{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED126", "name": "Workflow container/services image `mcr.microsoft.com/playwright:v1.59.0-noble` unpinned", "shortDescription": {"text": "Workflow container/services image `mcr.microsoft.com/playwright:v1.59.0-noble` unpinned"}, "fullDescription": {"text": "`container/services image: mcr.microsoft.com/playwright:v1.59.0-noble` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/192"}, "properties": {"repository": "carbon-design-system/carbon-components-svelte", "repoUrl": "https://github.com/carbon-design-system/carbon-components-svelte", "branch": "master"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 5805, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 5804, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5799, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b8fd780cf82a56eae4e7fb185134d9df78d9e815e954e785dc8fedd51dfcdd6e", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/LocalStorage/LocalStorage.svelte", "duplicate_line": 24, "correlation_key": "fp|b8fd780cf82a56eae4e7fb185134d9df78d9e815e954e785dc8fedd51dfcdd6e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/SessionStorage/SessionStorage.svelte"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5797, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5f03fcec3570fd6999deab18d78fcd06e26ec8a0408b660cda75db8325410ec", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Checkbox/CheckboxGroup.svelte", "duplicate_line": 63, "correlation_key": "fp|c5f03fcec3570fd6999deab18d78fcd06e26ec8a0408b660cda75db8325410ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/RadioButtonGroup/RadioButtonGroup.svelte"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5796, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2676dcca4c51b612c08ea5d3c1f4df3acbf8c3370bdcada5e151ccc30f87dd9a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Dropdown/Dropdown.svelte", "duplicate_line": 315, "correlation_key": "fp|2676dcca4c51b612c08ea5d3c1f4df3acbf8c3370bdcada5e151ccc30f87dd9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/MultiSelect/MultiSelect.svelte"}, "region": {"startLine": 366}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5795, "scanner": "repobility-ai-code-hygiene", "fingerprint": "481ec1dca77e221e279cb03200e86276052a514ca5dcd368cfdaf0b895589405", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ComboBox/ComboBox.svelte", "duplicate_line": 249, "correlation_key": "fp|481ec1dca77e221e279cb03200e86276052a514ca5dcd368cfdaf0b895589405"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/MultiSelect/MultiSelect.svelte"}, "region": {"startLine": 306}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5794, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bee6b93a1fbde2036a3562de04ea9bea51f407b3429040820dbea84e7e4ca65b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ComposedModal/ModalFooter.svelte", "duplicate_line": 19, "correlation_key": "fp|bee6b93a1fbde2036a3562de04ea9bea51f407b3429040820dbea84e7e4ca65b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Modal/Modal.svelte"}, "region": {"startLine": 243}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "860f1fc11531b77cc092f9cdb9942f50c6b78973b26cdfef83e77f3485bfff83", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|860f1fc11531b77cc092f9cdb9942f50c6b78973b26cdfef83e77f3485bfff83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/CircleDash.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9f5d60de50bac90abbd58b034286a0646814989b5d4c72b4658357e869f312e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|a9f5d60de50bac90abbd58b034286a0646814989b5d4c72b4658357e869f312e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/ChevronRight.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7fbb59b7b33b9f0088815f426c9b8c3b74b076174237439dad87fc37a3dc152b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|7fbb59b7b33b9f0088815f426c9b8c3b74b076174237439dad87fc37a3dc152b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/ChevronDown.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0054254e5c6041fa7821b434128de4b0558d89264d0db87f86b2c61e094b81ba", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|0054254e5c6041fa7821b434128de4b0558d89264d0db87f86b2c61e094b81ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/CheckmarkOutline.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b032f8b855af7c1aad1a9bc0f206708fd617d43642f4b3a709aefb3f588cb2c8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|b032f8b855af7c1aad1a9bc0f206708fd617d43642f4b3a709aefb3f588cb2c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/CheckmarkFilled.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9e223e4bcfc973223001f3fcd7db07c952c01285fcaaf7393fcf6fab6470130", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|a9e223e4bcfc973223001f3fcd7db07c952c01285fcaaf7393fcf6fab6470130"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/Checkmark.