{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Store the interval id and return a useEffect cleanup that calls clearInterval. Also clear the interval in explicit stop/end handlers when relevant."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Remove generated output from version control, add it to .gitignore and .dockerignore where relevant, and regenerate it in CI or release jobs."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED057", "name": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolve", "shortDescription": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 17 more): Same pattern found in 17 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 48 more): Same pattern found in 48 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 48 more): Same pattern found in 48 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED047] Emoji In Source (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 26 more): Same pattern found in 26 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 46 more): Same pattern found in 46 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v8`: `uses: actions/github-script@v8` resolves at work", "shortDescription": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v8`: `uses: actions/github-script@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise"}, "fullDescription": {"text": "Replace with: `uses: actions/github-script@<40-char-sha>  # v8` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "[MINED122] package.json dep `echarts` pulled from URL/Git: `dependencies.echarts` = `file:../..` bypasses the npm regist", "shortDescription": {"text": "[MINED122] package.json dep `echarts` pulled from URL/Git: `dependencies.echarts` = `file:../..` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm "}, "fullDescription": {"text": "Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED130", "name": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for", "shortDescription": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/@jridgewell/source-map` is `https://registry.npmmirror.com/@jridgewell/source-map/-/source-map-0.3.11.tgz"}, "fullDescription": {"text": "Verify the host is intentional. If your org uses a private registry, add it to your scanner's allowlist (CANONICAL_NPM_HOSTS). Otherwise, regenerate the lockfile against the canonical registry."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED028", "name": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line.", "shortDescription": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC027", "name": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not config", "shortDescription": {"text": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not configured. libxmljs in particular has had XXE CVEs."}, "fullDescription": {"text": "Pass `noent: false` to libxmljs. Avoid xml2js or pass explicit secure config. Prefer parsers that don't expand external entities at all."}, "properties": {"scanner": "repobility-threat-engine", "category": "xxe", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED035", "name": "[MINED035] Js New Function: new Function(...) compiles strings to functions.", "shortDescription": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/848"}, "properties": {"repository": "apache/echarts", "repoUrl": "https://github.com/apache/echarts", "branch": "master"}, "results": [{"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 76708, "scanner": "repobility-agent-runtime", "fingerprint": "1b6c0c7f527647d9471e135826f0f7bca7eab88d3f400a1890c3b957ecd020f7", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|1b6c0c7f527647d9471e135826f0f7bca7eab88d3f400a1890c3b957ecd020f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/echarts.ts"}, "region": {"startLine": 1613}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 76707, "scanner": "repobility-agent-runtime", "fingerprint": "38b284892502fd1e437d466a9fbf7f6bce86db5588096d7a9e347f98c2d38294", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|38b284892502fd1e437d466a9fbf7f6bce86db5588096d7a9e347f98c2d38294"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/component/visualMap/ContinuousView.ts"}, "region": {"startLine": 144}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 76674, "scanner": "repobility-threat-engine", "fingerprint": "c4c1729a2cf40f62605ec4662d015a73dc952d23106b840c3ce21fe01e6c7f58", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(link, target)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|src/util/format.ts|330|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/util/format.ts"}, "region": {"startLine": 330}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 76672, "scanner": "repobility-threat-engine", "fingerprint": "d2f149a68f9f103d667c5c24ddde3173363a7636d3eb30bbff3823b8b3ea9a13", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/util/throttle.ts|59|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/util/throttle.ts"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 