Scan timing: clone 2.76s · analysis 8.11s · 0.7 MB · GitHub API rate-limit (preflight)
https://github.com/expressjs/express
· scanned 2026-06-05 08:36 UTC (5 days, 20 hours ago)
· 10 languages
332 raw signals (80 security + 252 graph) 61st percentile · Javascript · medium (20-100K LoC) System graph score 65 (higher by 12)
Last scanned 5 days, 20 hours ago · v2 · 164 actionable findings from 2 signal sources. 42 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
85.0 | 0.15 | 12.75 |
security_score |
69.5 | 0.25 | 17.38 |
testing_score |
87.0 | 0.20 | 17.40 |
documentation_score |
63.0 | 0.15 | 9.45 |
practices_score |
84.0 | 0.15 | 12.60 |
code_quality |
74.8 | 0.10 | 7.48 |
| Overall | 1.00 | 77.1 |
All 470 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
with |
software | healthy | test/Router.js:with |
no |
software | healthy | test/Router.js:no |
fn1 |
software | healthy | test/Router.js:fn1 |
fn2 |
software | healthy | test/Router.js:fn2 |
when |
software | healthy | test/Router.js:when |
createApp |
software | healthy | test/express.static.js:createApp |
if |
software | healthy | test/res.sendFile.js:if |
handleHeaders |
software | healthy | test/res.sendFile.js:handleHeaders |
createApp |
software | healthy | test/res.sendFile.js:createApp |
View |
software | healthy | test/app.render.js:View |
createApp |
software | healthy | test/app.render.js:createApp |
accept |
software | healthy | test/express.raw.js:accept |
createApp |
software | healthy | test/express.raw.js:createApp |
accept |
software | healthy | test/express.urlencoded.js:accept |
createManyParams |
software | healthy | test/express.urlencoded.js:createManyParams |
createApp |
software | healthy | test/express.urlencoded.js:createApp |
expectKeyCount |
software | healthy | test/express.urlencoded.js:expectKeyCount |
createApp |
software | healthy | test/res.render.js:createApp |
getExpectedClientAddress |
software | healthy | test/req.ip.js:getExpectedClientAddress |
test |
software | healthy | test/res.format.js:test |
fn1 |
software | healthy | test/app.use.js:fn1 |
fn2 |
software | healthy | test/app.use.js:fn2 |
fn3 |
software | healthy | test/app.use.js:fn3 |
render |
software | healthy | test/app.engine.js:render |
required |
software | healthy | test/app.engine.js:required |
fn |
software | healthy | test/config.js:fn |
fn1 |
software | healthy | test/config.js:fn1 |
fn2 |
software | healthy | test/config.js:fn2 |
createRedirectServerForDomain |
software | healthy | test/res.location.js:createRedirectServerForDomain |
testRequestedRedirect |
software | healthy | test/res.location.js:testRequestedRedirect |
createApp |
software | healthy | test/req.query.js:createApp |
accept |
software | healthy | test/express.text.js:accept |
createApp |
software | healthy | test/express.text.js:createApp |
handler1 |
software | healthy | test/app.router.js:handler1 |
handler2 |
software | healthy | test/app.router.js:handler2 |
fn |
software | healthy | test/app.router.js:fn |
fn1 |
software | healthy | test/app.router.js:fn1 |
fn2 |
software | healthy | test/app.router.js:fn2 |
fn3 |
software | healthy | test/app.router.js:fn3 |
supportsRegexp |
software | healthy | test/app.router.js:supportsRegexp |
shouldHaveHeaderValues |
software | healthy | test/res.append.js:shouldHaveHeaderValues |
accept |
software | healthy | test/express.json.js:accept |
createApp |
software | healthy | test/express.json.js:createApp |
parseError |
software | healthy | test/express.json.js:parseError |
shouldContainInBody |
software | healthy | test/express.json.js:shouldContainInBody |
shouldHaveBody |
software | healthy | test/support/utils.js:shouldHaveBody |
shouldHaveHeader |
software | healthy | test/support/utils.js:shouldHaveHeader |
shouldNotHaveBody |
software | healthy | test/support/utils.js:shouldNotHaveBody |
shouldNotHaveHeader |
software | healthy | test/support/utils.js:shouldNotHaveHeader |
getMajorVersion |
software | healthy | test/support/utils.js:getMajorVersion |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
package.json |
software | healthy | package.json |
Readme.md |
software | healthy | Readme.md |
.eslintrc.yml |
software | healthy | .eslintrc.yml |
index.js |
software | healthy | index.js |
History.md |
software | healthy | History.md |
res.redirect.js |
software | warning | test/res.redirect.js |
req.subdomains.js |
software | warning | test/req.subdomains.js |
Router.js |
software | healthy | test/Router.js |
express.static.js |
software | healthy | test/express.static.js |
res.sendFile.js |
software | healthy | test/res.sendFile.js |
app.render.js |
software | healthy | test/app.render.js |
res.status.js |
software | warning | test/res.status.js |
express.raw.js |
software | healthy | test/express.raw.js |