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ca1bf6456979958bf758b3ce3f9e8754612223e7d597e82dd75c67566fa04c91", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|ca1bf6456979958bf758b3ce3f9e8754612223e7d597e82dd75c67566fa04c91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/CaretRight.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa3455b7a9f3b598409835a487544b27cd5be6651aa9bed01b6291615238c486", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|fa3455b7a9f3b598409835a487544b27cd5be6651aa9bed01b6291615238c486"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/CaretLeft.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05bd195385d6730fc6e43a1500bf0ef294a376761b3b0e22940835d461d025ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|05bd195385d6730fc6e43a1500bf0ef294a376761b3b0e22940835d461d025ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/CaretDown.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50879, "scanner": "repobility-ai-code-hygiene", "fingerprint": "aca00fbcabc41c4995fbe20303b4236b81e32e8b6a453d5745fd5071b9b6172f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|aca00fbcabc41c4995fbe20303b4236b81e32e8b6a453d5745fd5071b9b6172f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/Calendar.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50878, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f48e1816423623e3de82f536acc875e621f52000ba25e6f4b6be1a6587795e44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|f48e1816423623e3de82f536acc875e621f52000ba25e6f4b6be1a6587795e44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/ArrowsVertical.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50877, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1429e8ff36c0dc574d5f2c3f100033c08767122a9a7a9043e00edbf8b5b9a75", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/icons/Add.svelte", "duplicate_line": 1, "correlation_key": "fp|f1429e8ff36c0dc574d5f2c3f100033c08767122a9a7a9043e00edbf8b5b9a75"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/icons/ArrowUp.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50876, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7922c8713ae3d7d53a2e5db61fda67252bf1160f10d392cda1d6c887fc4d948", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/TreeView/TreeViewNode.svelte", "duplicate_line": 94, "correlation_key": "fp|c7922c8713ae3d7d53a2e5db61fda67252bf1160f10d392cda1d6c887fc4d948"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/TreeView/TreeViewNodeList.svelte"}, "region": {"startLine": 91}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50875, "scanner": "repobility-ai-code-hygiene", "fingerprint": "84e76c4ffe97914d1c6df1e578f1864b6df4a7393b9631656694a6a4af1ef545", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/NumberInput/NumberInput.svelte", "duplicate_line": 248, "correlation_key": "fp|84e76c4ffe97914d1c6df1e578f1864b6df4a7393b9631656694a6a4af1ef545"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/TimePicker/TimePicker.svelte"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50874, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c49313a513deb2a53e00d085af20a984fbacc3f03519ed5915e1e6125ad81e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/NumberInput/NumberInputSkeleton.svelte", "duplicate_line": 1, "correlation_key": "fp|0c49313a513deb2a53e00d085af20a984fbacc3f03519ed5915e1e6125ad81e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/TextInput/TextInputSkeleton.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50873, "scanner": "repobility-ai-code-hygiene", "fingerprint": "47338c775b1ec942fc0919a915c42f1a7af93f36ab89d945538639a1f68ee77a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Slider/RangeSlider.svelte", "duplicate_line": 4, "correlation_key": "fp|47338c775b1ec942fc0919a915c42f1a7af93f36ab89d945538639a1f68ee77a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Slider/Slider.svelte"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50872, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41919f217596f6ffeb6f8f34ef92be04d33792055a77739e4331eaf643be72eb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/NumberInput/NumberInputSkeleton.svelte", "duplicate_line": 1, "correlation_key": "fp|41919f217596f6ffeb6f8f34ef92be04d33792055a77739e4331eaf643be72eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Slider/RangeSliderSkeleton.