Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
62 of your 86 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 132.35s for a 149.4 MB repo slow.
  • Repobility's analysis ran in 1.12s after the clone landed.

VibeVoice

https://github.com/microsoft/VibeVoice.git · scanned 2026-05-24 01:24 UTC (1 week, 5 days ago) · 10 languages

216 findings (80 legacy + 136 scanner) 11/13 scanners ran 36th percentile · Python · small (2-20K LoC) Scanner says 92 (lower by 28)

File as issue Image v2 schema
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 5 days ago · v2 · 148 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
85.7
/100
Repobility
80
80 legacy
9-layer
92
88.9% cov · 68 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 75.0 0.15 11.25
security_score 100.0 0.25 25.00
testing_score 13.0 0.20 2.60
documentation_score 95.0 0.15 14.25
practices_score 40.0 0.15 6.00
code_quality 45.0 0.10 4.50
Overall 1.00 63.6
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 69 Medium 16 Low 54 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 80 9-layer 68 Crowd 0 Layer: Quality 108 Security 13 Software 23 Frontend 1 Cicd 1 Api 2
Scan summary Repository scanned at 91.8/100 with 88.9% coverage. It contains 547 nodes across 2 cross-layer flows, written primarily in mixed languages. Engine surfaced 68 findings — concentrated in quality (31), software (23), security (10). Risk profile is high: 0 critical, 8 high, 6 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 137 of 148 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
vllm_plugin/__init__.py:46 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
vibevoice/modular/streamer.py:249 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._ensure_audio_encoder_dtype` used but never assigned in __init__: Method `forward` of class `VibeVoiceAudioEncoder` reads `self._ensure_audio_encoder_dtype`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._ensure_audio_encoder_dtype = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:339 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._format_transcription` used but never assigned in __init__: Method `__getitem__` of class `VibeVoiceASRDataset` reads `self._format_transcription`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._format_transcription = <default>` in __init__, or add a class-level default.
finetuning-asr/lora_finetune.py:305 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._get_dummy_audios` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_dummy_audios`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._get_dummy_audios = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:659 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._get_max_audio_samples` used but never assigned in __init__: Method `get_dummy_mm_data` of class `VibeVoiceDummyInputsBuilder` reads `self._get_max_audio_samples`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._get_max_audio_samples = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:654 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self._prepare_generation_config` used but never assigned in __init__: Method `transcribe_batch` of class `VibeVoiceASRBatchInference` reads `self._prepare_generation_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self._prepare_generation_config = <default>` in __init__, or add a class-level default.
demo/vibevoice_asr_inference_from_file.py:147 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.available_voices = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:63 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.available_voices = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:62 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.available_voices = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:37 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.available_voices` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.available_voices`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.available_voices = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:57 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.ctx` used but never assigned in __init__: Method `get_feature_extractor` of class `VibeVoiceProcessingInfo` reads `self.ctx`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.ctx = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:498 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.ctx` used but never assigned in __init__: Method `get_hf_config` of class `VibeVoiceProcessingInfo` reads `self.ctx`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.ctx = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:481 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.get_hf_config` used but never assigned in __init__: Method `get_mm_max_tokens_per_item` of class `VibeVoiceProcessingInfo` reads `self.get_hf_config`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.get_hf_config = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:576 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.get_tokenizer` used but never assigned in __init__: Method `get_audio_token_info` of class `VibeVoiceProcessingInfo` reads `self.get_tokenizer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.get_tokenizer = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:539 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.info` used but never assigned in __init__: Method `_get_max_audio_samples` of class `VibeVoiceDummyInputsBuilder` reads `self.info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.info = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:614 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.info` used but never assigned in __init__: Method `get_dummy_text` of class `VibeVoiceDummyInputsBuilder` reads `self.info`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.info = <default>` in __init__, or add a class-level default.
vllm_plugin/model.py:637 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.transcribe_batch` used but never assigned in __init__: Method `transcribe_with_batching` of class `VibeVoiceASRBatchInference` reads `self.transcribe_batch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.transcribe_batch = <default>` in __init__, or add a class-level default.
demo/vibevoice_asr_inference_from_file.py:240 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:83 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:74 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:70 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `get_voice_path` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:69 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:58 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:51 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:36 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:54 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED108] `self.voice_presets` used but never assigned in __init__: Method `setup_voice_presets` of class `VoiceMapper` reads `self.voice_presets`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.voice_presets = <default>` in __init__, or add a class-level default.
demo/realtime_model_inference_from_file.py:41 qualitylegacy
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in demo/realtime_model_inference_from_file.py:218
Found a known-risky pattern (eval_used). Review and replace if possible.
demo/realtime_model_inference_from_file.py:218 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in demo/vibevoice_asr_gradio_demo.py:108
Found a known-risky pattern (eval_used). Review and replace if possible.
demo/vibevoice_asr_gradio_demo.py:108 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in demo/vibevoice_asr_inference_from_file.py:68
Found a known-risky pattern (eval_used). Review and replace if possible.