76671, "scanner": "repobility-threat-engine", "fingerprint": "ca8b9edf4f661964f21da9d535ef36e3611f195201dcf35e3bf75249963da279", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new Function(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|168|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/coord/geo/GeoJSONResource.ts"}, "region": {"startLine": 168}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76706, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c5a092e33dade9e7202e5169127fc6882939cb6dcfa4ea76822d813ed2a400f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|8c5a092e33dade9e7202e5169127fc6882939cb6dcfa4ea76822d813ed2a400f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langIT.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76705, "scanner": "repobility-ai-code-hygiene", "fingerprint": "becf24ffa7403bb74dc8de8b3c88d59865d136a3168937c965d8f94bbcea7d4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|becf24ffa7403bb74dc8de8b3c88d59865d136a3168937c965d8f94bbcea7d4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langIT-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ecbb30080f9dbdda9c9e0ac52424d61c3cb6d608e543976043b4fdfbdaacb3e4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langHU-obj.js", "duplicate_line": 13, "correlation_key": "fp|ecbb30080f9dbdda9c9e0ac52424d61c3cb6d608e543976043b4fdfbdaacb3e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langHU.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b1b384f23d8373a9a52f2e6aabb8b206c50f70d75d87267b40f4bc50208a2e1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|5b1b384f23d8373a9a52f2e6aabb8b206c50f70d75d87267b40f4bc50208a2e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langHU.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76702, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0f4e1bddebe267d4bf512114363a8519a90f800f54ef449475a17bc8b0d328e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|0f4e1bddebe267d4bf512114363a8519a90f800f54ef449475a17bc8b0d328e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langHU-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76701, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c700b2d5cbe3e299edc3a20df35516e8a98ccb8c45b00bdff96ec892e7c58227", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langFR-obj.js", "duplicate_line": 13, "correlation_key": "fp|c700b2d5cbe3e299edc3a20df35516e8a98ccb8c45b00bdff96ec892e7c58227"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFR.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76700, "scanner": "repobility-ai-code-hygiene", "fingerprint": "439f33d99503786dbbdb8745f42a21f33daf6b5d550eacf067ad8701baae7515", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|439f33d99503786dbbdb8745f42a21f33daf6b5d550eacf067ad8701baae7515"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFR.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76699, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83d3c4886f4f20f8231ed2dac83cfa875cc3a371cd76fa429946814cc9bec578", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|83d3c4886f4f20f8231ed2dac83cfa875cc3a371cd76fa429946814cc9bec578"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFR-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76698, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18172279ae7cdf1c16a3b352dd3f2f43d94b4fb70d5846a3caf27bc8f2505f9a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langFI-obj.js", "duplicate_line": 13, "correlation_key": "fp|18172279ae7cdf1c16a3b352dd3f2f43d94b4fb70d5846a3caf27bc8f2505f9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFI.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76697, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1621b3de68e08c2c47095746bfb881dc2cd460f682c64609dafe18310cee2c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|b1621b3de68e08c2c47095746bfb881dc2cd460f682c64609dafe18310cee2c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFI.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76696, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3e9a9f842a4c39950b3e893652e1f5f479903e957e6b72ed68d35dd97a408121", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|3e9a9f842a4c39950b3e893652e1f5f479903e957e6b72ed68d35dd97a408121"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFI-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76695, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0b7e4039fa5cb73130a2e2ee7231eeab19d31ef745750230f954c07e4e35aa19", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langFA-obj.js", "duplicate_line": 13, "correlation_key": "fp|0b7e4039fa5cb73130a2e2ee7231eeab19d31ef745750230f954c07e4e35aa19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFA.