{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Store the interval id and return a useEffect cleanup that calls clearInterval. Also clear the interval in explicit stop/end handlers when relevant."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public re", "shortDescription": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 23 more): Same pattern found in 23 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 1 more): Same pattern found in 1 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 41 more): Same pattern found in 41 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 41 more): Same pattern found in 41 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors.", "shortDescription": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED117", "name": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workfl", "shortDescription": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter "}, "fullDescription": {"text": "Replace with a scoped block: `permissions:\\n  contents: read\\n  issues: write` (only the scopes you need)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run t", "shortDescription": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) in"}, "fullDescription": {"text": "Replace with: `uses: actions/checkout@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `tauri-plugin-mihomo-api` pulled from URL/Git: `dependencies.tauri-plugin-mihomo-api` = `git", "shortDescription": {"text": "[MINED122] package.json dep `tauri-plugin-mihomo-api` pulled from URL/Git: `dependencies.tauri-plugin-mihomo-api` = `github:clash-verge-rev/tauri-plugin-mihomo` bypasses the npm registry. No integrity hash, no version locking, no registry-s"}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/739"}, "properties": {"repository": "clash-verge-rev/clash-verge-rev", "repoUrl": "https://github.com/clash-verge-rev/clash-verge-rev", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 60454, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 60453, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 60448, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 60447, "scanner": "repobility-agent-runtime", "fingerprint": "cf60a050bfa86ee40d86ce97194e16d72584152b5188157f78505da10066c367", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|cf60a050bfa86ee40d86ce97194e16d72584152b5188157f78505da10066c367"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/mods/auto-backup-settings.tsx"}, "region": {"startLine": 55}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 60446, "scanner": "repobility-agent-runtime", "fingerprint": "61d2e2a65acd7041e9846c4103aa60853c1959577431b418a492e9090cbc79bb", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|61d2e2a65acd7041e9846c4103aa60853c1959577431b418a492e9090cbc79bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/proxy/use-head-state.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 60417, "scanner": "repobility-threat-engine", "fingerprint": "ae311593ca05d6802a5df4164a45a1c7b3c15e00bc66dec2ab9a5cf9df6d2e00", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "exec(input", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|211|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/uri-parser/helpers.ts"}, "region": {"startLine": 211}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 60410, "scanner": "repobility-threat-engine", "fingerprint": "41bc6000cdd96b7a3d8cf65491064465cef7518ec0da58016aad6eae36b6f23d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|41bc6000cdd96b7a3d8cf65491064465cef7518ec0da58016aad6eae36b6f23d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-system-proxy-state.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 60409, "scanner": "repobility-threat-engine", "fingerprint": "6ebc5505c2172affb6252a3b8ae20c695fd700bbca55f070c30ca476c5aae45d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (ignore) {\n    }", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6ebc5505c2172affb6252a3b8ae20c695fd700bbca55f070c30ca476c5aae45d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-service-uninstaller.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 60408, "scanner": "repobility-threat-engine", "fingerprint": "d31fc115fafdf07e018fd6ae9e2d975d42efe7ca5517c1ea4cb21def1c5f74f4", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d31fc115fafdf07e018fd6ae9e2d975d42efe7ca5517c1ea4cb21def1c5f74f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/setting-clash.tsx"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 60387, "scanner": "repobility-threat-engine", "fingerprint": "754c387efa6137a507542eb5479235f3351dfecab255d5ec97e8308aea7d2549", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|8|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/uri-parser/helpers.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 60386, "scanner": "repobility-threat-engine", "fingerprint": "9468c92f29f7d68dd482ba9cd077d1f1f36b98c79450447b77b0e6ed31a5eb48", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|131|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/proxy/use-filter-sort.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 60385, "scanner": "repobility-threat-engine", "fingerprint": "c860e6d8106c098c8fc73e67f3bea07b26be50ddcace75fd56eb3fef82df9b06", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|76|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/log/log-item.tsx"}, "region": {"startLine": 76}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 60455, "scanner": "repobility-web-presence", "fingerprint": "4043225faa3d194ec7d83eb6b506a77044cc47247819125860baa12b890ba86d", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|4043225faa3d194ec7d83eb6b506a77044cc47247819125860baa12b890ba86d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 60452, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 60451, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 60450, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 60449, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60445, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f3106ad856d2aa101fa7cbbfd6246d602855f0929d5fe148b7eb166d9f2d3afb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/utils/uri-parser/http.ts", "duplicate_line": 34, "correlation_key": "fp|f3106ad856d2aa101fa7cbbfd6246d602855f0929d5fe148b7eb166d9f2d3afb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/uri-parser/socks.