← Back to scan
File as GitHub Issue repo: near/nearcore

Push this scan report to near/nearcore

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

`self.read_bytes` used but never assigned in __init__

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED108 [MINED108] `self.deserialize_struct` used but never assigned in __init__: Method `deseria… pytest/lib/serializer.py:127
HIGH MINED108 [MINED108] `self.deserialize_field` used but never assigned in __init__: Method `deserial… pytest/lib/serializer.py:125
HIGH MINED108 [MINED108] `self.deserialize_num` used but never assigned in __init__: Method `deserializ… pytest/lib/serializer.py:121
HIGH MINED108 [MINED108] `self.deserialize_field` used but never assigned in __init__: Method `deserial… pytest/lib/serializer.py:117
HIGH MINED108 [MINED108] `self.read_bytes` used but never assigned in __init__: Method `deserialize_fie… pytest/lib/serializer.py:113
HIGH MINED108 [MINED108] `self.deserialize_num` used but never assigned in __init__: Method `deserializ… pytest/lib/serializer.py:106
HIGH MINED108 [MINED108] `self.deserialize_num` used but never assigned in __init__: Method `deserializ… pytest/lib/serializer.py:115
HIGH MINED108 [MINED108] `self.deserialize_num` used but never assigned in __init__: Method `deserializ… pytest/lib/serializer.py:104
HIGH MINED108 [MINED108] `self.deserialize_field` used but never assigned in __init__: Method `deserial… pytest/lib/serializer.py:96
HIGH MINED108 [MINED108] `self.deserialize_num` used but never assigned in __init__: Method `deserializ… pytest/lib/serializer.py:100
HIGH MINED108 [MINED108] `self.serialize_struct` used but never assigned in __init__: Method `serialize… pytest/lib/serializer.py:85
HIGH MINED108 [MINED108] `self.serialize_field` used but never assigned in __init__: Method `serialize_… pytest/lib/serializer.py:81
HIGH MINED108 [MINED108] `self.serialize_num` used but never assigned in __init__: Method `serialize_fi… pytest/lib/serializer.py:80
HIGH MINED108 [MINED108] `self.serialize_num` used but never assigned in __init__: Method `serialize_fi… pytest/lib/serializer.py:78
HIGH MINED108 [MINED108] `self.serialize_field` used but never assigned in __init__: Method `serialize_… pytest/lib/serializer.py:74
HIGH MINED108 [MINED108] `self.serialize_num` used but never assigned in __init__: Method `serialize_fi… pytest/lib/serializer.py:60
HIGH MINED108 [MINED108] `self.serialize_num` used but never assigned in __init__: Method `serialize_fi… pytest/lib/serializer.py:72
HIGH MINED108 [MINED108] `self.serialize_num` used but never assigned in __init__: Method `serialize_fi… pytest/lib/serializer.py:57
HIGH MINED108 [MINED108] `self.serialize_num` used but never assigned in __init__: Method `serialize_fi… pytest/lib/serializer.py:55
HIGH MINED108 [MINED108] `self.serialize_field` used but never assigned in __init__: Method `serialize_… pytest/lib/serializer.py:51
HIGH MINED108 [MINED108] `self.read_bytes` used but never assigned in __init__: Method `deserialize_num… pytest/lib/serializer.py:39
HIGH MINED108 [MINED108] `self.offset` used but never assigned in __init__: Method `read_bytes` of clas… pytest/lib/serializer.py:24
HIGH MINED108 [MINED108] `self.offset` used but never assigned in __init__: Method `read_bytes` of clas… pytest/lib/serializer.py:23
HIGH MINED108 [MINED108] `self.offset` used but never assigned in __init__: Method `read_bytes` of clas… pytest/lib/serializer.py:21
HIGH MINED108 [MINED108] `self.offset` used but never assigned in __init__: Method `read_bytes` of clas… pytest/lib/serializer.py:25
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… tools/debug-ui/src/log_visualizer/event…:61
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… scripts/run-ft-benchmark.py:31
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… scripts/remote_diff/utils.py:5
HIGH DKR006 Dockerfile pipes a remote script into a shell Dockerfile:24
HIGH DKR006 Dockerfile pipes a remote script into a shell .devcontainer/Dockerfile:121
HIGH DKR006 Dockerfile pipes a remote script into a shell .devcontainer/Dockerfile:106
HIGH MINED134 [MINED134] Binary file `runtime/runtime-params-estimator/emu-cost/counter_plugin/libcount… runtime/runtime-params-estimator/emu-co…:1
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_custom_binary.y…:44
HIGH MINED115 [MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `u… .github/workflows/neard_custom_binary.y…:37
HIGH MINED115 [MINED115] Action `peaceiris/actions-gh-pages` pinned to mutable ref `@v3`: `uses: peacei… .github/workflows/book.yml:50
HIGH MINED115 [MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions… .github/workflows/book.yml:46
HIGH MINED115 [MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/u… .github/workflows/book.yml:32
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout… .github/workflows/book.yml:19
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/nayduck_ci_dev.yml:18
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/mac_m1_binary.yml:50
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/mac_m1_binary.yml:43
HIGH MINED115 [MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `u… .github/workflows/mac_m1_binary.yml:33
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_nightly_binary.…:29
HIGH MINED115 [MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `u… .github/workflows/neard_nightly_binary.…:22
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/master_fuzzer_binarie…:26
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_assertion_binar…:39
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_assertion_binar…:32
HIGH MINED115 [MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `u… .github/workflows/neard_assertion_binar…:25
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:257
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:179
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:172
HIGH MINED115 [MINED115] Action `Warpbuilds/build-push-action` pinned to mutable ref `@v6`: `uses: Warp… .github/workflows/neard_release.yml:154
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:110
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:103
HIGH MINED115 [MINED115] Action `aws-actions/configure-aws-credentials` pinned to mutable ref `@v4`: `u… .github/workflows/neard_release.yml:48
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:43
HIGH MINED115 [MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout… .github/workflows/neard_release.yml:36