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76694, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc49474c04c0487fb66750f01c163dfb29fbc8132792b16457ef51fdfd90f980", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|cc49474c04c0487fb66750f01c163dfb29fbc8132792b16457ef51fdfd90f980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFA.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76693, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8c12b88eca046bd8075f252d04e06998f7cab504f43da92799175893f1e99539", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|8c12b88eca046bd8075f252d04e06998f7cab504f43da92799175893f1e99539"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langFA-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76692, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cbac6c746294df0047c2892e53730a8530f1a8e97f01d6ff3abf187b942e9411", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langES-obj.js", "duplicate_line": 13, "correlation_key": "fp|cbac6c746294df0047c2892e53730a8530f1a8e97f01d6ff3abf187b942e9411"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langES.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76691, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9808f894e88ef246aedc7fadfd777ae43c05a9e0075c474e92be9c184f56347c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|9808f894e88ef246aedc7fadfd777ae43c05a9e0075c474e92be9c184f56347c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langES.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76690, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8940ef9b029e059f8a5935e57876f25406db9a7485bbb93ed26e166d1f38ef1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|f8940ef9b029e059f8a5935e57876f25406db9a7485bbb93ed26e166d1f38ef1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langES-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76689, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db4393efe441c25dc51a7fd03b2f39680c06358b093d8ec2f525b75e5cdfd168", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langEN-obj.js", "duplicate_line": 13, "correlation_key": "fp|db4393efe441c25dc51a7fd03b2f39680c06358b093d8ec2f525b75e5cdfd168"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langEN.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76688, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2dd619e8ece795f50760a1f23b72285724c294aa686e4841c0b53b37e67ee692", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|2dd619e8ece795f50760a1f23b72285724c294aa686e4841c0b53b37e67ee692"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langEN.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76687, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0836e490d24dd78c7c0573b120d562bc30f92b53c5cb2e9e4097a86c6ad69e24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|0836e490d24dd78c7c0573b120d562bc30f92b53c5cb2e9e4097a86c6ad69e24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langEN-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76686, "scanner": "repobility-ai-code-hygiene", "fingerprint": "17486869e610e7575da5c06be85be3e3039e711bf0a6bd9e9af0e2b613234986", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langEL-obj.js", "duplicate_line": 13, "correlation_key": "fp|17486869e610e7575da5c06be85be3e3039e711bf0a6bd9e9af0e2b613234986"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langEL.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76685, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73852a9837a63f11036d3ac3eb79df76d0dffe7df178265be58a42d9290bef66", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|73852a9837a63f11036d3ac3eb79df76d0dffe7df178265be58a42d9290bef66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langEL.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76684, "scanner": "repobility-ai-code-hygiene", "fingerprint": "428c6d20c2a08b9a06abdfd54058c9a99a58108498f4142fb85a46e8a0451d9b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|428c6d20c2a08b9a06abdfd54058c9a99a58108498f4142fb85a46e8a0451d9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langEL-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76683, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7beb84351a1b09baaf98c2602828ca67a193afa9d131260469304c6a2cdcea1d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langDE-obj.js", "duplicate_line": 13, "correlation_key": "fp|7beb84351a1b09baaf98c2602828ca67a193afa9d131260469304c6a2cdcea1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langDE.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76682, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d78fda6cd4fac15a14ac8a32c445e63aec5625c7185dea7529cf328967c7311", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|6d78fda6cd4fac15a14ac8a32c445e63aec5625c7185dea7529cf328967c7311"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langDE.