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60444, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b49145114646a28b7d753e501f80c61f35f934472b7446629650252c191cb88", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/home/test-card.tsx", "duplicate_line": 38, "correlation_key": "fp|0b49145114646a28b7d753e501f80c61f35f934472b7446629650252c191cb88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pages/test.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60443, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb67e3d3b3cf4196fbdc8aa8cc265e2a8c7b8e9bffb2a3e1d76c6c1e42b835d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|bb67e3d3b3cf4196fbdc8aa8cc265e2a8c7b8e9bffb2a3e1d76c6c1e42b835d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/zhtw/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60442, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d1d63e2ee693b969feb26e6f95f2d40f06452c874dac80289e65418431550fc8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|d1d63e2ee693b969feb26e6f95f2d40f06452c874dac80289e65418431550fc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/zh/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60441, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8f643b45d1ab742bf1585a373157de5c4568b49fd964f3c2944ec3f8ee909869", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|8f643b45d1ab742bf1585a373157de5c4568b49fd964f3c2944ec3f8ee909869"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/tt/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60440, "scanner": "repobility-ai-code-hygiene", "fingerprint": "11d416038d5bad29ebdfdb5d73c34ad330a826b1bb30394c7c958d473bbe86b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|11d416038d5bad29ebdfdb5d73c34ad330a826b1bb30394c7c958d473bbe86b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/tr/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60439, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f5e62349f96caed34748d69733cd43005f44e32bc61e14f30fad115bc3b4275d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|f5e62349f96caed34748d69733cd43005f44e32bc61e14f30fad115bc3b4275d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/ru/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60438, "scanner": "repobility-ai-code-hygiene", "fingerprint": "409c5098b0abb44e4bda1aaf196e4ac8569b24c8d24586b49200886829acfeb1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|409c5098b0abb44e4bda1aaf196e4ac8569b24c8d24586b49200886829acfeb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/ko/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60437, "scanner": "repobility-ai-code-hygiene", "fingerprint": "28666c18e62fcc731ec65e7f55d6d0ace6b0bd8df4ec9eda18c0d1ea8c962fcd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|28666c18e62fcc731ec65e7f55d6d0ace6b0bd8df4ec9eda18c0d1ea8c962fcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/jp/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60436, "scanner": "repobility-ai-code-hygiene", "fingerprint": "300aa3556499938597e703c39039821d8b780c6aeb0d456cc4b897b20069dd5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|300aa3556499938597e703c39039821d8b780c6aeb0d456cc4b897b20069dd5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/id/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60435, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd2fb1420acdd6b4708f4089a242389dd83e857e0e6ed11c198af5aa4454e346", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|bd2fb1420acdd6b4708f4089a242389dd83e857e0e6ed11c198af5aa4454e346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/fa/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60434, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b80d47d7ed9a166b6eb3467dbe46ee088259669e7c5caf213ae4c84085a4331a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|b80d47d7ed9a166b6eb3467dbe46ee088259669e7c5caf213ae4c84085a4331a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/es/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60433, "scanner": "repobility-ai-code-hygiene", "fingerprint": "207193e4a25b986a852adaf50976129e388b424092e2b02c303140ccd3ec182f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|207193e4a25b986a852adaf50976129e388b424092e2b02c303140ccd3ec182f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/en/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60432, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b0c50f2da72523daa479d3e99a3909c87eb47a2a08a6350ad12edb61b21ac6d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/locales/ar/index.ts", "duplicate_line": 6, "correlation_key": "fp|4b0c50f2da72523daa479d3e99a3909c87eb47a2a08a6350ad12edb61b21ac6d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/locales/de/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60431, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a2cb4d74a90888c93222bd7b99731dc4586478b5d357e7149513505a076c8c60", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/hooks/use-service-installer.ts", "duplicate_line": 3, "correlation_key": "fp|a2cb4d74a90888c93222bd7b99731dc4586478b5d357e7149513505a076c8c60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-service-uninstaller.ts"}, "region": {"startLine": 3}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60430, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcff39fdb0cef61dfdef6478d1de1e8534002196459030e05b1f5ba32bde18d5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/setting/mods/lite-mode-viewer.tsx", "duplicate_line": 113, "correlation_key": "fp|fcff39fdb0cef61dfdef6478d1de1e8534002196459030e05b1f5ba32bde18d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/mods/misc-viewer.tsx"}, "region": {"startLine": 342}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60429, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c8feb9168e2f8913560b269cf8787a83183cf2ec9b41d2bd45d05537889a4ee7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/proxy/provider-button.tsx", "duplicate_line": 