demo/vibevoice_asr_inference_from_file.py:68 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in demo/web/app.py:114
Found a known-risky pattern (eval_used). Review and replace if possible.
demo/web/app.py:114 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in finetuning-asr/inference_lora.py:68
Found a known-risky pattern (eval_used). Review and replace if possible.
finetuning-asr/inference_lora.py:68 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in vibevoice/modular/modeling_vibevoice.py:165
Found a known-risky pattern (eval_used). Review and replace if possible.
vibevoice/modular/modeling_vibevoice.py:165 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in vibevoice/modular/modeling_vibevoice_asr.py:105
Found a known-risky pattern (eval_used). Review and replace if possible.
vibevoice/modular/modeling_vibevoice_asr.py:105 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in vibevoice/modular/modeling_vibevoice_streaming.py:161
Found a known-risky pattern (eval_used). Review and replace if possible.
vibevoice/modular/modeling_vibevoice_streaming.py:161 owaspeval_used
medium Legacy security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
authlegacy
medium Legacy security auth conf 0.72 [AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements.
Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler.
authlegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
vllm_plugin/__init__.py:46 error_handlinglegacy
medium Legacy quality quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`
vibevoice/modular/modular_vibevoice_tokenizer.py:435 qualitylegacy
medium Legacy quality quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`
vibevoice/modular/modular_vibevoice_tokenizer.py:259 qualitylegacy
medium Legacy quality quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`
vibevoice/modular/modular_vibevoice_tokenizer.py:179 qualitylegacy
medium Legacy quality quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`
vibevoice/modular/modular_vibevoice_tokenizer.py:164 qualitylegacy
medium Legacy quality quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`
vibevoice/modular/configuration_vibevoice.py:97 qualitylegacy
medium Legacy quality quality conf 1.00 ✓ Repobility [MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
Use None as the default and create the collection inside the function: `def __init__(x=None): x = x or []`
vibevoice/modular/configuration_vibevoice.py:34 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:649 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:589 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:535 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:466 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:388 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:232 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:196 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:156 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:88 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/scripts/start_server.py:294 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
vllm_plugin/model.py:1095 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_inference_from_file.py:184 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_inference_from_file.py:391 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/realtime_model_inference_from_file.py:201 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:595 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:403 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:635 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:323 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:230 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:911 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:512 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:427 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:338 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
demo/vibevoice_asr_gradio_demo.py:43 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling.
finetuning-asr/inference_lora.py:137 qualitylegacy
high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1843 qualitylegacy
high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model.
demo/vibevoice_asr_gradio_demo.py:402 qualitylegacy
medium Legacy quality quality conf 0.78 Public web service has no security.txt
Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored.
.well-known/security.txt qualitylegacy
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in vllm_plugin/scripts/start_server.py:35
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
vllm_plugin/scripts/start_server.py:35 owaspsubprocess_shell_true
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — vllm_plugin/scripts/gradio_asr_demo_api_video.py:100
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — vllm_plugin/scripts/start_server.py:35
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer security coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
coverageauth
medium 9-layer cicd coverage conf 1.00 No CI/CD pipelines detected
No GitHub Actions, GitLab CI, or CircleCI configs found. Without CI you can't gate deploys on tests/lints.
coverage
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
2 test file(s) for 35 source file(s) (ratio 0.06). Consider adding integration or unit tests for critical paths.
testscoverage
low Legacy security auth conf 0.76 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior.
authlegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/processor/vibevoice_streaming_processor.py:53 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/processor/vibevoice_streaming_processor.py:15 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/processor/vibevoice_processor.py:56 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/modular/modeling_vibevoice_streaming_inference.py:108 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/modular/modeling_vibevoice_streaming.py:45 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/modular/modeling_vibevoice_asr.py:35 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used.