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76681, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2efa8dcb095b2b4681fe6fec1a9370faa68f02ce9612a864cb7e633269e2b937", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|2efa8dcb095b2b4681fe6fec1a9370faa68f02ce9612a864cb7e633269e2b937"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langDE-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76680, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7b41db3f35d779ae6536256b75fbcee1778e39e014de4236d18d88a5118f3d0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langCS-obj.js", "duplicate_line": 13, "correlation_key": "fp|b7b41db3f35d779ae6536256b75fbcee1778e39e014de4236d18d88a5118f3d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langCS.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76679, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fef1ca521d3a64a65063d6a0ef3e9280de766b3e6b188481c157131fea8aa5b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR.js", "duplicate_line": 1, "correlation_key": "fp|fef1ca521d3a64a65063d6a0ef3e9280de766b3e6b188481c157131fea8aa5b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langCS.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76678, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc63104c793fccd694c2d96683d0bea2ae1dd059a507f7f672a2115c98e44d4a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 1, "correlation_key": "fp|cc63104c793fccd694c2d96683d0bea2ae1dd059a507f7f672a2115c98e44d4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langCS-obj.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 76677, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71c22caa4ed0b6b0b0a066d55fb839a21d0716083af94a03493d590698a7bbd5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "i18n/langAR-obj.js", "duplicate_line": 13, "correlation_key": "fp|71c22caa4ed0b6b0b0a066d55fb839a21d0716083af94a03493d590698a7bbd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langAR.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 76676, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6069b1ec53cf974ec6e25b94b13d24116a19565dae3d82ce5bcc320c773215fd", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "dist", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|6069b1ec53cf974ec6e25b94b13d24116a19565dae3d82ce5bcc320c773215fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dist"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 76675, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 76669, "scanner": "repobility-threat-engine", "fingerprint": "77dd75f2a7ee7d3ed42cba945fbbb34c8665d4f1f339713868ed94b920c82c68", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": "document.write(h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|122|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/component/toolbox/feature/SaveAsImage.ts"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 76668, "scanner": "repobility-threat-engine", "fingerprint": "65fbbab18b3b2c65316cdcc61513f54dade25d2a9f1095ef1538f78cea0ec7a4", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'axisPointer ' + type + ' exists'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|65fbbab18b3b2c65316cdcc61513f54dade25d2a9f1095ef1538f78cea0ec7a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/component/axis/AxisView.ts"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED057", "level": "none", "message": {"text": "[MINED057] Todo Bomb: Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"repobilityId": 76667, "scanner": "repobility-threat-engine", "fingerprint": "17ce4755b22dfdcadf154443b6eca6b28bd2268c79e217f15fa1e38b83d7b7d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "todo-bomb", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348035+00:00", "triaged_in_corpus": 10, "observations_count": 255662, "ai_coder_pattern_id": 4}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17ce4755b22dfdcadf154443b6eca6b28bd2268c79e217f15fa1e38b83d7b7d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/scatter/ScatterView.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 17 more): Same pattern found in 17 additional files. Review if needed."}, "properties": {"repobilityId": 76664, "scanner": "repobility-threat-engine", "fingerprint": "2ed9b94f7dd1b61b76d610969b9861b23098ba6813748318276c670aeb343b3b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 17 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2ed9b94f7dd1b61b76d610969b9861b23098ba6813748318276c670aeb343b3b", "aggregated_count": 17}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 76663, "scanner": "repobility-threat-engine", "fingerprint": "f9183c20f2dd474f21b993ab31cfdafcdb96306bcfd271c9daf49c8f76ca781b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f9183c20f2dd474f21b993ab31cfdafcdb96306bcfd271c9daf49c8f76ca781b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/component/dataZoom/DataZoomView.