
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/test.yml:191
HIGH MINED115 [MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/git… .github/workflows/test.yml:164
HIGH MINED115 [MINED115] Action `mozilla-actions/sccache-action` pinned to mutable ref `@v0.0.9`: `uses… .github/workflows/test.yml:160
HIGH MINED115 [MINED115] Action `taiki-e/install-action` pinned to mutable ref `@nextest`: `uses: taiki… .github/workflows/test.yml:157
HIGH MINED115 [MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `… .github/workflows/test.yml:144
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/test.yml:141
HIGH MINED115 [MINED115] Action `codecov/codecov-action` pinned to mutable ref `@v5`: `uses: codecov/co… .github/workflows/test.yml:121
HIGH MINED115 [MINED115] Action `taiki-e/install-action` pinned to mutable ref `@nextest`: `uses: taiki… .github/workflows/test.yml:111
HIGH MINED115 [MINED115] Action `actions-rust-lang/setup-rust-toolchain` pinned to mutable ref `@v1`: `… .github/workflows/test.yml:98
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/test.yml:95
HIGH MINED115 [MINED115] Action `dorny/paths-filter` pinned to mutable ref `@v3`: `uses: dorny/paths-fi… .github/workflows/test.yml:61
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v5`: `uses: actions/checkout… .github/workflows/test.yml:60
HIGH MINED122 [MINED122] package.json dep `@boxlite-ai/boxlite` pulled from URL/Git: `dependencies.@box… examples/node/package.json:1
HIGH MINED128 [MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` — points to… apps/otel-collector/exporter/go.mod:62
HIGH MINED128 [MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` — points to… apps/runner/go.mod:108
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:3.22` not pinned by digest: `FROM alpine:3.22` resolve… apps/runner/Dockerfile:63
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/runner/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `dexidp/dex:v2.42.0` not pinned by digest: `FROM dexidp/dex:v2… apps/dex/Dockerfile:5
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:3.20` not pinned by digest: `FROM alpine:3.20` resolve… apps/dex/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolve… apps/otel-collector/Dockerfile:46
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/otel-collector/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `node:24-slim` not pinned by digest: `FROM node:24-slim` resol… apps/api/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolve… apps/snapshot-manager/Dockerfile:41
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/snapshot-manager/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolve… apps/ssh-gateway/Dockerfile:41
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/ssh-gateway/Dockerfile:1
HIGH MINED128 [MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` — points to… apps/cli/go.mod:100
HIGH MINED118 [MINED118] Dockerfile FROM `alpine:3.18` not pinned by digest: `FROM alpine:3.18` resolve… apps/proxy/Dockerfile:45
HIGH MINED118 [MINED118] Dockerfile FROM `node:22-alpine` not pinned by digest: `FROM node:22-alpine` r… apps/proxy/Dockerfile:1
HIGH MINED128 [MINED128] go.mod replaces `github.com/boxlite-ai/boxlite/libs/api-client-go` — points to… apps/common-go/go.mod:76
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openapi/reference-server/server.py:859
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… openapi/reference-server/server.py:829
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/07_advanced/ai_pipeline…:127
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/03_lifecycle/share_acro…:234
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/03_lifecycle/share_acro…:140
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/03_lifecycle/manage_lif…:316
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/03_lifecycle/manage_lif…:287
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/03_lifecycle/manage_lif…:190
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/03_lifecycle/manage_lif…:110
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/04_interactive/install_…:196
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/04_interactive/run_inte…:48
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/06_ai_agents/run_opencl…:134
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/06_ai_agents/drive_box_…:104
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/06_ai_agents/drive_box_…:133
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/07_advanced/use_native_…:259
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/07_advanced/local_to_re…:63
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/08_rest_api/use_env_con…:40
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… examples/python/02_features/forward_por…:44
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/daemon/pkg/toolbox/process/interpr…:184
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/daemon/pkg/toolbox/process/interpr…:165
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… apps/daemon/pkg/toolbox/process/interpr…:38
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… sdks/python/boxlite/orchestration/guest…:117
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… sdks/python/boxlite/orchestration/guest…:155
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… sdks/python/boxlite/orchestration/box_r…:163
MED SEC136 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all excepti… sdks/python/boxlite/interactivebox.py:291
MED SEC119 [SEC119] World-writable / world-readable file permissions: World-writable files let any l… sdks/go/cmd/setup/main.go:167
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… sdks/python/boxlite/orchestration/guest…:147
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… sdks/python/boxlite/orchestration/box_r…:173
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… apps/dashboard/src/hooks/useDocsSearchC…:99
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… apps/dashboard/src/components/sandboxes…:174
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… apps/dashboard/src/components/SandboxTa…:80
MED SEC091 [SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/Read… apps/proxy/pkg/proxy/proxy.go:239
MED SEC091 [SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/Read… apps/daemon/pkg/terminal/server.go:43
MED SEC091 [SEC091] Go: net/http server without timeouts: HTTP server without ReadHeaderTimeout/Read… apps/cli/auth/auth.go:32
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… examples/node/browserbox_puppeteer.js:177
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… apps/dashboard/src/components/ui/storie…:38
MED SEC134 [SEC134] AI scaffold leftover — Lorem ipsum / example.com / John Doe in code: Lorem ipsum… apps/api/src/config/dto/configuration.d…:163
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … apps/dashboard/src/components/Playgroun…:114
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … apps/daemon/pkg/toolbox/process/interpr…:127
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … apps/api/src/common/utils/docker-image.…:154
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. sdks/python/boxlite/orchestration/box_r…:118
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… sdks/python/boxlite/interactivebox.py:291
MED COMP001 [COMP001] High cognitive complexity: Function `run` has cognitive complexity 16 (SonarSou… apps/daemon/pkg/toolbox/process/interpr…:169
MED COMP001 [COMP001] High cognitive complexity: Function `execute_code` has cognitive complexity 22 … apps/daemon/pkg/toolbox/process/interpr…:105
MED DKR001 Docker final stage has no non-root USER apps/ssh-gateway/Dockerfile:42
MED DKR001 Docker final stage has no non-root USER apps/snapshot-manager/Dockerfile:42