vibevoice/modular/configuration_vibevoice_streaming.py:13 qualitylegacy
low 9-layer quality integrity conf 1.00 Legacy-named symbol `squaredcos_cap_v2` in demo/web/app.py:119
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `squaredcos_cap_v2` in vibevoice/schedule/dpm_solver.py:138
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vllm_plugin/scripts/gradio_asr_demo_api_video.py:parse_time_to_seconds, demo/vibevoice_asr_gradio_demo.py:parse_time_to_seconds This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vllm_plugin/scripts/gradio_asr_demo_api_video.py:clip_and_encode_audio, demo/vibevoice_asr_gradio_demo.py:clip_and_encode_audio This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consoli…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vllm_plugin/scripts/gradio_asr_demo_api_video.py:model_name, vllm_plugin/scripts/gradio_asr_demo_api_video.py:model_name This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vllm_plugin/scripts/gradio_asr_demo_api_video.py:get_available_models_sync, vllm_plugin/scripts/gradio_asr_demo_api_video.py:get_available_models This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/schedule/timestep_sampler.py:sample, vibevoice/schedule/timestep_sampler.py:sample This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separa…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/schedule/dpm_solver.py:step_index, vibevoice/schedule/dpm_solver.py:step This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/processor/vibevoice_streaming_processor.py:prepare_speech_inputs, vibevoice/processor/vibevoice_processor.py:prepare_speech_inputs This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygi…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/processor/vibevoice_streaming_processor.py:batch_decode, vibevoice/processor/vibevoice_processor.py:batch_decode This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/processor/vibevoice_streaming_processor.py:decode, vibevoice/processor/vibevoice_processor.py:decode This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/processor/vibevoice_streaming_processor.py:model_input_names, vibevoice/processor/vibevoice_processor.py:model_input_names This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Co…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/processor/vibevoice_streaming_processor.py:save_audio, vibevoice/processor/vibevoice_processor.py:save_audio This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or d…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/modular/modeling_vibevoice_asr.py:set_speech_tokenizers, vibevoice/modular/modeling_vibevoice.py:set_speech_tokenizers This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consol…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: vibevoice/modular/modeling_vibevoice_asr.py:set_decoder, vibevoice/modular/modeling_vibevoice.py:set_decoder This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document wh…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: vibevoice/modular/configuration_vibevoice_streaming.py:to_dict, vibevoice/modular/configuration_vibevoice.py:to_dict, vibevoice/modular/configuration_vibevoice.py:to_dict This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — …
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: vllm_plugin/model.py:forward, vllm_plugin/model.py:forward, vllm_plugin/model.py:forward, vllm_plugin/model.py:forward This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or d…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: vibevoice/schedule/dpm_solver.py:alpha_bar_fn, vibevoice/schedule/dpm_solver.py:alpha_bar_fn, vibevoice/schedule/dpm_solver.py:alpha_bar_fn, vibevoice/schedule/dpm_solver.py:alpha_bar_fn This is *the* AI-coder failure mode (4× more duplication in vib…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: vibevoice/modular/modeling_vibevoice_asr.py:set_input_embeddings, vibevoice/modular/modeling_vibevoice_asr.py:set_input_embeddings, vibevoice/modular/modeling_vibevoice.py:set_input_embeddings, vibevoice/modular/modeling_vibevoice.py:set_input_embeddi…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: vibevoice/modular/modeling_vibevoice_asr.py:get_input_embeddings, vibevoice/modular/modeling_vibevoice_asr.py:get_input_embeddings, vibevoice/modular/modeling_vibevoice_streaming.py:get_input_embeddings, vibevoice/modular/modeling_vibevoice.py:get_inp…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: vibevoice/modular/modeling_vibevoice_asr.py:forward, vibevoice/modular/modeling_vibevoice_asr.py:forward, vibevoice/modular/modeling_vibevoice_streaming_inference.py:forward_lm, vibevoice/modular/modeling_vibevoice_streaming_inference.py:forward_tts_l…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: vibevoice/modular/modular_vibevoice_diffusion_head.py:forward, vibevoice/modular/modular_vibevoice_diffusion_head.py:forward, vibevoice/modular/modular_vibevoice_diffusion_head.py:forward, vibevoice/modular/modular_vibevoice_diffusion_head.py:forward …
integrityduplicatedry
low 9-layer software dead-code conf 1.00 Possibly dead Python function: clip_and_encode_audio
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:593 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: clip_and_encode_audio
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
demo/vibevoice_asr_gradio_demo.py:247 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: embed_input_ids
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/model.py:1127 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: embed_multimodal
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/model.py:988 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: forward
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/model.py:1202 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: load_base64
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/model.py:63 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: load_bytes
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/model.py:60 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: load_example_chat
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1902 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: load_example_hotword
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1930 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: load_example_song
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1916 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: load_file
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/model.py:66 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: read_output
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:108 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: register_vibevoice
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/__init__.py:20 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: reset_stop_flag
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1962 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: reset_stop_flag
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
demo/vibevoice_asr_gradio_demo.py:1131 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_transcription
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
demo/vibevoice_asr_gradio_demo.py:623 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: set_stop_flag
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1968 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: set_stop_flag
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
demo/vibevoice_asr_gradio_demo.py:1136 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: transcribe_wrapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1997 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: update_audio_preview
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1866 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: update_media_preview
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1827 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: update_video_preview
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/scripts/gradio_asr_demo_api_video.py:1873 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: vibevoice_audio_input_mapper
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
vllm_plugin/inputs.py:43 dead-code
low 9-layer api wiring conf 1.00 Unused endpoint: GET /
`demo/web/app.py` declares `GET /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /config
`demo/web/app.py` declares `GET /config` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer quality complexity conf 1.00 Very large file: vibevoice/modular/modular_vibevoice_tokenizer.py (1206 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: vllm_plugin/model.py (1251 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: vllm_plugin/scripts/gradio_asr_demo_api_video.py (2209 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low Legacy quality quality conf 1.00 ✓ Repobility [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.
Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context.
demo/realtime_model_inference_from_file.py:279 qualitylegacy
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/59822133-99df-4890-8acc-0ec11ec6560c/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/59822133-99df-4890-8acc-0ec11ec6560c/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.