{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED039", "name": "[MINED039] Rust Todo Macro (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED039] Rust Todo Macro (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 4 more): Same pattern found in 4 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED068", "name": "[MINED068] Rust Unsafe Block (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED068] Rust Unsafe Block (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-119 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED003", "name": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED066", "name": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_requ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_WEBHOOK_URL }` lets a PR from any fork exfiltrat"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/774"}, "properties": {"repository": "tailwindlabs/tailwindcss", "repoUrl": "https://github.com/tailwindlabs/tailwindcss", "branch": "main"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 65310, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 65287, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 65284, "scanner": "repobility-threat-engine", "fingerprint": "3d3f209d1fbc07950a20bba9816d1f463efd78181b099dec7f3d07996a80c69a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3d3f209d1fbc07950a20bba9816d1f463efd78181b099dec7f3d07996a80c69a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/write-file-safely.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 65269, "scanner": "repobility-threat-engine", "fingerprint": "6f1b09b54ffb9ce079f00fb1e5ab3dd30a2c820db6f1f3565b77528748f7dbf7", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|packages/ token|46|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/packages.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 65268, "scanner": "repobility-threat-engine", "fingerprint": "71ba64291e2b26057320fd19054c3b5db91b453005ec9548f0d1383bac7e71d9", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|packages/ token|132|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/template/migrate-prefix.ts"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 65267, "scanner": "repobility-threat-engine", "fingerprint": "43344e0c7b9d18073de214125bdf9c1f2753fb6ed9ad18a65b540962ecd77847", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|packages/ token|200|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-node/src/urls.ts"}, "region": {"startLine": 200}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 65311, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65309, "scanner": "repobility-ai-code-hygiene", "fingerprint": "04be109029af9a11821ff50d9f7a537f47a10d39737db3c6120cb79f9c49cf58", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-upgrade/src/codemods/css/migrate-preflight.ts", "duplicate_line": 116, "correlation_key": "fp|04be109029af9a11821ff50d9f7a537f47a10d39737db3c6120cb79f9c49cf58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/tailwindcss/src/css-functions.ts"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65308, "scanner": "repobility-ai-code-hygiene", "fingerprint": "708375d6739d4ef513f8e782a8231c48651431934678c082e82869178c568f68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-browser/playwright.config.ts", "duplicate_line": 1, "correlation_key": "fp|708375d6739d4ef513f8e782a8231c48651431934678c082e82869178c568f68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/tailwindcss/playwright.config.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65307, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a6a3e32906323954ff34b88f182edb921f04ce20c1103ca7a5bbe91a5184559", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-postcss/tsup.config.ts", "duplicate_line": 5, "correlation_key": "fp|5a6a3e32906323954ff34b88f182edb921f04ce20c1103ca7a5bbe91a5184559"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-webpack/tsup.config.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65306, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fc8c2731b94492ab299838f4de47500a63efea5fa6c51f6ac40bcbec184a2579", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-postcss/src/index.ts", "duplicate_line": 132, "correlation_key": "fp|fc8c2731b94492ab299838f4de47500a63efea5fa6c51f6ac40bcbec184a2579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-webpack/src/index.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65305, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d98adf17b0681f8514eb138aed2719759b108b9cf47065a5071dcac0ad4653ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-cli/src/utils/resolve.ts", "duplicate_line": 1, "correlation_key": "fp|d98adf17b0681f8514eb138aed2719759b108b9cf47065a5071dcac0ad4653ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/resolve.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65304, "scanner": "repobility-ai-code-hygiene", "fingerprint": "228e368fa4a8d7fdc7fbfceb3684bdb8281e918a7307753a3667d97c29058655", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-cli/src/utils/renderer.ts", "duplicate_line": 2, "correlation_key": "fp|228e368fa4a8d7fdc7fbfceb3684bdb8281e918a7307753a3667d97c29058655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/renderer.