75, "correlation_key": "fp|c8feb9168e2f8913560b269cf8787a83183cf2ec9b41d2bd45d05537889a4ee7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/rule/provider-button.tsx"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60428, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d3cdb807855a8c20ebc17118588ea6fe2fdaa302385c87dda2e654aa08752ffa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/profile/rule-item.tsx", "duplicate_line": 112, "correlation_key": "fp|d3cdb807855a8c20ebc17118588ea6fe2fdaa302385c87dda2e654aa08752ffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/proxy/proxy-render.tsx"}, "region": {"startLine": 221}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60427, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fd6bb1eebd1afa6b2756b693e25dffa55acc708a2a883c072e436a4378e4ff1d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/proxy/proxy-item-mini.tsx", "duplicate_line": 146, "correlation_key": "fp|fd6bb1eebd1afa6b2756b693e25dffa55acc708a2a883c072e436a4378e4ff1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/proxy/proxy-item.tsx"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a1abd1fe69382eea51ef6e03d90af29c4274ec0e7a6107aa2f120c5eeee67fb1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/profile/proxies-editor-viewer.tsx", "duplicate_line": 1, "correlation_key": "fp|a1abd1fe69382eea51ef6e03d90af29c4274ec0e7a6107aa2f120c5eeee67fb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/rules-editor-viewer.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60425, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1044850c8b65384ac0e9588bdb0b95a543af43b612083ba24ef03b18980447e0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/profile/group-item.tsx", "duplicate_line": 39, "correlation_key": "fp|1044850c8b65384ac0e9588bdb0b95a543af43b612083ba24ef03b18980447e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/rule-item.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60424, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5327581a5abc2c7e37e83a372540d861715041029cd6d3fc55b69c7427399d52", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/profile/proxy-item.tsx", "duplicate_line": 1, "correlation_key": "fp|5327581a5abc2c7e37e83a372540d861715041029cd6d3fc55b69c7427399d52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/rule-item.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60423, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c73c3d8ee383e111dec1e9d1d42f6327f0d7292f523d5a7f6155778e4f61235", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/components/profile/group-item.tsx", "duplicate_line": 39, "correlation_key": "fp|5c73c3d8ee383e111dec1e9d1d42f6327f0d7292f523d5a7f6155778e4f61235"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/proxy-item.tsx"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "792d556cb643ae1daa24dc0a70a865f9dd607f2a43db6cc9bb2ab78bbb851003", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src-tauri/src/feat/clash.rs", "duplicate_line": 37, "correlation_key": "fp|792d556cb643ae1daa24dc0a70a865f9dd607f2a43db6cc9bb2ab78bbb851003"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/feat/window.rs"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 60421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d709fa53c8ad1853d91529505b33665e22108cfcb82100f67cb62117db15972", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/clash-verge-signal/src/unix.rs", "duplicate_line": 48, "correlation_key": "fp|6d709fa53c8ad1853d91529505b33665e22108cfcb82100f67cb62117db15972"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/clash-verge-signal/src/windows.rs"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 60420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d95191a0dd2a0f011cc7f10f2c6178299743db0d8a79554daa1af7ac6b4090b4", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d95191a0dd2a0f011cc7f10f2c6178299743db0d8a79554daa1af7ac6b4090b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-update.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 60419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "24e01efb2527f09e7cd955aea03515f90676fcc490b33ab890fac32ef8dee68d", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "backup", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|24e01efb2527f09e7cd955aea03515f90676fcc490b33ab890fac32ef8dee68d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/module/auto_backup.rs"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 60416, "scanner": "repobility-threat-engine", "fingerprint": "3a4ff8733d9b595013496fede4d9c32c43d6329e0b054d70da3b08d292916673", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = e", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|309|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pages/_layout/hooks/use-custom-theme.ts"}, "region": {"startLine": 309}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 60415, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 60411, "scanner": "repobility-threat-engine", "fingerprint": "e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921"}}}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 60407, "scanner": "repobility-threat-engine", "fingerprint": "d5823bb57aa64de2a801e12538af10a963032c1310cd9c40770ff41c9a0f7099", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d5823bb57aa64de2a801e12538af10a963032c1310cd9c40770ff41c9a0f7099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/mods/external-controller-cors.tsx"}, "region": {"startLine": 87}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 60406, "scanner": "repobility-threat-engine", "fingerprint": "9538f1e64abc06611cb760d4cf74131bb8d1179208b0f6494ae6336a088ba74b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9538f1e64abc06611cb760d4cf74131bb8d1179208b0f6494ae6336a088ba74b", "aggregated_count": 2}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 60405, "scanner": "repobility-threat-engine", "fingerprint": "76f4851860c0a1fd93df950c3b41b9dd13fc30f635e5fba887015aa6d80657db", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|76f4851860c0a1fd93df950c3b41b9dd13fc30f635e5fba887015aa6d80657db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/setting-clash.tsx"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 