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 76662, "scanner": "repobility-threat-engine", "fingerprint": "0567c3a5012050b1da5cde7c64400a9af6d9093315cd749a8303e798eb4a2bd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0567c3a5012050b1da5cde7c64400a9af6d9093315cd749a8303e798eb4a2bd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/helper/createSeriesData.ts"}, "region": {"startLine": 174}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 76661, "scanner": "repobility-threat-engine", "fingerprint": "7b5542c3bc69ddc03fdda9985ce7f28485ae959626d666bbde3fa810829138d2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b5542c3bc69ddc03fdda9985ce7f28485ae959626d666bbde3fa810829138d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/chord/ChordSeries.ts"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 48 more): Same pattern found in 48 additional files. Review if needed."}, "properties": {"repobilityId": 76660, "scanner": "repobility-threat-engine", "fingerprint": "f7c2d2df3e1fc0a90e711692919ff537b128e5ea8ffa50c90031e32f0384a090", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 48 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f7c2d2df3e1fc0a90e711692919ff537b128e5ea8ffa50c90031e32f0384a090", "aggregated_count": 48}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 76659, "scanner": "repobility-threat-engine", "fingerprint": "3f177b31066f722ac910c27a944c3acdcee78de3e7455c9dc10ffac07c4eda86", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3f177b31066f722ac910c27a944c3acdcee78de3e7455c9dc10ffac07c4eda86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/chord/ChordSeries.ts"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 76658, "scanner": "repobility-threat-engine", "fingerprint": "fff28909d9b0d01982def5fa7884fcdd4b3ba22ca5b637ae0c5eff0fa726d711", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fff28909d9b0d01982def5fa7884fcdd4b3ba22ca5b637ae0c5eff0fa726d711"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/bar/PictorialBarSeries.ts"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 76657, "scanner": "repobility-threat-engine", "fingerprint": "7135b59845ca33eecbf99f57c006bf7a04f09ed8e868412e8682c67c90a5148e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7135b59845ca33eecbf99f57c006bf7a04f09ed8e868412e8682c67c90a5148e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/animation/customGraphicKeyframeAnimation.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 76656, "scanner": "repobility-threat-engine", "fingerprint": "9a39399c1c1167a52d2aab9849f30c38978f1719ee9f2d2813c9fe2c8cfb51f5", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|9a39399c1c1167a52d2aab9849f30c38978f1719ee9f2d2813c9fe2c8cfb51f5", "aggregated_count": 3}}}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 76655, "scanner": "repobility-threat-engine", "fingerprint": "126060fa3b59eaab0ec9013306727fe3d54e6d9d13045055f779849c9bdd098c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|126060fa3b59eaab0ec9013306727fe3d54e6d9d13045055f779849c9bdd098c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langVI-obj.js"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 76654, "scanner": "repobility-threat-engine", "fingerprint": "b7f626b267d849ba94db0d81613e220e1d2bed74d01088a53c280936e5051af2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b7f626b267d849ba94db0d81613e220e1d2bed74d01088a53c280936e5051af2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langRO.js"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 76653, "scanner": "repobility-threat-engine", "fingerprint": "4ad75aeb195b38d95f2074bd224c3223a922745fc4a35177a0a3400ea4ef1503", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4ad75aeb195b38d95f2074bd224c3223a922745fc4a35177a0a3400ea4ef1503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "i18n/langRO-obj.js"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 26 more): Same pattern found in 26 additional files. Review if needed."}, "properties": {"repobilityId": 76651, "scanner": "repobility-threat-engine", "fingerprint": "d35873799393065807b3d0701061638f3d31b63c1c2140a2602d8c8451ad96d7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 26 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d35873799393065807b3d0701061638f3d31b63c1c2140a2602d8c8451ad96d7", "aggregated_count": 26}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 76650, "scanner": "repobility-threat-engine", "fingerprint": "46d55e3948ad46773601640394b2466eaccc8dcb310169f6491f56072e35e83b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|46d55e3948ad46773601640394b2466eaccc8dcb310169f6491f56072e35e83b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/animation/morphTransitionHelper.ts"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 76649, "scanner": "repobility-threat-engine", "fingerprint": "18adf20bf70ac4a9b8e6767e648d315b2c602bf0c05f5a6ec2597ba1fa618d6b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|18adf20bf70ac4a9b8e6767e648d315b2c602bf0c05f5a6ec2597ba1fa618d6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/animation/customGraphicKeyframeAnimation.