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65303, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b801ac8d48183e374b2e51702270ab5bdc2d5cdb1489bc55cc4a1ce1caf01213", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-cli/src/utils/format-ns.ts", "duplicate_line": 1, "correlation_key": "fp|b801ac8d48183e374b2e51702270ab5bdc2d5cdb1489bc55cc4a1ce1caf01213"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/format-ns.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65302, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73b24d60ca0b73f1d52ca8ab0e54e457be68a1a795d540f2a64faa6e1955082c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-cli/src/utils/args.ts", "duplicate_line": 9, "correlation_key": "fp|73b24d60ca0b73f1d52ca8ab0e54e457be68a1a795d540f2a64faa6e1955082c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/args.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65301, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb39a21b6391728b81dd00ba337636b7a7153822ae2fedf4a40b9b5f359624ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/@tailwindcss-cli/src/commands/help/index.ts", "duplicate_line": 65, "correlation_key": "fp|bb39a21b6391728b81dd00ba337636b7a7153822ae2fedf4a40b9b5f359624ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/commands/help/index.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65300, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b188837bf123e847c6bc96dcd2f15373c69160ead64cf8ed540dc68850bc019a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/named_utility_machine.rs", "duplicate_line": 221, "correlation_key": "fp|b188837bf123e847c6bc96dcd2f15373c69160ead64cf8ed540dc68850bc019a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/utility_machine.rs"}, "region": {"startLine": 164}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65299, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6c9bf5af054510323ed8fa2a42ccd86baeea069bbb2b8ae2db9e966ec26e5e44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/pre_processors/rust.rs", "duplicate_line": 81, "correlation_key": "fp|6c9bf5af054510323ed8fa2a42ccd86baeea069bbb2b8ae2db9e966ec26e5e44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/svelte.rs"}, "region": {"startLine": 16}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65298, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0828d0fc3f262834a1b3debc16e188ca4693f1acf0e2a4c2f6867f2ca42ff1b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/pre_processors/haml.rs", "duplicate_line": 57, "correlation_key": "fp|0828d0fc3f262834a1b3debc16e188ca4693f1acf0e2a4c2f6867f2ca42ff1b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/slim.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65297, "scanner": "repobility-ai-code-hygiene", "fingerprint": "60061d1b3e8a628030e30298f85889db53bf3270cbcdcb92cb3d208e008e29b1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/pre_processors/pug.rs", "duplicate_line": 8, "correlation_key": "fp|60061d1b3e8a628030e30298f85889db53bf3270cbcdcb92cb3d208e008e29b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/slim.rs"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65296, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e2324721d236a9a953ab9299e95fbc90cddd90c441624fbe40af4e09ab6e4503", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/pre_processors/haml.rs", "duplicate_line": 56, "correlation_key": "fp|e2324721d236a9a953ab9299e95fbc90cddd90c441624fbe40af4e09ab6e4503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/rust.rs"}, "region": {"startLine": 47}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65295, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4c7b9a58833776b78206b31500fe9dc86a76ea9be6d6c95684be4be7b88e9a01", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/pre_processors/clojure.rs", "duplicate_line": 76, "correlation_key": "fp|4c7b9a58833776b78206b31500fe9dc86a76ea9be6d6c95684be4be7b88e9a01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/rust.rs"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65294, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6218e3fae26c4f3b21114f7a708646d48ea2171d6080571e7474a2cddb2d06b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/pre_processors/haml.rs", "duplicate_line": 57, "correlation_key": "fp|a6218e3fae26c4f3b21114f7a708646d48ea2171d6080571e7474a2cddb2d06b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/pug.rs"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65293, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bc6ec779219f7cbd3e0de19df38cb45666f0a9129b293797f42a555c57343d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/css_variable_machine.rs", "duplicate_line": 74, "correlation_key": "fp|4bc6ec779219f7cbd3e0de19df38cb45666f0a9129b293797f42a555c57343d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/mod.rs"}, "region": {"startLine": 