res.locals.js |
software | warning | test/res.locals.js |
express.urlencoded.js |
software | healthy | test/express.urlencoded.js |
res.clearCookie.js |
software | warning | test/res.clearCookie.js |
res.cookie.js |
software | warning | test/res.cookie.js |
res.jsonp.js |
software | warning | test/res.jsonp.js |
res.render.js |
software | healthy | test/res.render.js |
app.route.js |
software | warning | test/app.route.js |
res.type.js |
software | warning | test/res.type.js |
req.ip.js |
software | healthy | test/req.ip.js |
app.routes.error.js |
software | warning | test/app.routes.error.js |
req.acceptsCharsets.js |
software | warning | test/req.acceptsCharsets.js |
regression.js |
software | warning | test/regression.js |
app.param.js |
software | warning | test/app.param.js |
res.sendStatus.js |
software | warning | test/res.sendStatus.js |
utils.js |
software | warning | test/utils.js |
req.baseUrl.js |
software | warning | test/req.baseUrl.js |
req.hostname.js |
software | warning | test/req.hostname.js |
app.listen.js |
software | warning | test/app.listen.js |
res.format.js |
software | healthy | test/res.format.js |
req.host.js |
software | warning | test/req.host.js |
req.ips.js |
software | warning | test/req.ips.js |
app.response.js |
software | warning | test/app.response.js |
app.all.js |
software | warning | test/app.all.js |
req.get.js |
software | warning | test/req.get.js |
res.set.js |
software | warning | test/res.set.js |
app.use.js |
software | healthy | test/app.use.js |
req.stale.js |
software | warning | test/req.stale.js |
req.acceptsEncodings.js |
software | warning | test/req.acceptsEncodings.js |
app.engine.js |
software | healthy | test/app.engine.js |
req.is.js |
software | warning | test/req.is.js |
req.secure.js |
software | warning | test/req.secure.js |
config.js |
software | healthy | test/config.js |
res.download.js |
software | warning | test/res.download.js |
res.json.js |
software | warning | test/res.json.js |
req.path.js |
software | warning | test/req.path.js |
app.js |
software | warning | test/app.js |
req.fresh.js |
software | warning | test/req.fresh.js |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
test |
software | healthy | test |
fixtures |
software | healthy | test/fixtures |
blog |
software | healthy | test/fixtures/blog |
users |
software | healthy | test/fixtures/users |
support |
software | healthy | test/support |
acceptance |
software | healthy | test/acceptance |
lib |
software | healthy | lib |
examples |
software | healthy | examples |
view-constructor |
software | healthy | examples/view-constructor |
route-separation |
software | healthy | examples/route-separation |
public |
software | healthy | examples/route-separation/public |
downloads |
software | healthy | examples/downloads |
auth |
software | healthy | examples/auth |
view-locals |
software | healthy | examples/view-locals |
mvc |
software | healthy | examples/mvc |
lib |
software | healthy | examples/mvc/lib |
controllers |
software | healthy | examples/mvc/controllers |
user |
software | healthy | examples/mvc/controllers/user |
main |
software | healthy | examples/mvc/controllers/main |
user-pet |
software | healthy | examples/mvc/controllers/user-pet |
pet |
software | healthy | examples/mvc/controllers/pet |
public |
software | healthy | examples/mvc/public |
params |
software | healthy | examples/params |
web-service |
software | healthy | examples/web-service |
error-pages |
software | healthy | examples/error-pages |
search |
software | healthy | examples/search |
public |
software | healthy | examples/search/public |
cookies |
software | healthy | examples/cookies |
static-files |
software | healthy | examples/static-files |
public |
software | healthy | examples/static-files/public |
js |
software | healthy | examples/static-files/public/js |
css |
software | healthy | examples/static-files/public/css |
error |
software | healthy | examples/error |
content-negotiation |
software | healthy | examples/content-negotiation |
online |
software | healthy | examples/online |
resource |
software | healthy | examples/resource |
vhost |
software | healthy | examples/vhost |
markdown |
software | healthy | examples/markdown |
views |
software | healthy | examples/markdown/views |
hello-world |
software | healthy | examples/hello-world |
session |
software | healthy | examples/session |
cookie-sessions |
software | healthy | examples/cookie-sessions |
multi-router |
software | healthy | examples/multi-router |
controllers |
software | healthy | examples/multi-router/controllers |
route-map |
software | healthy | examples/route-map |
route-middleware |
software | healthy | examples/route-middleware |
ejs |
software | healthy | examples/ejs |
public |
