Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

Scan timing: clone 5.43s · analysis 1.23s · 7.1 MB · GitHub API rate-limit (preflight)

gdluxx/gdluxx

https://github.com/gdluxx/gdluxx · scanned 2026-05-26 08:24 UTC (1 week, 3 days ago) · 10 languages

238 findings (70 legacy + 168 scanner) 28th percentile · Typescript · medium (20-100K LoC) Scanner says 81 (lower by 20)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 week, 3 days ago · v2 · 154 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
78.0
/100
Repobility
75
70 legacy
9-layer
81
100.0% cov · 84 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 79.8 0.25 19.95
testing_score 0.0 0.20 0.00
documentation_score 68.7 0.15 10.30
practices_score 77.0 0.15 11.55
code_quality 61.3 0.10 6.13
Overall 1.00 60.7
Severity distribution — click a segment to filter
Active filters: severity: high × excluding tests × Reset all
Severity: Critical 0 High 50 Medium 21 Low 73 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 70 9-layer 84 Crowd 0 Layer: Quality 46 Cicd 27 Security 4 Software 70 Api 1 Frontend 2 Network 1 Hardware 3
Scan summary Repository scanned at 80.8/100 with 100.0% coverage. It contains 916 nodes across 1 cross-layer flows, written primarily in mixed languages. Engine surfaced 84 findings — concentrated in software (50), cicd (22), quality (5). Risk profile is low: 0 critical, 0 high, 17 medium. Recommended next step: open the software layer findings first — that's where the highest-impact wins live.

Showing 50 of 154 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/extension-release.yml:15 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:20 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v4`
`uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/docs.yml:27 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/configure-pages` pinned to mutable ref `@v4`
`uses: actions/configure-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/docs.yml:39 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/deploy-pages` pinned to mutable ref `@v4`
`uses: actions/deploy-pages@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/docs.yml:59 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v4`
`uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/docs.yml:34 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/upload-pages-artifact` pinned to mutable ref `@v3`
`uses: actions/upload-pages-artifact@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/docs.yml:45 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `crazy-max/ghaction-import-gpg` pinned to mutable ref `@v6`
`uses: crazy-max/ghaction-import-gpg@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/extension-release.yml:39 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `crazy-max/ghaction-import-gpg` pinned to mutable ref `@v6`
`uses: crazy-max/ghaction-import-gpg@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:34 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `pnpm/action-setup` pinned to mutable ref `@v4`
`uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/extension-release.yml:24 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `pnpm/action-setup` pinned to mutable ref `@v4`
`uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/release.yml:27 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `pnpm/action-setup` pinned to mutable ref `@v4`
`uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/docs.yml:30 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `softprops/action-gh-release` pinned to mutable ref `@v1`
`uses: softprops/action-gh-release@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/extension-release.yml:109 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `softprops/action-gh-release` pinned to mutable ref `@v1`
`uses: softprops/action-gh-release@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/extension-release.yml:101 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `node:20-alpine` not pinned by digest
`FROM node:20-alpine` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `node:20-slim` not pinned by digest
`FROM node:20-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Dockerfile:18 dependencylegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
src/lib/components/auth/SetupForm.svelte:110 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
src/lib/components/auth/LoginForm.svelte:82 authlegacy
high Legacy security auth conf 0.83 Secret-like setting is echoed into a password input value
Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping.
extension/src/content/views/settings/tabs/GdluxxTab.svelte:89 authlegacy
high Legacy cicd docker conf 0.56 Compose service does not declare a runtime user
If the image does not define USER internally, this service may run as root.
docker-compose.yml:3 dockerlegacy
high Legacy cicd docker conf 0.62 Compose service lacks no-new-privileges hardening
no-new-privileges prevents processes from gaining additional privileges through setuid binaries or file capabilities.
docker-compose.yml:3 dockerlegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/themes/codemirror/codemirror-light.ts:8 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/stores/settingsStore.ts:23 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/server/extensionProfileBackupManager.ts:10 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/UploadModal.svelte:78 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Tooltip.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Modal.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Info.svelte:94 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Info.svelte:2 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Info.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/ConfirmModal.svelte:16 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/ConfirmModal.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Chip.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/ui/Button.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/jobs/JobsList.svelte:97 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/jobs/JobOutputModal.svelte:160 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/jobs/JobOutputModal.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/VersionIcon.svelte:4 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/VersionIcon.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/SuccessIcon.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/RunIcon.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/LogIcon.svelte:4 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/LogIcon.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
src/lib/components/icons/KeyIcon.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
extension/src/content/views/shared/substitution/SubProfileControls.svelte:88 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
extension/src/content/views/shared/filtering/SelectorInputs.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
extension/src/content/views/main/components/LinkList.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
extension/src/content/lib/utils/storageSubstitution.ts:56 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
extension/src/content/lib/components/ui/Info.svelte:1 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
extension/src/content/lib/components/ui/Dropdown.svelte:22 qualitylegacy
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/5e6580f3-145e-402c-a28f-72aff412ab0b/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/5e6580f3-145e-402c-a28f-72aff412ab0b/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.