60404, "scanner": "repobility-threat-engine", "fingerprint": "e0f83fa4b45341adc542c7e6024ca927e0e407723d5b8ea8809437cfd6104daa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e0f83fa4b45341adc542c7e6024ca927e0e407723d5b8ea8809437cfd6104daa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/mods/guard-state.tsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 60403, "scanner": "repobility-threat-engine", "fingerprint": "0108036bef7ab2d386dfa87b33ed61e1cf9db770c01537dd1d60e7672f40401e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0108036bef7ab2d386dfa87b33ed61e1cf9db770c01537dd1d60e7672f40401e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/profile-viewer.tsx"}, "region": {"startLine": 70}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 60402, "scanner": "repobility-threat-engine", "fingerprint": "7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "aggregated_count": 3}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 60401, "scanner": "repobility-threat-engine", "fingerprint": "280f25cd209b473faf860717c9769994ffdf3a0309aa3d2b14578b02abebddae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|280f25cd209b473faf860717c9769994ffdf3a0309aa3d2b14578b02abebddae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/mods/update-viewer.tsx"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 60400, "scanner": "repobility-threat-engine", "fingerprint": "d064b0fd9ae774647e077002d78a6a98fadb9d64ea75dbf0bb1feb9ee1e47cf0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d064b0fd9ae774647e077002d78a6a98fadb9d64ea75dbf0bb1feb9ee1e47cf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/setting/mods/setting-comp.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 60399, "scanner": "repobility-threat-engine", "fingerprint": "0ac53234e8d77bfe4cbe0c3b86294bc94f884a61f9de108c09aeb8d496c74622", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ac53234e8d77bfe4cbe0c3b86294bc94f884a61f9de108c09aeb8d496c74622"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/profile-more.tsx"}, "region": {"startLine": 89}}}]}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 60398, "scanner": "repobility-threat-engine", "fingerprint": "606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 60392, "scanner": "repobility-threat-engine", "fingerprint": "fc5439134b90b1660bbba9620be873a5242a183186b17f5659a193d4c34558c2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fc5439134b90b1660bbba9620be873a5242a183186b17f5659a193d4c34558c2", "aggregated_count": 23}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 60391, "scanner": "repobility-threat-engine", "fingerprint": "c89a9125dcf63581a93003e5d65a9408d3a37c9cc422d8c8d45e6546162a1519", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c89a9125dcf63581a93003e5d65a9408d3a37c9cc422d8c8d45e6546162a1519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/profile-more.tsx"}, "region": {"startLine": 177}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 60390, "scanner": "repobility-threat-engine", "fingerprint": "cc27cdc5d3ee2116a5a0d65cc7d7065e4acf45604cfc2bd54b07b692edb79092", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cc27cdc5d3ee2116a5a0d65cc7d7065e4acf45604cfc2bd54b07b692edb79092"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/profile/file-input.tsx"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 60389, "scanner": "repobility-threat-engine", "fingerprint": "f7b21f9660807b9ce275f9a2c262d6448bb0079ec4d14f05e08a867a1b259158", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7b21f9660807b9ce275f9a2c262d6448bb0079ec4d14f05e08a867a1b259158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/home/home-profile-card.tsx"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 60388, "scanner": "repobility-threat-engine", "fingerprint": "2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2f2c41301c1dbf5a378e7fb88f09e64c16178cf76632d7c8f5254e7775e098f0"}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 60384, "scanner": "repobility-threat-engine", "fingerprint": "e7cd40d7b324241c80937e7a6f550054df46cdde533de8ce7a56977f55a98866", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e7cd40d7b324241c80937e7a6f550054df46cdde533de8ce7a56977f55a98866", "aggregated_count": 6}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 60383, "scanner": "repobility-threat-engine", "fingerprint": "c41b4ac0be905dbf4874893ccc050174152af4dfefc10ce2bfae261fec8f5cb1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c41b4ac0be905dbf4874893ccc050174152af4dfefc10ce2bfae261fec8f5cb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/feat/proxy.rs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 60382, "scanner": "repobility-threat-engine", "fingerprint": "addf09beddf22f870b1d9baacffb988f9da1a392f9abdb18253e32f2589abeb7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|addf09beddf22f870b1d9baacffb988f9da1a392f9abdb18253e32f2589abeb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/feat/icon.rs"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 60381, "scanner": "repobility-threat-engine", "fingerprint": "a1547ad65dfad36866a770249f118b3ea17265e0a6ad309680572b78b3ca89f7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a1547ad65dfad36866a770249f118b3ea17265e0a6ad309680572b78b3ca89f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/core/sysopt.rs"}, "region": {"startLine": 158}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 60380, "scanner": "repobility-threat-engine", "fingerprint": "7fb1e7c7fc33ac4ca04c001d812ab93a4d99c0b56ebb4384bf34b02c532689c1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7fb1e7c7fc33ac4ca04c001d812ab93a4d99c0b56ebb4384bf34b02c532689c1", "aggregated_count": 2}}}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 60379, "scanner": "repobility-threat-engine", "fingerprint": "ebf93175b1bd7c263c45385a5c39494a368a45978bb616fe071f63a722be2ef0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ebf93175b1bd7c263c45385a5c39494a368a45978bb616fe071f63a722be2ef0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/utils/server.rs"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 60378, "scanner": "repobility-threat-engine", "fingerprint": "8b2a9874719fd19ed670f972c2b82cb2e6032f49cb0fd6fb298f53abb2fcbdf7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8b2a9874719fd19ed670f972c2b82cb2e6032f49cb0fd6fb298f53abb2fcbdf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/feat/clash.rs"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 