software | healthy | examples/ejs/public |
stylesheets |
software | healthy | examples/ejs/public/stylesheets |
views |
software | healthy | examples/ejs/views |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
GET /user/:uid/photos/:file |
api | healthy | lib/response.js |
GET / |
api | healthy | examples/view-constructor/index.js |
GET /Readme.md |
api | healthy | examples/view-constructor/index.js |
GET /users |
api | healthy | examples/route-separation/index.js |
ALL /user/:id{/:op} |
api | healthy | examples/route-separation/index.js |
GET /user/:id |
api | healthy | examples/route-separation/index.js |
GET /user/:id/view |
api | healthy | examples/route-separation/index.js |
GET /user/:id/edit |
api | healthy | examples/route-separation/index.js |
PUT /user/:id/edit |
api | healthy | examples/route-separation/index.js |
GET /posts |
api | healthy | examples/route-separation/index.js |
GET /files/*file |
api | healthy | examples/downloads/index.js |
GET /restricted |
api | healthy | examples/auth/index.js |
GET /logout |
api | healthy | examples/auth/index.js |
GET /login |
api | healthy | examples/auth/index.js |
POST /login |
api | healthy | examples/auth/index.js |
GET /middleware |
api | healthy | examples/view-locals/index.js |
GET /middleware-locals |
api | healthy | examples/view-locals/index.js |
USE /api |
api | healthy | examples/view-locals/index.js |
ALL /api/* |
api | healthy | examples/view-locals/index.js |
GET /user/:user |
api | healthy | examples/params/index.js |
GET /users/:from-:to |
api | healthy | examples/params/index.js |
GET /api/users |
api | healthy | examples/web-service/index.js |
GET /api/repos |
api | healthy | examples/web-service/index.js |
GET /api/user/:name/repos |
api | healthy | examples/web-service/index.js |
GET /404 |
api | healthy | examples/error-pages/index.js |
GET /403 |
api | healthy | examples/error-pages/index.js |
GET /500 |
api | healthy | examples/error-pages/index.js |
GET /search/{:query} |
api | healthy | examples/search/index.js |
GET /client.js |
api | healthy | examples/search/index.js |
GET /forget |
api | healthy | examples/cookies/index.js |
POST / |
api | healthy | examples/cookies/index.js |
USE /static |
api | healthy | examples/static-files/index.js |
GET /next |
api | healthy | examples/error/index.js |
GET /:sub |
api | healthy | examples/vhost/index.js |
GET /fail |
api | healthy | examples/markdown/index.js |
USE /api/v1 |
api | healthy | examples/multi-router/index.js |
USE /api/v2 |
api | healthy | examples/multi-router/index.js |
DELETE /user/:id |
api | healthy | examples/route-middleware/index.js |
| Label | Layer | Status | Path |
|---|---|---|---|
analyze |
cicd | healthy | .github/workflows/codeql.yml |
analysis |
cicd | healthy | .github/workflows/scorecard.yml |
lint |
cicd | healthy | .github/workflows/ci.yml |
test |
cicd | healthy | .github/workflows/ci.yml |
coverage |
cicd | healthy | .github/workflows/ci.yml |
test |
cicd | healthy | .github/workflows/legacy.yml |
coverage |
cicd | healthy | .github/workflows/legacy.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
127.0.0.1 |
network | healthy | test/req.subdomains.js |
10.0.0.1 |
network | healthy | test/req.ip.js |
10.0.0.2 |
network | healthy | test/req.ip.js |
10.0.0.3 |
network | healthy | test/req.ip.js |
10.0.0.4 |
network | healthy | test/req.ip.js |
| Label | Layer | Status | Path |
|---|---|---|---|
port:80 |
network | healthy | lib/application.js |
port:443 |
network | healthy | lib/application.js |
port:3000 |
network | healthy | examples/view-constructor/index.js |
port:23 |
network | healthy | .github/dependabot.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::codeql |
cicd | healthy | .github/workflows/codeql.yml |
gha::scorecard |
cicd | healthy | .github/workflows/scorecard.yml |
gha::ci |
cicd | healthy | .github/workflows/ci.yml |
gha::legacy |
cicd | healthy | .github/workflows/legacy.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
/admin |
frontend | healthy | test/res.clearCookie.js |
/ |
frontend | healthy | lib/response.js |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-s8ldzk_6 |
software | healthy | /tmp/repobility-clone-s8ldzk_6 |
| Label | Layer | Status | Path |
|---|---|---|---|
redis |
data | healthy | package.json |
| Label | Layer | Status | Path |
|---|---|---|---|
password_literal::examples/auth/index.js |
security | healthy | examples/auth/index.js |
| Label | Layer | Status | Path |
|---|---|---|---|
SCORECARD_TOKEN |
cicd | healthy | — |
This page is publicly accessible at:
https://repobility.com/scan/85f8264f-a2a1-4cfa-a7bb-94025c9f6b26/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/85f8264f-a2a1-4cfa-a7bb-94025c9f6b26/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.