HIGH MINED118 [MINED118] Dockerfile FROM `nginx:1.25.4-alpine` not pinned by digest: `FROM nginx:1.25.4… tools/debug-ui/Dockerfile:15
HIGH MINED118 [MINED118] Dockerfile FROM `node:19-alpine` not pinned by digest: `FROM node:19-alpine` r… tools/debug-ui/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `docker.io/rust:1.86.0` not pinned by digest: `FROM docker.io/… runtime/runtime-params-estimator/emu-co…:2
HIGH MINED119 [MINED119] Dockerfile `ADD https://s3-us-west-1.amazonaws.com/build.nearprotocol.com/near… docker/sandbox/Dockerfile:11
HIGH MINED119 [MINED119] Dockerfile `ADD https://s3-us-west-1.amazonaws.com/build.nearprotocol.com/near… docker/sandbox/Dockerfile:5
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resol… docker/sandbox/Dockerfile:8
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resol… docker/sandbox/Dockerfile:2
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:24.04` not pinned by digest: `FROM ubuntu:24.04` resol… .devcontainer/Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `debian:bullseye-slim` not pinned by digest: `FROM debian:bull… tracing/Dockerfile:9
HIGH MINED118 [MINED118] Dockerfile FROM `rust:1.86.0-bullseye` not pinned by digest: `FROM rust:1.86.0… tracing/Dockerfile:2
HIGH MINED118 [MINED118] Dockerfile FROM `gitpod/workspace-full (no tag)` not pinned by digest: `FROM g… .gitpod.Dockerfile:1
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resol… Dockerfile:37
HIGH MINED118 [MINED118] Dockerfile FROM `ubuntu:22.04` not pinned by digest: `FROM ubuntu:22.04` resol… Dockerfile:2
HIGH DKC013 Database service has no persistent data volume tracing/docker-compose.yml:13
HIGH DKC013 Database service has no persistent data volume tracing/docker-compose.yml:2
HIGH DKC011 Database service publishes a host port tracing/docker-compose.yml:13
HIGH DKC011 Database service publishes a host port tracing/docker-compose.yml:2
HIGH AUC003 [AUC003] Object-level route lacks visible authorization: A route with an object id-like p… chain/jsonrpc/src/lib.rs:3029
HIGH AUC003 [AUC003] Object-level route lacks visible authorization: A route with an object id-like p… chain/jsonrpc/src/lib.rs:3028
MED MINED109 [MINED109] Mutable default argument in `call_addkey` (list): `def call_addkey(... = []/{}… pytest/tools/mirror/mirror_utils.py:257
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pytest/lib/cluster.py:108
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pytest/lib/mocknet_helpers.py:85
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/merge_queue_health.py:255
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/merge_queue_health.py:170
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … tools/themis/src/utils.rs:19
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … tools/debug-ui/src/log_visualizer/event…:61
MED COMP001 [COMP001] High cognitive complexity: Function `add_extra_keys` has cognitive complexity 2… pytest/tools/mirror/fork_network.py:43
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED MINED124 [MINED124] requirements.txt: `jmespath` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:26
MED MINED124 [MINED124] requirements.txt: `datetime` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:25
MED MINED124 [MINED124] requirements.txt: `urllib3<2` has no version pin: Unpinned pip requirement mea… pytest/requirements.txt:24
MED MINED124 [MINED124] requirements.txt: `tqdm` has no version pin: Unpinned pip requirement means ev… pytest/requirements.txt:23
MED MINED124 [MINED124] requirements.txt: `toml` has no version pin: Unpinned pip requirement means ev… pytest/requirements.txt:22
MED MINED124 [MINED124] requirements.txt: `semver` has no version pin: Unpinned pip requirement means … pytest/requirements.txt:21
MED MINED124 [MINED124] requirements.txt: `scipy` has no version pin: Unpinned pip requirement means e… pytest/requirements.txt:20
MED MINED124 [MINED124] requirements.txt: `scikit-learn` has no version pin: Unpinned pip requirement … pytest/requirements.txt:19
MED MINED124 [MINED124] requirements.txt: `retrying` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:18
MED MINED124 [MINED124] requirements.txt: `requests` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:17
MED MINED124 [MINED124] requirements.txt: `pynacl` has no version pin: Unpinned pip requirement means … pytest/requirements.txt:15
MED MINED124 [MINED124] requirements.txt: `pydantic` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:14
MED MINED124 [MINED124] requirements.txt: `psutil` has no version pin: Unpinned pip requirement means … pytest/requirements.txt:13
MED MINED124 [MINED124] requirements.txt: `prometheus-client` has no version pin: Unpinned pip require… pytest/requirements.txt:12
MED MINED124 [MINED124] requirements.txt: `numpy` has no version pin: Unpinned pip requirement means e… pytest/requirements.txt:11
MED MINED124 [MINED124] requirements.txt: `nearup` has no version pin: Unpinned pip requirement means … pytest/requirements.txt:10
MED MINED124 [MINED124] requirements.txt: `json-rpc` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:6
MED MINED124 [MINED124] requirements.txt: `deepdiff` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:5
MED MINED124 [MINED124] requirements.txt: `cython` has no version pin: Unpinned pip requirement means … pytest/requirements.txt:4
MED MINED124 [MINED124] requirements.txt: `cachetools` has no version pin: Unpinned pip requirement me… pytest/requirements.txt:3
MED MINED124 [MINED124] requirements.txt: `base58` has no version pin: Unpinned pip requirement means … pytest/requirements.txt:2
MED MINED124 [MINED124] requirements.txt: `PyGithub` has no version pin: Unpinned pip requirement mean… pytest/requirements.txt:1
MED DKC015 Database service has no healthcheck tracing/docker-compose.yml:13
MED DKC015 Database service has no healthcheck tracing/docker-compose.yml:2
MED DKR013 Dockerfile ADD downloads remote content docker/sandbox/Dockerfile:11
MED DKR013 Dockerfile ADD downloads remote content docker/sandbox/Dockerfile:5
MED DKR001 Docker final stage has no non-root USER tracing/Dockerfile:10
MED DKR001 Docker final stage has no non-root USER tools/debug-ui/Dockerfile:15
MED DKR001 Docker final stage has no non-root USER runtime/runtime-params-estimator/emu-co…:2
MED DKR001 Docker final stage has no non-root USER docker/sandbox/Dockerfile:17
MED DKR001 Docker final stage has no non-root USER Dockerfile:37
MED AIC001 Parallel implementation file sits beside a canonical file core/store/src/trie/trie_storage_update…:1