60377, "scanner": "repobility-threat-engine", "fingerprint": "aef7e50a83abe54cfb00b46a96c611f27d197dd212afa15fbb0bbf02e0c9dbe3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aef7e50a83abe54cfb00b46a96c611f27d197dd212afa15fbb0bbf02e0c9dbe3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/core/handle.rs"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 60376, "scanner": "repobility-threat-engine", "fingerprint": "a0769f34321ccb4a2408866410ff258332c2e3d0c176eda236c0efe5490d0026", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a0769f34321ccb4a2408866410ff258332c2e3d0c176eda236c0efe5490d0026"}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 60372, "scanner": "repobility-threat-engine", "fingerprint": "c066fdac20648ab02e6c78e05ac6d7be6049c4550b793a58bcd25dd5d0594df0", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c066fdac20648ab02e6c78e05ac6d7be6049c4550b793a58bcd25dd5d0594df0"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 41 more): Same pattern found in 41 additional files. Review if needed."}, "properties": {"repobilityId": 60368, "scanner": "repobility-threat-engine", "fingerprint": "8bc4370c715b908cdf9cb41d44d1c2e47f2f2c149c1b909cc0e9c5aa2ac6f97d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 41 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8bc4370c715b908cdf9cb41d44d1c2e47f2f2c149c1b909cc0e9c5aa2ac6f97d", "aggregated_count": 41}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 60367, "scanner": "repobility-threat-engine", "fingerprint": "4fd60465080139977dba899c8869c726e6d708879e2b3ea5018f7bc73704cf67", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4fd60465080139977dba899c8869c726e6d708879e2b3ea5018f7bc73704cf67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/portable.mjs"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 60366, "scanner": "repobility-threat-engine", "fingerprint": "674b953f364cab09a9ebd976d6123839fb74129365c7b40ff02cde0b565704c5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|674b953f364cab09a9ebd976d6123839fb74129365c7b40ff02cde0b565704c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/portable-fixed-webview2.mjs"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 60365, "scanner": "repobility-threat-engine", "fingerprint": "3e5ab68065b6f71f8e74793cc8aa97c0587e479d90ba693ec6ef4d1c0e441708", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e5ab68065b6f71f8e74793cc8aa97c0587e479d90ba693ec6ef4d1c0e441708"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/generate-i18n-keys.mjs"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 60364, "scanner": "repobility-threat-engine", "fingerprint": "bc986204eeab04bb9a576ad4eada449d2d170a509f097b80e44c6d38c8663f93", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bc986204eeab04bb9a576ad4eada449d2d170a509f097b80e44c6d38c8663f93", "aggregated_count": 3}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 60363, "scanner": "repobility-threat-engine", "fingerprint": "03cd760ca0c509c0d787ee97a38644f12e944ec99197b35307b5b5aadd10fc7a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|03cd760ca0c509c0d787ee97a38644f12e944ec99197b35307b5b5aadd10fc7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/enhance/script.rs"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 60362, "scanner": "repobility-threat-engine", "fingerprint": "d211e982e9f726fcee4131eb3b4d86e19e9460c30fcfa0f11737757785a00d73", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d211e982e9f726fcee4131eb3b4d86e19e9460c30fcfa0f11737757785a00d73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/core/manager/state.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 60361, "scanner": "repobility-threat-engine", "fingerprint": "148355808ab925647f2fa6cca9ab949d8f830f908dd0cc88ab0e53156d7e23de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|148355808ab925647f2fa6cca9ab949d8f830f908dd0cc88ab0e53156d7e23de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/tauri-plugin-clash-verge-sysinfo/src/lib.rs"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 60357, "scanner": "repobility-threat-engine", "fingerprint": "aee70d4aa590604ea33d79bb9b0c364031e177fc07a942995e7f228d1d1bf2ea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aee70d4aa590604ea33d79bb9b0c364031e177fc07a942995e7f228d1d1bf2ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/clash-verge-draft/bench/benche_me.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 60486, "scanner": "repobility-supply-chain", "fingerprint": "30c9aa3221c0941336a11ac5a3d0bb9976f0caca735474b80e0315262182525c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|30c9aa3221c0941336a11ac5a3d0bb9976f0caca735474b80e0315262182525c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/updater.yml"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 60485, "scanner": "repobility-supply-chain", "fingerprint": "e90c2b196d460bc24bdb9403c5d2881b3a010559feba14b237ceb0dbf0184f15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e90c2b196d460bc24bdb9403c5d2881b3a010559feba14b237ceb0dbf0184f15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 60484, "scanner": "repobility-supply-chain", "fingerprint": "faf43a34ea887cd592dd2da4cc087cb49f45c5ef3265a6dad0560e533ee3dd85", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|faf43a34ea887cd592dd2da4cc087cb49f45c5ef3265a6dad0560e533ee3dd85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/clean-old-assets.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 60483, "scanner": "repobility-supply-chain", "fingerprint": "a42f5fbb73e511fa43441dfd5e60d2a21d3f1775bbc118c126740eddd4697f52", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a42f5fbb73e511fa43441dfd5e60d2a21d3f1775bbc118c126740eddd4697f52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autobuild.yml"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60482, "scanner": "repobility-supply-chain", "fingerprint": "2eef01fc78496737920e5ac4d365304764873e7a38af69bb410e23ffb7f103b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2eef01fc78496737920e5ac4d365304764873e7a38af69bb410e23ffb7f103b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/telegram-notify.