Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
Upstream (GitHub) caused delay on this scan — not Repobility.
  • Clone from GitHub took 73.41s for a 138.1 MB repo slow.
  • Repobility's analysis ran in 24.4s after the clone landed.

13145125121/BotTG

https://github.com/13145125121/BotTG.git · scanned 2026-05-28 22:10 UTC (2 weeks, 3 days ago) · 10 languages

2021 raw signals (206 security + 1815 graph) 10/13 scanners ran 75th percentile · Typescript · large (100-500K LoC) System graph score 59 (higher by 20)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 3 days ago · v3 · 717 actionable findings from 2 signal sources. 94 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
73.7
/100
Security checks
88
128 findings
System graph
59
100.0% cov · 589 findings
Critical
8
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 85.0 0.15 12.75
security_score 100.0 0.25 25.00
testing_score 44.0 0.20 8.80
documentation_score 87.0 0.15 13.05
practices_score 94.0 0.15 14.10
code_quality 60.0 0.10 6.00
Overall 1.00 79.7
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: severity: medium × excluding tests × Reset all
Severity: Critical 8 High 70 Medium 89 Low 395 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 128 System graph 589 Crowd 0 Layer: Quality 187 Security 47 Cicd 10 Software 61 Frontend 354 Hardware 3 Api 55
Scan summary Quality grade B+ (80/100). Dimensions: security 100, maintainability 85. 206 findings (49 security). 295,689 lines analyzed.

Showing 89 of 717 actionable findings. 811 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
client/components/editor/bot/profile/use-admin-ids.ts:72
server/redis/redisClient.ts:63
server/redis/redisPlatformSubscriber.ts:164
medium Security checks security Crypto conf 1.00 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.
Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed.
tools/_check_apis2.py:12
medium Security checks quality Quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
client/components/editor/properties/components/common/key-value-editor.tsx:52
medium Security checks cicd CI/CD security conf 0.76 Dockerfile copies broad context with incomplete .dockerignore
Tighten .dockerignore or replace COPY . with explicit COPY statements.
Dockerfile:14 CI/CD securitycontainers
medium Security checks quality Quality conf 0.70 Public web app has no Content Security Policy
Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors.
index.html
medium Security checks quality Quality conf 0.78 Public web service has no security.txt
Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored.
.well-known/security.txt
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — client/components/editor/inline-rich/components/FormattedText.tsx:3
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — client/components/ui/chart.tsx:81
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
Fq dangerous html
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/card/bot-launch-helpers.ts:42
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/card/BotAutoRestartToggle.tsx:49
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/card/BotLogLevelSelect.tsx:48
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/card/BotProtectContentToggle.tsx:27
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/card/BotSaveMediaToggle.tsx:40
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/card/BotUserbotSettings.tsx:48
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/hooks/use-launch-history.ts:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/bot/hooks/use-launch-logs.ts:21
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/broadcast/wizard/group-select.tsx:58
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/broadcast/wizard/manual-user-select.tsx:58
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/dialog/broadcast-dialog-panel.tsx:65
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/dialog/dialog-panel.tsx:114
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/components/SaveMediaToggle.tsx:34
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-dialog-messages.ts:44
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-growth-by-source.ts:62
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-growth.ts:77
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-infinite-users.ts:99
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-last-message.ts:34
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-messages-activity.ts:106
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-search-users.ts:39
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-stats.ts:36
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-traffic.ts:68
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-user-details-messages.ts:40
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/queries/use-users.ts:36
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-database/hooks/use-sync-groups.ts:47
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-details/hooks/useUserList.ts:30
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/database/user-details/hooks/useUserMessages.ts:32
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/files/files-panel.tsx:59
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/files/hooks/use-project-files.ts:80
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/groups/groups-panel.tsx:175
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/header/hooks/use-mini-app-auth.ts:50
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/header/hooks/use-telegram-auth.ts:151
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/properties/hooks/use-media.ts:35
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/properties/media/file-id-input.tsx:51
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/properties/media/media-file-card.tsx:131
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/scenariy/hooks/use-scenariy-mutatsii.ts:24
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/scenariy/hooks/use-scenariy-zaprosy.ts:70
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/components/editor/telegram-client/services/logger-service.ts:18
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/hooks/use-app-config.ts:29
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/hooks/use-project-tokens.ts:28
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/hooks/use-user-data.ts:50
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/queryClient.ts:23
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — client/utils/session-restore.ts:40
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/auto-push-github.ts:24
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/fetch-bot-avatar.ts:39
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/fetch-user-avatars.ts:67
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/sync-github.ts:24
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — server/routes/auth/utils/telegramJwks.ts:50
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — server/routes/botIntegration/handlers/botInfo/updateBotDescriptionHandler.ts:42
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — server/routes/botIntegration/handlers/botInfo/updateBotNameHandler.ts:42
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — server/routes/botIntegration/handlers/botInfo/updateBotShortDescriptionHandler.ts:37
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — server/routes/botIntegration/handlers/telegramGroups/getGroupMembersCountHandler.ts:45
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — client/components/editor/canvas/canvas/utils/migrate-command-triggers.ts:117
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/bot-table/bot-table.test.ts:211
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/conditional-input-handler/conditional-input-handler.test.ts:194
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/button-response/button-response.fixture.ts:79
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/multi-select-button-handler/multi-select-button-handler.fixture.ts:10
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/multi-select-button-handler/multi-select-button-handler.test.ts:156
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/multi-select-done/multi-select-done.fixture.ts:15
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/multi-select-reply/multi-select-reply.fixture.ts:41
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/multi-select-transition/multi-select-transition.test.ts:55
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/handlers/reply-hide-after-click/reply-hide-after-click.fixture.ts:12
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/keyboard-handlers/multiselect-check/multiselect-check.test.ts:153
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/templates/set-variable/set-variable.test.ts:126
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — lib/tests/test-phase46-interactive-callback-state-regression.ts:16
When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …
Fq rfnode no dims
medium System graph hardware Security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph quality Integrity conf 1.00 2 occurrences Frontend route `/editor/:id` has no Link/navigate to it — client/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
2 occurrences
repo-level (2 hits)
Orphan pageWiring
medium System graph cicd CI/CD security conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/build-tree.yml CI/CD securitySupply chainGithub actions
medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in client/components/ui/chart.tsx:81
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
client/components/ui/chart.tsx:81 Dangerous innerhtml
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_casper_159.py:181
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_crazybtc_159.py:216
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_cryptoflow_159.py:223
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_imperia_159.py:190
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_infinity_159.py:241
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_love_159.py:181
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_lucky_159.py:261
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_viron_159.py:243
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_add_vortex_159.py:189
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/_enable_full_chain.py:70
`requests.put(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
209 test file(s) for 2379 source file(s) (ratio 0.09). Consider adding integration or unit tests for critical paths.
Coverage
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/82a13e96-2f14-4509-b156-00a97ca752ff/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/82a13e96-2f14-4509-b156-00a97ca752ff/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.