MED AIC001 Parallel implementation file sits beside a canonical file chain/chain/src/chain_update.rs:1
MED AIC004 Suspicious implementation file appears unreferenced core/store/src/trie/trie_storage_update…:1
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore Dockerfile:18
MED AUC002 [AUC002] Low visible authorization coverage in route inventory: Only 24.3% of discovered …
MED AGT012 Agent control bridge may listen on a network interface without visible auth pytest/lib/cluster.py:154
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. scripts/run-ft-benchmark.py:31
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. scripts/remote_diff/utils.py:5
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. scripts/ft-benchmark-data-sender.py:94
LOW SEC124 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/ex… scripts/run-ft-benchmark.py:11
LOW COMP001 [COMP001] High cognitive complexity: Function `send_txs` has cognitive complexity 8 (Sona… pytest/tools/mirror/fork_network.py:90
LOW COMP001 [COMP001] High cognitive complexity: Function `find_best_voting_hour` has cognitive compl… debug_scripts/estimate_epoch_start_time…:123
LOW AIC003 Duplicated implementation block across source files core/async/src/tokio/test.rs:11
LOW AIC003 Duplicated implementation block across source files core/async/src/tokio/sender.rs:52
LOW AIC003 Duplicated implementation block across source files core/async/src/instrumentation/tests.rs:19
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:19
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:11
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:19
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:11
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:18
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/rosetta-rpc/src/adapters/validate…:8
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc/res/last_blocks.js:196
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:16
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:12
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:11
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:13
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:11
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:11
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/view…:12
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/quer…:35
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/quer…:14
LOW AIC003 Duplicated implementation block across source files chain/jsonrpc-primitives/src/types/ligh…:33
LOW AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization…
LOW DKR010 Dockerfile leaves apt package indexes in the image layer runtime/runtime-params-estimator/emu-co…:9
LOW DKR011 Dockerfile installs recommended OS packages runtime/runtime-params-estimator/emu-co…:9
LOW DKR011 Dockerfile installs recommended OS packages Dockerfile:41
LOW DKR011 Dockerfile installs recommended OS packages Dockerfile:5
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKC010 Compose service lacks no-new-privileges hardening tracing/docker-compose.yml:31
LOW DKC010 Compose service lacks no-new-privileges hardening tracing/docker-compose.yml:25
LOW AIC002 Source file name looks like an AI patch artifact core/store/src/trie/mem/memtrie_update.…:1
LOW DKC006 Compose service does not declare a runtime user tracing/docker-compose.yml:31
LOW DKC006 Compose service does not declare a runtime user tracing/docker-compose.yml:25
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. tools/debug-ui/src/entity_debug/EntityQ…:39
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. tools/debug-ui/src/entity_debug/EntityD…:240
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. tools/debug-ui/src/entity_debug/fields.…:314
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. tools/debug-ui/src/actors/canvas_utils.…:8
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … tools/debug-ui/src/ConnectionStorageVie…:31
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … tools/debug-ui/src/ChainInfoSummaryView…:34
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … tools/debug-ui/src/BlocksView.tsx:83
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. tools/debug-ui/scripts/compare_tries.py:152
INFO MINED063 [MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) — file can be replaced/de… scripts/run-ft-benchmark.py:11
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… runtime/runtime-params-estimator/emu-co…:82
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… scripts/check_nightly.py:47
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… scripts/check_import_blocks.py:73
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… pytest/tools/mirror/fork_network.py:122
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… pytest/tools/prober/prober_util.py:30
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… debug_scripts/request_chain_info.py:63
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… debug_scripts/estimate_epoch_start_time…:23
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… integration-tests/src/user/rpc_user.rs:38
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… integration-tests/src/node/process_node…:47
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… chain/jsonrpc/res/network_info.js:55
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… tools/debug-ui/src/EpochShardsView.tsx:71
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… tools/debug-ui/src/ActorsView.tsx:252
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… chain/jsonrpc/res/congestion_control.js:37
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… core/o11y/benches/metrics.rs:49
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… core/crypto/src/key_conversion.rs:21
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… chain/jsonrpc-primitives/src/errors.rs:164
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… chain/chain/src/pending_shard_jobs.rs:140
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… chain/chain/src/flat_storage_init.rs:51
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… benchmarks/synth-bm/src/rpc.rs:239
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. benchmarks/synth-bm/src/block_service.rs:28
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. benchmarks/synth-bm/src/account.rs:169
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. benchmarks/continuous/db/tool/orm/src/l…:12
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `near/nearcore`