825}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65292, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a6bba37b414345ed1741bed391607e6c94b399ea678db82807a206057724bb67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/arbitrary_property_machine.rs", "duplicate_line": 196, "correlation_key": "fp|a6bba37b414345ed1741bed391607e6c94b399ea678db82807a206057724bb67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/mod.rs"}, "region": {"startLine": 823}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "296327cbf0d5d3061732fd1df3aa5f335415b5e4527927d3a27100773d6f710a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/candidate_machine.rs", "duplicate_line": 123, "correlation_key": "fp|296327cbf0d5d3061732fd1df3aa5f335415b5e4527927d3a27100773d6f710a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/mod.rs"}, "region": {"startLine": 343}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65290, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9ddad6d3bcb11dfc6f464907eecefbf3bf2c262d47c263777ce0d98abce45f0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/arbitrary_property_machine.rs", "duplicate_line": 196, "correlation_key": "fp|c9ddad6d3bcb11dfc6f464907eecefbf3bf2c262d47c263777ce0d98abce45f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/css_variable_machine.rs"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65289, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35fc283a0c61f00b4afdafc0d19c93bb6d52550a06cc56d6018e1b4752243f98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/arbitrary_property_machine.rs", "duplicate_line": 84, "correlation_key": "fp|35fc283a0c61f00b4afdafc0d19c93bb6d52550a06cc56d6018e1b4752243f98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/arbitrary_variable_machine.rs"}, "region": {"startLine": 100}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 65288, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a7afd793ca7904f25da8bf7947bc7cf46b25f9d381a39a07af4e1e5df2aa9f74", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "crates/oxide/src/extractor/arbitrary_property_machine.rs", "duplicate_line": 88, "correlation_key": "fp|a7afd793ca7904f25da8bf7947bc7cf46b25f9d381a39a07af4e1e5df2aa9f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/arbitrary_value_machine.rs"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 65282, "scanner": "repobility-threat-engine", "fingerprint": "9fab29a1603ddec07c194751898c0a196dfd482e88464c857e12933706b06f7b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9fab29a1603ddec07c194751898c0a196dfd482e88464c857e12933706b06f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/tailwindcss/src/at-import.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 65281, "scanner": "repobility-threat-engine", "fingerprint": "987792f0f12439dd787f439d9fba3ef1182f69aded9ca47d56ffc7d61f491347", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|987792f0f12439dd787f439d9fba3ef1182f69aded9ca47d56ffc7d61f491347"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/css/analyze.ts"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 65280, "scanner": "repobility-threat-engine", "fingerprint": "2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2cd220107759c389357ea1e0b2a749255d62455820f15b6cc9e05e77d2c17c58"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 65274, "scanner": "repobility-threat-engine", "fingerprint": "606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|606792298c73b83412d8cf76624dd82fdf0a71ea3b779cecc6b4d4d439eccec4"}}}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 65270, "scanner": "repobility-threat-engine", "fingerprint": "b031acad30223651838c72762fbf67002aa9bccea5e8d28f9a1dee5134b8d8a4", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b031acad30223651838c72762fbf67002aa9bccea5e8d28f9a1dee5134b8d8a4"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 65266, "scanner": "repobility-threat-engine", "fingerprint": "8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8c3560525de975a9c202cd1b69e7b70cd2e798d159e8cb8d425d4f011026e437", "aggregated_count": 1}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 65265, "scanner": "repobility-threat-engine", "fingerprint": "7770dea7af2676bf5d24f5b118c06dc01da8efd5160d2e890b5337cffd446cf6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7770dea7af2676bf5d24f5b118c06dc01da8efd5160d2e890b5337cffd446cf6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/template/migrate-prefix.ts"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 65264, "scanner": "repobility-threat-engine", "fingerprint": "5ce2532ed4e6a3e58a113e21c15c6e896580e16cc16e1d4999af1d61d4f200ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5ce2532ed4e6a3e58a113e21c15c6e896580e16cc16e1d4999af1d61d4f200ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-standalone/scripts/build.ts"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 65263, "scanner": "repobility-threat-engine", "fingerprint": "15293bac0f6a6eaed842e3b3f11f1471f340d925e89ab40a78654c130521dc93", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15293bac0f6a6eaed842e3b3f11f1471f340d925e89ab40a78654c130521dc93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-node/src/optimize.