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60481, "scanner": "repobility-supply-chain", "fingerprint": "dca8f8420c5abf3a8e96444a641089092082bfdd66009ac97aee0c42d465c340", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dca8f8420c5abf3a8e96444a641089092082bfdd66009ac97aee0c42d465c340"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/frontend-check.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60480, "scanner": "repobility-supply-chain", "fingerprint": "59170b24bb6d839a36581ebd81197dbabbacabdeea967efccb35f45dcece9939", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|59170b24bb6d839a36581ebd81197dbabbacabdeea967efccb35f45dcece9939"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/frontend-check.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v6`: `uses: pnpm/action-setup@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60479, "scanner": "repobility-supply-chain", "fingerprint": "348cd312fb74e64950b7444ca31e1d062de04e3f548762fdd63609d1a1f09ee6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|348cd312fb74e64950b7444ca31e1d062de04e3f548762fdd63609d1a1f09ee6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/frontend-check.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dorny/paths-filter` pinned to mutable ref `@v4`: `uses: dorny/paths-filter@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60478, "scanner": "repobility-supply-chain", "fingerprint": "3cde098c3d1ba89bd1243011f6dd184072638fc7975a36797385fec9e170ba72", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3cde098c3d1ba89bd1243011f6dd184072638fc7975a36797385fec9e170ba72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/frontend-check.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60477, "scanner": "repobility-supply-chain", "fingerprint": "65fe39a2bc249b078e2c1a9d67b1f777aba249385c2e182810110d24f47e6438", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65fe39a2bc249b078e2c1a9d67b1f777aba249385c2e182810110d24f47e6438"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/frontend-check.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED117", "level": "error", "message": {"text": "[MINED117] Workflow declares `permissions: write-all`: The job's GITHUB_TOKEN gets EVERY permission scope. If the workflow is ever compromised (mutable action, fork PR, injected step), the attacker can push to main, publish packages, alter releases. Use least-privilege by listing only the scopes the job actually needs."}, "properties": {"repobilityId": 60476, "scanner": "repobility-supply-chain", "fingerprint": "06b0927df08f565aeb5eaec5cebfffb4a38136d87a39747a951af54f38fa045f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-write-all-permissions", "owasp": "A01:2021", "cwe_ids": ["CWE-269"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|06b0927df08f565aeb5eaec5cebfffb4a38136d87a39747a951af54f38fa045f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60475, "scanner": "repobility-supply-chain", "fingerprint": "ad825693dae7e30a408aeef70f9caebdcdcfe9f533f405f43aeda66a8bbfda76", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad825693dae7e30a408aeef70f9caebdcdcfe9f533f405f43aeda66a8bbfda76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 172}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60474, "scanner": "repobility-supply-chain", "fingerprint": "2c5de272b750b3df2ebd4703cc7d153bbdcf54159c07c936c1b5f7eb79ece9dd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2c5de272b750b3df2ebd4703cc7d153bbdcf54159c07c936c1b5f7eb79ece9dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60473, "scanner": "repobility-supply-chain", "fingerprint": "b554b8294ec82fb7c7e35e7781448398cf2b5aba638e26b1ca88f91cb7fc1762", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b554b8294ec82fb7c7e35e7781448398cf2b5aba638e26b1ca88f91cb7fc1762"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 156}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `tauri-apps/tauri-action` pinned to mutable ref `@v0`: `uses: tauri-apps/tauri-action@v0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60472, "scanner": "repobility-supply-chain", "fingerprint": "de10f6cbb6e1eb411ca71ea6cd807cee5eda49eae4bde60430429e37ef14f84d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|de10f6cbb6e1eb411ca71ea6cd807cee5eda49eae4bde60430429e37ef14f84d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60471, "scanner": "repobility-supply-chain", "fingerprint": "88bdff76b9f3940bc53f6c626e2a7716e712ca7321855ab872f543ce582ea30b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|88bdff76b9f3940bc53f6c626e2a7716e712ca7321855ab872f543ce582ea30b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60470, "scanner": "repobility-supply-chain", "fingerprint": "191daaefb0128f5c25d81886bdc58e3790e9b2b6341736f423ebed870a4722be", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|191daaefb0128f5c25d81886bdc58e3790e9b2b6341736f423ebed870a4722be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v6`: `uses: pnpm/action-setup@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60469, "scanner": "repobility-supply-chain", "fingerprint": "5785afca7ae8742bcbcb5397f4142eec3c0c2f63a04b6c9c9017056f859f1e04", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5785afca7ae8742bcbcb5397f4142eec3c0c2f63a04b6c9c9017056f859f1e04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60468, "scanner": "repobility-supply-chain", "fingerprint": "15b0f0ec3d73cf3e066012de02847983071920348e866c342f926cb0a4e27f77", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|15b0f0ec3d73cf3e066012de02847983071920348e866c342f926cb0a4e27f77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@1.91.0`: `uses: dtolnay/rust-toolchain@1.91.0` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60467, "scanner": "repobility-supply-chain", "fingerprint": "b647d2eb61c4f0fb8e55b1b755608de07bf8c96d32acd18b47b6884208fadde0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b647d2eb61c4f0fb8e55b1b755608de07bf8c96d32acd18b47b6884208fadde0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 77}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60466, "scanner": "repobility-supply-chain", "fingerprint": "d16f7ea02ba8eb064d4118d420d6e472b03d783f1e84cb13eb43bf1c54217740", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d16f7ea02ba8eb064d4118d420d6e472b03d783f1e84cb13eb43bf1c54217740"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dev.yml"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60465, "scanner": "repobility-supply-chain", "fingerprint": "f85460d3b50d563ebc141ca4990e620f291c2d17f65952741f0db68b50d46676", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f85460d3b50d563ebc141ca4990e620f291c2d17f65952741f0db68b50d46676"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/autobuild-check-test.