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 76648, "scanner": "repobility-threat-engine", "fingerprint": "e2bbd2ce942dcd31dad8704e7a311299635cf09645faa47a7f30e87a77ef830a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2bbd2ce942dcd31dad8704e7a311299635cf09645faa47a7f30e87a77ef830a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extension-src/bmap/BMapModel.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 46 more): Same pattern found in 46 additional files. Review if needed."}, "properties": {"repobilityId": 76647, "scanner": "repobility-threat-engine", "fingerprint": "8c71c1cb487ff6abd403e8500f5c9047ad0de4db1fd97987e268d2500dcdf815", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 46 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8c71c1cb487ff6abd403e8500f5c9047ad0de4db1fd97987e268d2500dcdf815", "aggregated_count": 46}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76646, "scanner": "repobility-threat-engine", "fingerprint": "ce6fdbd7bb6b07eb0222df53ba86f4a0ee1f4d33ee5321510cf86345229458c9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce6fdbd7bb6b07eb0222df53ba86f4a0ee1f4d33ee5321510cf86345229458c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/component/radar/RadarView.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76645, "scanner": "repobility-threat-engine", "fingerprint": "35c1fafaa7c3d8ccf183b4939f82d08038034e2fbfe0c843c6cf0f956e8c68c6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35c1fafaa7c3d8ccf183b4939f82d08038034e2fbfe0c843c6cf0f956e8c68c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/lines/LinesView.ts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 76644, "scanner": "repobility-threat-engine", "fingerprint": "075e779e032507e95d22d01bc3d17fd073da418cc2e68d0c5bef1339356664e8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|075e779e032507e95d22d01bc3d17fd073da418cc2e68d0c5bef1339356664e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/.scripts/update-notice-year.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v8`: `uses: actions/github-script@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76733, "scanner": "repobility-supply-chain", "fingerprint": "cc0ad77d323653ec1de03acf6ad7348a5cb8a5dda236e245a9a9c4b5b5ff1bbe", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc0ad77d323653ec1de03acf6ad7348a5cb8a5dda236e245a9a9c4b5b5ff1bbe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-notice-year.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76732, "scanner": "repobility-supply-chain", "fingerprint": "4a6f493faad853baeb03acc5ff0ae61d3f26c0e682033d49f8efb7d614f3061d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4a6f493faad853baeb03acc5ff0ae61d3f26c0e682033d49f8efb7d614f3061d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/update-notice-year.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/stale` pinned to mutable ref `@v10`: `uses: actions/stale@v10` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76731, "scanner": "repobility-supply-chain", "fingerprint": "435831a8e572fee873e556f1bf43390647fb38d6ac3f89b702b4866a06ced412", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|435831a8e572fee873e556f1bf43390647fb38d6ac3f89b702b4866a06ced412"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stale.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76730, "scanner": "repobility-supply-chain", "fingerprint": "bf860604f681bd3df735209caf5a5486bd21a36aa1953ae5c13eefb93075f404", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bf860604f681bd3df735209caf5a5486bd21a36aa1953ae5c13eefb93075f404"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76729, "scanner": "repobility-supply-chain", "fingerprint": "49a62a0a2f4a0a8962a08f8b1f0f0c40af48ffe4d06117d6abe5987a8fdf3a00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|49a62a0a2f4a0a8962a08f8b1f0f0c40af48ffe4d06117d6abe5987a8fdf3a00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76728, "scanner": "repobility-supply-chain", "fingerprint": "a6646fc3ff82094bdd7dcd44af299fe0bf63f2bc9d9ced6145887b306d7fb351", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a6646fc3ff82094bdd7dcd44af299fe0bf63f2bc9d9ced6145887b306d7fb351"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76727, "scanner": "repobility-supply-chain", "fingerprint": "3f20d1b189dcc72ac9c06ec1584bbae46443cb40d377a976a67713e02c59ed58", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f20d1b189dcc72ac9c06ec1584bbae46443cb40d377a976a67713e02c59ed58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76726, "scanner": "repobility-supply-chain", "fingerprint": "4fe9dc78a501fef80172d8848cb10c166c0e44408b4a2e6b5168d36929c05045", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4fe9dc78a501fef80172d8848cb10c166