MED DKR001 Docker final stage has no non-root USER apps/runner/Dockerfile:63
MED DKR001 Docker final stage has no non-root USER apps/proxy/Dockerfile:46
MED DKR001 Docker final stage has no non-root USER apps/otel-collector/Dockerfile:47
MED DKR001 Docker final stage has no non-root USER apps/api/Dockerfile:1
MED AGT007 localStorage write failures are swallowed silently apps/daemon/pkg/terminal/static/index.h…:548
MED AGT015 Remote install command pipes network code directly to a shell README.md:196
LOW ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. apps/cli/cmd/auth/login.go:178
LOW ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. apps/cli/auth/auth.go:51
LOW ERR003 [ERR003] Ignored Error (Go): Ignoring error return values. apps/cli/apiclient/api_client.go:85
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… apps/api/src/sandbox/entities/build-inf…:16
LOW COMP001 [COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSou… examples/python/01_getting_started/list…:13
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_volume.…:57
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_user.go:208
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_snapsho…:291
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_snapsho…:266
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_runner.…:78
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_organiz…:98
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_create_linked_…:78
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_computer_use_s…:76
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/model_computer_use_s…:58
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_webhooks.go:92
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_webhooks.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_volumes.go:420
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_volumes.go:88
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_volumes.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_users.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_regions.go:49
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_regions.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_preview.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_object_storage.go:56
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_object_storage.go:54
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_object_storage.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_jobs.go:166
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_jobs.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_health.go:54
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_health.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_docker_registry.…:99
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_docker_registry.…:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_config.go:49
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_audit.go:1
LOW AIC003 Duplicated implementation block across source files apps/api-client-go/api_api_keys.go:1
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW AIC002 Source file name looks like an AI patch artifact src/boxlite/src/jailer/shim_copy.rs:1
INFO MINED071 [MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases. src/deps/libgvproxy-sys/gvproxy-bridge/…:46
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… src/deps/bubblewrap-sys/build.rs:57
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… src/cli/src/commands/cp.rs:163
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… src/boxlite/src/rest/error.rs:200
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. sdks/python/boxlite/exec.py:14
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… sdks/c/src/error.rs:141
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… sdks/c/src/copy.rs:55
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… sdks/c/src/box_handle.rs:112
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. src/boxlite/src/jailer/builder.rs:184
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. src/boxlite/src/event_listener/audit_ev…:57
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. sdks/c/build.rs:14
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. examples/python/06_ai_agents/use_skillb…:134
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. examples/python/06_ai_agents/run_opencl…:155
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. examples/python/04_interactive/install_…:151
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… examples/python/03_lifecycle/share_acro…:152
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… examples/python/03_lifecycle/manage_lif…:117
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… examples/python/03_lifecycle/clone_expo…:79
INFO MINED063 [MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) — file can be replaced/de… examples/python/02_features/mount_host_…:75
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… examples/python/01_getting_started/run_…:56
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… examples/python/01_getting_started/run_…:53
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… apps/dashboard/src/hooks/useDocsSearchC…:119
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… apps/dashboard/src/components/ui/chart.…:76
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… apps/dashboard/src/components/SandboxTa…:83
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… apps/dashboard/src/components/Compariso…:50
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… apps/dashboard/src/components/CodeBlock…:52
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… examples/python/02_features/copy_files.…:18
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… apps/api/src/sandbox/dto/create-build-i…:14
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… apps/api/src/sandbox/dto/build-info.dto…:13
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … apps/api/src/sandbox-telemetry/services…:286
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … apps/api/src/region/guards/region-acces…:46
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … apps/api/src/organization/guards/organi…:30
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… apps/api/src/sandbox/dto/runner-health.…:151
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… apps/api/src/region/dto/region.dto.ts:65
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… apps/api/src/main.ts:152
INFO MINED074 [MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.exa… apps/api/src/config/dto/configuration.d…:123
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … apps/api/src/sandbox/guards/region-sand…:38
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … apps/api/src/generate-openapi.ts:56
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … apps/api/src/common/providers/openfeatu…:38
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. apps/api/src/common/guards/authenticate…:31
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. apps/api/src/auth/combined-auth.guard.ts:23
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. apps/api/src/audit/interceptors/audit.i…:116
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. apps/api/src/audit/decorators/audit.dec…:20
INFO MINED053 [MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin… apps/api/src/app.module.ts:44
INFO MINED060 [MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks g… apps/api-client-go/api_health.go:28
INFO MINED060 [MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks g… apps/api-client-go/api_config.go:28
INFO MINED060 [MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks g… apps/api-client-go/api_audit.go:30
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `boxlite-ai/boxlite`