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Swatinem/rust-cache` pinned to mutable ref `@v2`: `uses: Swatinem/rust-cache@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60464, "scanner": "repobility-supply-chain", "fingerprint": "fd01c2a60d7ae3c47be27527714df1eb787d5896e83dfff03a4ecaabb9070db5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fd01c2a60d7ae3c47be27527714df1eb787d5896e83dfff03a4ecaabb9070db5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cross_check.yaml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v6`: `uses: pnpm/action-setup@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60463, "scanner": "repobility-supply-chain", "fingerprint": "e650f9795540b43de1b625a1370cdd555fd6c04695b5eb9e3037d25262a07b5e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e650f9795540b43de1b625a1370cdd555fd6c04695b5eb9e3037d25262a07b5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cross_check.yaml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60462, "scanner": "repobility-supply-chain", "fingerprint": "cfb7e1061b32edc13b8bb9f76fcf08609c8b27dd67084695d9221e256f579377", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cfb7e1061b32edc13b8bb9f76fcf08609c8b27dd67084695d9221e256f579377"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cross_check.yaml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@stable`: `uses: dtolnay/rust-toolchain@stable` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60461, "scanner": "repobility-supply-chain", "fingerprint": "b106398a17204ce2e94af25cb2ad82715fdbbdfa10d1b57f3b814c00fd91756c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b106398a17204ce2e94af25cb2ad82715fdbbdfa10d1b57f3b814c00fd91756c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cross_check.yaml"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60460, "scanner": "repobility-supply-chain", "fingerprint": "931beaa42a51cfc2c1aa88d342278ddcb1e64b6bf8b84c293301070e0d32bbcd", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|931beaa42a51cfc2c1aa88d342278ddcb1e64b6bf8b84c293301070e0d32bbcd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cross_check.yaml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `rustsec/audit-check` pinned to mutable ref `@v2`: `uses: rustsec/audit-check@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60459, "scanner": "repobility-supply-chain", "fingerprint": "0212bcf773509f040884a8a8e6d41e52fecb6207a48721d71b29f41fa4baffe0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0212bcf773509f040884a8a8e6d41e52fecb6207a48721d71b29f41fa4baffe0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-audit.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `dtolnay/rust-toolchain` pinned to mutable ref `@master`: `uses: dtolnay/rust-toolchain@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60458, "scanner": "repobility-supply-chain", "fingerprint": "abe5010595d251f3913c0f4049cfa782a82f7797eac6ebf45c5e295f012acb60", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|abe5010595d251f3913c0f4049cfa782a82f7797eac6ebf45c5e295f012acb60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-audit.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 60457, "scanner": "repobility-supply-chain", "fingerprint": "c01826cb3598fb89fa907dbc2a05c614ab51edb071fd3578e3a5babe300b9f7f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c01826cb3598fb89fa907dbc2a05c614ab51edb071fd3578e3a5babe300b9f7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/cargo-audit.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `tauri-plugin-mihomo-api` pulled from URL/Git: `dependencies.tauri-plugin-mihomo-api` = `github:clash-verge-rev/tauri-plugin-mihomo` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 60456, "scanner": "repobility-supply-chain", "fingerprint": "a5c6129a85e81ff15946fae70f7a291b4cd2839b00463dd85e534cdf11164ad2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a5c6129a85e81ff15946fae70f7a291b4cd2839b00463dd85e534cdf11164ad2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 60418, "scanner": "repobility-threat-engine", "fingerprint": "e8f4319b7044794871a5cd216dc4d9ff6d83558f1e85df7e3663d9f71148be52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e8f4319b7044794871a5cd216dc4d9ff6d83558f1e85df7e3663d9f71148be52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/uri-parser/helpers.ts"}, "region": {"startLine": 314}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 60414, "scanner": "repobility-threat-engine", "fingerprint": "f90d750f3ab7ea08bae67887f6ca1241f587c204070948cb6e4607493543c400", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Promise.all(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f90d750f3ab7ea08bae67887f6ca1241f587c204070948cb6e4607493543c400"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-system-proxy-state.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 60413, "scanner": "repobility-threat-engine", "fingerprint": "814857761d62b4e2a8629f5c7f36b1b1911f3457f51fa8460b913126d2792293", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "entry.refHolders.delete(wsRef)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|814857761d62b4e2a8629f5c7f36b1b1911f3457f51fa8460b913126d2792293"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-mihomo-ws-subscription.ts"}, "region": {"startLine": 325}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 60412, "scanner": "repobility-threat-engine", "fingerprint": "53554414f9fb00ce1b2c87a8e68d1d3eebc4e349a429f5022db3de60ee724c5c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "nextById.delete(prev.id)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|53554414f9fb00ce1b2c87a8e68d1d3eebc4e349a429f5022db3de60ee724c5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/hooks/use-connection-data.