c0e44408b4a2e6b5168d36929c05045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76725, "scanner": "repobility-supply-chain", "fingerprint": "58ebdbe839b3f5ed6431618ca6db793384489219c5f169d1382fd80728dea06b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|58ebdbe839b3f5ed6431618ca6db793384489219c5f169d1382fd80728dea06b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76724, "scanner": "repobility-supply-chain", "fingerprint": "ce58e9bcc4ef5a39a3d710c30b6aefe391a2e993169b5f4f51234f54ccfc871b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ce58e9bcc4ef5a39a3d710c30b6aefe391a2e993169b5f4f51234f54ccfc871b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76723, "scanner": "repobility-supply-chain", "fingerprint": "152119b8227b81207dab783fedf6e2bf76b03d83278c189ffc352cf1811ad33c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|152119b8227b81207dab783fedf6e2bf76b03d83278c189ffc352cf1811ad33c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v8`: `uses: actions/download-artifact@v8` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76722, "scanner": "repobility-supply-chain", "fingerprint": "cb731f44a45def93d6fed6159475df6c94473e2d58c8c2c9765ab83bc3f3210b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb731f44a45def93d6fed6159475df6c94473e2d58c8c2c9765ab83bc3f3210b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76721, "scanner": "repobility-supply-chain", "fingerprint": "11e8e164709bf75196b9a2dd88a6605280725b242458fe1041a720c6a59edd45", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|11e8e164709bf75196b9a2dd88a6605280725b242458fe1041a720c6a59edd45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76720, "scanner": "repobility-supply-chain", "fingerprint": "7e26dab73ad79dfb5a0cadfc2297ae448d58fff87bf49e305840faca2d165e15", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7e26dab73ad79dfb5a0cadfc2297ae448d58fff87bf49e305840faca2d165e15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76719, "scanner": "repobility-supply-chain", "fingerprint": "037a10bbd2a799ff5d4885ed3e9d6507a635de9a386e8ea5ab28b9b36e145154", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|037a10bbd2a799ff5d4885ed3e9d6507a635de9a386e8ea5ab28b9b36e145154"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76718, "scanner": "repobility-supply-chain", "fingerprint": "65c9a9ba9481251e1b8f0b2efbe3552289e93a2221d34c39e6b9a0baf349c2da", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|65c9a9ba9481251e1b8f0b2efbe3552289e93a2221d34c39e6b9a0baf349c2da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76717, "scanner": "repobility-supply-chain", "fingerprint": "0a0bcfdb69583eda6f7e2d5a710b8fc5aa6b19aa99e525dfa8ae07361a1a72b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0a0bcfdb69583eda6f7e2d5a710b8fc5aa6b19aa99e525dfa8ae07361a1a72b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v6`: `uses: actions/upload-artifact@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76716, "scanner": "repobility-supply-chain", "fingerprint": "75c49257747b5630a6ffe6a3c21ae45297e1bf1bca2ac1c3ad8140e87d310820", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|75c49257747b5630a6ffe6a3c21ae45297e1bf1bca2ac1c3ad8140e87d310820"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76715, "scanner": "repobility-supply-chain", "fingerprint": "25bd8b65f9dad77153c3eb66b3e0439d8607f28a2bd4ef6d5368a84cf0bcf051", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|25bd8b65f9dad77153c3eb66b3e0439d8607f28a2bd4ef6d5368a84cf0bcf051"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76714, "scanner": "repobility-supply-chain", "fingerprint": "38ae979f0e6c7756461cd7c39e231c1934c1261321c617fd30d11aca183dc1fa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|38ae979f0e6c7756461cd7c39e231c1934c1261321c617fd30d11aca183dc1fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76713, "scanner": "repobility-supply-chain", "fingerprint": "35a1e8f5fd4c4971e0f3be44060d82fb5bfb2e7b208c65e8e5a8e2f25904cd1d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|35a1e8f5fd4c4971e0f3be44060d82fb5bfb2e7b208c65e8e5a8e2f25904cd1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/source-release.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v6`: `uses: actions/setup-node@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76712, "scanner": "repobility-supply-chain", "fingerprint": "96adcb6008949359b074169a69df4bf5ca26685ef3031b9ec8601b231a903090", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96adcb6008949359b074169a69df4bf5ca26685ef3031b9ec8601b231a903090"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly-next.yml"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 76711, "scanner": "repobility-supply-chain", "fingerprint": "4c8100547611cb22528185b29b6a4cd098a3be905b53277b381196aa8c5800b1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4c8100547611cb22528185b29b6a4cd098a3be905b53277b381196aa8c5800b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly-next.