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50871, "scanner": "repobility-ai-code-hygiene", "fingerprint": "889a4fcd6b4160df2e34df5b4d2c5004768eda934d53b608385c0be6d5f9cbb3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/LocalStorage/LocalStorage.svelte", "duplicate_line": 35, "correlation_key": "fp|889a4fcd6b4160df2e34df5b4d2c5004768eda934d53b608385c0be6d5f9cbb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/SessionStorage/SessionStorage.svelte"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50870, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b3d05f52a2778cbccdd8836c05541c9b275fa274103d532220a44b18440b3c45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Checkbox/CheckboxGroup.svelte", "duplicate_line": 46, "correlation_key": "fp|b3d05f52a2778cbccdd8836c05541c9b275fa274103d532220a44b18440b3c45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/RadioButtonGroup/RadioButtonGroup.svelte"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50869, "scanner": "repobility-ai-code-hygiene", "fingerprint": "599accbc4c974f9573497746b941cc6b7593f23fc5618927152cb80d83351411", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Dropdown/Dropdown.svelte", "duplicate_line": 309, "correlation_key": "fp|599accbc4c974f9573497746b941cc6b7593f23fc5618927152cb80d83351411"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/MultiSelect/MultiSelect.svelte"}, "region": {"startLine": 376}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50868, "scanner": "repobility-ai-code-hygiene", "fingerprint": "61e6c4314499e1afe3be06a5228f386055601dc24268b1b94f58e785fc146c2c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ComboBox/ComboBox.svelte", "duplicate_line": 249, "correlation_key": "fp|61e6c4314499e1afe3be06a5228f386055601dc24268b1b94f58e785fc146c2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/MultiSelect/MultiSelect.svelte"}, "region": {"startLine": 315}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50867, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e5dca0bec55830d24c53bdf4b66b7b62e8c35fe84f8ca134e39c364a7c7e06e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ComposedModal/ModalFooter.svelte", "duplicate_line": 19, "correlation_key": "fp|e5dca0bec55830d24c53bdf4b66b7b62e8c35fe84f8ca134e39c364a7c7e06e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Modal/Modal.svelte"}, "region": {"startLine": 248}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50866, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82f66f279f9ab3cab9c95d2d98b4eebe2987ef0f778707ddf79ca2b7c0ee58f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ContextMenu/ContextMenu.svelte", "duplicate_line": 149, "correlation_key": "fp|82f66f279f9ab3cab9c95d2d98b4eebe2987ef0f778707ddf79ca2b7c0ee58f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ContextMenu/ContextMenuOption.svelte"}, "region": {"startLine": 231}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 5803, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5802, "scanner": "repobility-ai-code-hygiene", "fingerprint": "288b12172027acf2688c37d2919301aa46b0e4a0693f1fd2be6622dfde29c071", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/NumberInput/NumberInputSkeleton.svelte", "duplicate_line": 1, "correlation_key": "fp|288b12172027acf2688c37d2919301aa46b0e4a0693f1fd2be6622dfde29c071"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/TextArea/TextAreaSkeleton.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5801, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c43905ab3d65518d6bc1cddb622e33aaa8591b34de26b176003c6d0837dc1a9f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Tag/SelectableTag.svelte", "duplicate_line": 29, "correlation_key": "fp|c43905ab3d65518d6bc1cddb622e33aaa8591b34de26b176003c6d0837dc1a9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Tag/Tag.svelte"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5800, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bf7c335676222c86053425f14249e1ddac88aa0bc68b96d792d025422359106", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/NumberInput/NumberInputSkeleton.svelte", "duplicate_line": 1, "correlation_key": "fp|4bf7c335676222c86053425f14249e1ddac88aa0bc68b96d792d025422359106"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Slider/SliderSkeleton.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5798, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bf1f91ba19a3169005a982fb6a83aef32bd3a1b3154ce417304d3736c35c2141", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/NumberInput/NumberInputSkeleton.svelte", "duplicate_line": 1, "correlation_key": "fp|bf1f91ba19a3169005a982fb6a83aef32bd3a1b3154ce417304d3736c35c2141"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Select/SelectSkeleton.svelte"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5793, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4e76b0757fc0392753d4b3ac8e05c088a08fa0473dfce9e91301349ccc23bc1b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ComposedModal/ComposedModal.svelte", "duplicate_line": 98, "correlation_key": "fp|4e76b0757fc0392753d4b3ac8e05c088a08fa0473dfce9e91301349ccc23bc1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Modal/Modal.svelte"}, "region": {"startLine": 94}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5792, "scanner": "repobility-ai-code-hygiene", "fingerprint": "765b75ab2aebf5072d21cb55a00ea32fe21bf4722c19ef88fcceb31fc53220a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/Grid/Grid.svelte", "duplicate_line": 