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 60397, "scanner": "repobility-threat-engine", "fingerprint": "aba2355010b8c606f5596eda19c28bc02621740855ae096f32ee2d3e6831deba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(trimmed", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aba2355010b8c606f5596eda19c28bc02621740855ae096f32ee2d3e6831deba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/uri-parser/helpers.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 60396, "scanner": "repobility-threat-engine", "fingerprint": "ef1c21f026026e072f511b062e3f6ca4cc27ff453322159c673f65f0d9156d76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(query", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ef1c21f026026e072f511b062e3f6ca4cc27ff453322159c673f65f0d9156d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/proxy/use-filter-sort.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 60395, "scanner": "repobility-threat-engine", "fingerprint": "b2ebf4f463a1a279cb38d37d241be89005a98ee5d90416cf97daaafd6e1b8898", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(text", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b2ebf4f463a1a279cb38d37d241be89005a98ee5d90416cf97daaafd6e1b8898"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/log/log-item.tsx"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 60394, "scanner": "repobility-threat-engine", "fingerprint": "b86f16458edd6dc67275e4a913331799e5fb042a4d9c27a26ece28a184d38798", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(pattern", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b86f16458edd6dc67275e4a913331799e5fb042a4d9c27a26ece28a184d38798"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/search-matcher.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 60393, "scanner": "repobility-threat-engine", "fingerprint": "88f76b0c6c0629c860961ad4fe2ebd890d583c145d92fe33c91eae1d39a98eb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(searchText", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|88f76b0c6c0629c860961ad4fe2ebd890d583c145d92fe33c91eae1d39a98eb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/components/log/log-item.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 60375, "scanner": "repobility-threat-engine", "fingerprint": "d3ea3eee9bfc404f89c4c3e1f79e093615e4b8bc6b9be2b8931e48f390837ec5", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n                i", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d3ea3eee9bfc404f89c4c3e1f79e093615e4b8bc6b9be2b8931e48f390837ec5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/feat/profile.rs"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 60374, "scanner": "repobility-threat-engine", "fingerprint": "7885d9d3cc66df546ce3a6b79da7457cd211577f274a5fe94b5ea0dab243c203", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7885d9d3cc66df546ce3a6b79da7457cd211577f274a5fe94b5ea0dab243c203"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/config/mod.rs"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 60373, "scanner": "repobility-threat-engine", "fingerprint": "a5aa49d20c5b80f517bb424fcce7e5ea72c971103ca27ecff65fcf21df9b8f09", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a5aa49d20c5b80f517bb424fcce7e5ea72c971103ca27ecff65fcf21df9b8f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/cmd/app.rs"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 60371, "scanner": "repobility-threat-engine", "fingerprint": "330cdab346390534d3c40e3cbb5ee0471c9ed9d43b02b452065b74041868a922", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((key) => `${key}:${cards[key] ? 1 : 0}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|330cdab346390534d3c40e3cbb5ee0471c9ed9d43b02b452065b74041868a922"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pages/home.tsx"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 60370, "scanner": "repobility-threat-engine", "fingerprint": "ae48ee2c3fe28413028db7472e199a7919ebe8046195c59f476eee1354a6563f", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".innerHTML = `\n        <stop offset=\"0%\" stop-color=\"${theme.palette.primary.main}\" />\n        <stop", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ae48ee2c3fe28413028db7472e199a7919ebe8046195c59f476eee1354a6563f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/pages/_layout/hooks/use-custom-theme.ts"}, "region": {"startLine": 319}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 60369, "scanner": "repobility-threat-engine", "fingerprint": "c17d54089f78a84e033b8929a69a9eb997ebdcb28c8f934c334e34226114bb24", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n    (key) => `${getIndent(2)}${formatStringLiteral(key)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c17d54089f78a84e033b8929a69a9eb997ebdcb28c8f934c334e34226114bb24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/generate-i18n-keys.mjs"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 60360, "scanner": "repobility-threat-engine", "fingerprint": "1e9451a20bfc5928f35a9948c2e4b05abdd9fbc0502fd07f57c1aabc6e64d58d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1e9451a20bfc5928f35a9948c2e4b05abdd9fbc0502fd07f57c1aabc6e64d58d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/main.rs"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 60359, "scanner": "repobility-threat-engine", "fingerprint": "2ad5b62ad86e99ce91b361733200a8befce3b312462db23239feed24b5be60b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ad5b62ad86e99ce91b361733200a8befce3b312462db23239feed24b5be60b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src-tauri/src/feat/icon.rs"}, "region": {"startLine": 219}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 60358, "scanner": "repobility-threat-engine", "fingerprint": "20abfb799eb7dd6e6b399404c01453bb66dc97bb4846d88ce71b1cff28bc9e76", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|20abfb799eb7dd6e6b399404c01453bb66dc97bb4846d88ce71b1cff28bc9e76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/clash-verge-limiter/src/lib.rs"}, "region": {"startLine": 117}}}]}]}]}