**Score: 71/100 (A-)**  ·  246 findings  ·  scanned 2026-06-05 20:45 UTC  ·  508,129 LOC

| Severity | Count |
|---|---|
| CRITICAL | 5 |
| HIGH | 98 |
| MEDIUM | 49 |
| LOW | 44 |

📊 [Full filterable report](https://repobility.com/scan/5a61929d-0913-4b71-83d9-67fdb6a96315/)  ·  ![scorecard](https://repobility.com/scan/5a61929d-0913-4b71-83d9-67fdb6a96315/report.png?v=1780692314-s2)

### Top findings

1. **HIGH** `MINED108` — `self.deserialize_struct` used but never assigned in __init__
   `pytest/lib/serializer.py:127` · ✓ Repobility
2. **HIGH** `MINED108` — `self.deserialize_field` used but never assigned in __init__
   `pytest/lib/serializer.py:125` · ✓ Repobility
3. **HIGH** `MINED108` — `self.deserialize_num` used but never assigned in __init__
   `pytest/lib/serializer.py:121` · ✓ Repobility
4. **HIGH** `MINED108` — `self.deserialize_field` used but never assigned in __init__
   `pytest/lib/serializer.py:117` · ✓ Repobility
5. **HIGH** `MINED108` — `self.read_bytes` used but never assigned in __init__
   `pytest/lib/serializer.py:113` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/5a61929d-0913-4b71-83d9-67fdb6a96315/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 15 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'near/nearcore' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Filing guard overridden Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.