**Score: 68/100 (B+)**  ·  275 findings  ·  scanned 2026-05-31 01:24 UTC  ·  379,573 LOC

| Severity | Count |
|---|---|
| CRITICAL | 2 |
| HIGH | 112 |
| MEDIUM | 52 |
| LOW | 37 |

📊 [Full filterable report](https://repobility.com/scan/51fceb34-d3ee-486b-ae87-8ff06a5e27b3/)  ·  ![scorecard](https://repobility.com/scan/51fceb34-d3ee-486b-ae87-8ff06a5e27b3/report.png?v=1780190660-s2)

### Top findings

1. **HIGH** `MINED110` — Blocking call `urllib.request.urlopen` inside async function `main`
   `examples/python/02_features/forward_ports.py:40` · ✓ Repobility
2. **HIGH** `MINED108` — `self.playwright_endpoint` used but never assigned in __init__
   `sdks/python/boxlite/browserbox.py:600` · ✓ Repobility
3. **HIGH** `MINED108` — `self._start_puppeteer_browser` used but never assigned in __init__
   `sdks/python/boxlite/browserbox.py:556` · ✓ Repobility
4. **HIGH** `MINED108` — `self.exec` used but never assigned in __init__
   `sdks/python/boxlite/browserbox.py:567` · ✓ Repobility
5. **HIGH** `MINED108` — `self._start_playwright_server` used but never assigned in __init__
   `sdks/python/boxlite/browserbox.py:517` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/51fceb34-d3ee-486b-ae87-8ff06a5e27b3/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 22 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'boxlite-ai/boxlite' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Already filed
105/332 findings (32%) on this scan are already flagged as test-file, won't-fix, or suppressed. The scan is too noisy to file as a single issue. Curate down to specific actionable findings, or address the FP source first.
I read the warnings â override Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.