18, "correlation_key": "fp|765b75ab2aebf5072d21cb55a00ea32fe21bf4722c19ef88fcceb31fc53220a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Grid/Row.svelte"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5791, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9da3845e87eca31ae8eeb58dc7075832df67695370b924a61421014c9e219590", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/ComboBox/ComboBox.svelte", "duplicate_line": 249, "correlation_key": "fp|9da3845e87eca31ae8eeb58dc7075832df67695370b924a61421014c9e219590"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Dropdown/Dropdown.svelte"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 50893, "scanner": "repobility-threat-engine", "fingerprint": "c9356068f5187c286c97c77b5c99dfcb1035819e44959a42e5595c69d54ff44b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c9356068f5187c286c97c77b5c99dfcb1035819e44959a42e5595c69d54ff44b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release-changelog.ts"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 50892, "scanner": "repobility-threat-engine", "fingerprint": "0b5f094fcd9b83a847283c1235badc4efb6cc0e12e64a05e8d52e9eb1ceedcc7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b5f094fcd9b83a847283c1235badc4efb6cc0e12e64a05e8d52e9eb1ceedcc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/build-css.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 50891, "scanner": "repobility-threat-engine", "fingerprint": "f6c2c091802a5d79a8591507dea165d2e290e6b13b5c292dedc8ee1dc4d3adcc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6c2c091802a5d79a8591507dea165d2e290e6b13b5c292dedc8ee1dc4d3adcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/scripts/generate-sitemap.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 50890, "scanner": "repobility-threat-engine", "fingerprint": "62d2e9cc8926fbb61dac0e81e6f39228452f73c316d6977e50c42aaa94b10925", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62d2e9cc8926fbb61dac0e81e6f39228452f73c316d6977e50c42aaa94b10925"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/scripts/format-component-api.ts"}, "region": {"startLine": 91}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 50898, "scanner": "repobility-threat-engine", "fingerprint": "00c9aa5031ea565cb8bee18f6108d6fa7a77a9a52f2b813aa3928dd26e3d9368", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "group.members.delete(key);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|00c9aa5031ea565cb8bee18f6108d6fa7a77a9a52f2b813aa3928dd26e3d9368"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/RadioButton/RadioButtonRegistry.js"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 50897, "scanner": "repobility-threat-engine", "fingerprint": "b077dcbd75dedfdb0e11cf033b273bd82762c79b90c5b53332b95a42ed9cd23a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "stores.delete(openStore);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b077dcbd75dedfdb0e11cf033b273bd82762c79b90c5b53332b95a42ed9cd23a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/Modal/modalStore.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 50896, "scanner": "repobility-threat-engine", "fingerprint": "176491232deea05753ebe8742749336314d6b07737eb0a3751919e8c933dcef6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pathCache.delete(firstKey);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|176491232deea05753ebe8742749336314d6b07737eb0a3751919e8c933dcef6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/DataTable/data-table-utils.js"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 50895, "scanner": "repobility-threat-engine", "fingerprint": "e1907cc222b25c47e977c78b7fe6d5f48ad11ad4bf5d92c32206872a10c6ccaf", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((id) => `[#${id}](${issuesBase}/${id}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1907cc222b25c47e977c78b7fe6d5f48ad11ad4bf5d92c32206872a10c6ccaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release-changelog.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 50894, "scanner": "repobility-threat-engine", "fingerprint": "61d432ad6ffb3266d3cf5509c5632f50e5f924a1541a8ff859691d636b36ad88", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|61d432ad6ffb3266d3cf5509c5632f50e5f924a1541a8ff859691d636b36ad88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release-changelog.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED126", "level": "error", "message": {"text": "Workflow container/services image `mcr.microsoft.com/playwright:v1.59.0-noble` unpinned"}, "properties": {"repobilityId": 50889, "scanner": "repobility-supply-chain", "fingerprint": "76fed6f839d6b30a2b5bf7934522c46cb90e6bb7052a3af352fd024c20f089b6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-container-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|76fed6f839d6b30a2b5bf7934522c46cb90e6bb7052a3af352fd024c20f089b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/checks.yml"}, "region": {"startLine": 115}}}]}]}]}