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED122", "level": "error", "message": {"text": "[MINED122] package.json dep `echarts` pulled from URL/Git: `dependencies.echarts` = `file:../..` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"repobilityId": 76710, "scanner": "repobility-supply-chain", "fingerprint": "878017bf2ac2396a9e967c6a8f82a09cca7ca5fdbb13ee8b11f00bca31bb7c32", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-dep-git-or-tarball-url", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|878017bf2ac2396a9e967c6a8f82a09cca7ca5fdbb13ee8b11f00bca31bb7c32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/types/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED130", "level": "error", "message": {"text": "[MINED130] Lockfile pulls package from off-canonical host `registry.npmmirror.com`: `package-lock.json` resolved URL for `node_modules/@jridgewell/source-map` is `https://registry.npmmirror.com/@jridgewell/source-map/-/source-map-0.3.11.tgz...` \u2014 host `registry.npmmirror.com` is not the canonical registry. Could be a mirror compromise, dependency confusion attack, or a forgotten private registry."}, "properties": {"repobilityId": 76709, "scanner": "repobility-supply-chain", "fingerprint": "bed22b28e10168a49905abf38252084619f8ac40b96dd2f95f8bc68f6d3a7961", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-lockfile-off-registry", "owasp": null, "cwe_ids": ["CWE-829"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bed22b28e10168a49905abf38252084619f8ac40b96dd2f95f8bc68f6d3a7961"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED028", "level": "error", "message": {"text": "[MINED028] Ts Ignore Comment: // @ts-ignore silences all type errors on the next line."}, "properties": {"repobilityId": 76670, "scanner": "repobility-threat-engine", "fingerprint": "023172589892e7a07510b700b2fab61444efca61a010aa6782ed5811d918bee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-ignore-comment", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347964+00:00", "triaged_in_corpus": 15, "observations_count": 9364, "ai_coder_pattern_id": 99}, "scanner": "repobility-threat-engine", "correlation_key": "fp|023172589892e7a07510b700b2fab61444efca61a010aa6782ed5811d918bee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/component/toolbox/feature/SaveAsImage.ts"}, "region": {"startLine": 99}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76666, "scanner": "repobility-threat-engine", "fingerprint": "236206e85c8808029f3b3f43188d3a3550bc4b2f1492272048cdefdca9972dae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "tmpText.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|236206e85c8808029f3b3f43188d3a3550bc4b2f1492272048cdefdca9972dae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/model/mixin/textStyle.ts"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 76665, "scanner": "repobility-threat-engine", "fingerprint": "b3ca75d9030623bf70b9558ba9d30aa43adda2ff3600343b75bf0bc2ffdff743", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "graph.update();", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b3ca75d9030623bf70b9558ba9d30aa43adda2ff3600343b75bf0bc2ffdff743"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chart/helper/createGraphFromNodeEdge.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "SEC027", "level": "error", "message": {"text": "[SEC027] XML External Entity (XXE) \u2014 Node.js xml parsers: Node.js XML parsers can expand external entities if not configured. libxmljs in particular has had XXE CVEs."}, "properties": {"repobilityId": 76652, "scanner": "repobility-threat-engine", "fingerprint": "6fddf264c742764c54da21d56751f903aa14f8cabe9ce880846ecbb3308f90fa", "category": "xxe", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new DOMParser()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC027", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6fddf264c742764c54da21d56751f903aa14f8cabe9ce880846ecbb3308f90fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "extension-src/dataTool/gexf.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "MINED035", "level": "error", "message": {"text": "[MINED035] Js New Function: new Function(...) compiles strings to functions."}, "properties": {"repobilityId": 76673, "scanner": "repobility-threat-engine", "fingerprint": "ce8e014883dfc696d906b16acd3c53ccf3c83047fb5bc833ca73ab0830cfade5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-new-function", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347980+00:00", "triaged_in_corpus": 20, "observations_count": 2547, "ai_coder_pattern_id": 104}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce8e014883dfc696d906b16acd3c53ccf3c83047fb5bc833ca73ab0830cfade5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/coord/geo/GeoJSONResource.ts"}, "region": {"startLine": 168}}}]}]}]}