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 65262, "scanner": "repobility-threat-engine", "fingerprint": "c9d72070d1526f8b6538d9aea14953c3bb047b4369891d9f3af14bb1b52f8387", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c9d72070d1526f8b6538d9aea14953c3bb047b4369891d9f3af14bb1b52f8387", "aggregated_count": 6}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 65261, "scanner": "repobility-threat-engine", "fingerprint": "35b5f42b502733be4e9a4c78a30a3970e593387d751c1dcfc9fb331d82eb735b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|35b5f42b502733be4e9a4c78a30a3970e593387d751c1dcfc9fb331d82eb735b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/template/prepare-config.ts"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 65260, "scanner": "repobility-threat-engine", "fingerprint": "b6fc3920ad879f85ad4f5c62f945ebacecdc94cb893826c1c884798561c7271b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6fc3920ad879f85ad4f5c62f945ebacecdc94cb893826c1c884798561c7271b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/css/split.ts"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 65259, "scanner": "repobility-threat-engine", "fingerprint": "27b2c71915bfe7472781e4920dc5f55a469e522181465e807d6ad404308f6fc7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|27b2c71915bfe7472781e4920dc5f55a469e522181465e807d6ad404308f6fc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-node/src/instrumentation.ts"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 65258, "scanner": "repobility-threat-engine", "fingerprint": "7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7eac65c6d729ce731cf7f1b0d32d88551e2714b6a555982628995e228d42ee93", "aggregated_count": 3}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 65257, "scanner": "repobility-threat-engine", "fingerprint": "2d328e9c549e1437fe3d557e48717445c57a4f593063d279d8365063394913e6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d328e9c549e1437fe3d557e48717445c57a4f593063d279d8365063394913e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/css/migrate-at-layer-utilities.ts"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 65256, "scanner": "repobility-threat-engine", "fingerprint": "93400e29afafed1fa24bca8f8d28c8bd6642b502122fbeb95884ee14fcf2e674", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|93400e29afafed1fa24bca8f8d28c8bd6642b502122fbeb95884ee14fcf2e674"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/config/migrate-postcss.ts"}, "region": {"startLine": 339}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 65255, "scanner": "repobility-threat-engine", "fingerprint": "da7831b8e1de1b0a7e2c446bf25f3acd9212b31830745578ee093a2a64132de1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|da7831b8e1de1b0a7e2c446bf25f3acd9212b31830745578ee093a2a64132de1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-node/src/instrumentation.ts"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 65254, "scanner": "repobility-threat-engine", "fingerprint": "72212593c6dca51ba91f73051cd4c4f876807798f883c1742382668a805cc051", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|72212593c6dca51ba91f73051cd4c4f876807798f883c1742382668a805cc051", "aggregated_count": 6}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 65253, "scanner": "repobility-threat-engine", "fingerprint": "bb2eee6c441c84f39480b1cf0a72142ec2dc3ac5f446a5f69ea682381fe30cfa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb2eee6c441c84f39480b1cf0a72142ec2dc3ac5f446a5f69ea682381fe30cfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/css/link.ts"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 65252, "scanner": "repobility-threat-engine", "fingerprint": "948698edaf1d40a308cacc20e36c22af463eab6ac59c80b435f41c9fc654fe04", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|948698edaf1d40a308cacc20e36c22af463eab6ac59c80b435f41c9fc654fe04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/config/migrate-postcss.ts"}, "region": {"startLine": 215}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 65251, "scanner": "repobility-threat-engine", "fingerprint": "3c9ba218045fb223a9e6d3b0406c29924154c908f75bb185dee6d7eacf9d053a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c9ba218045fb223a9e6d3b0406c29924154c908f75bb185dee6d7eacf9d053a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-browser/src/instrumentation.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED039", "level": "none", "message": {"text": "[MINED039] Rust Todo Macro (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 65250, "scanner": "repobility-threat-engine", "fingerprint": "409cb9baeb84d669d0d539b92ee5fc84c4414ac05a9c0ad74592761284feb9a4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|409cb9baeb84d669d0d539b92ee5fc84c4414ac05a9c0ad74592761284feb9a4", "aggregated_count": 3}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 65246, "scanner": "repobility-threat-engine", "fingerprint": "462bb8b57887719306ec8a3cf2c050b455aeffaa9cbba6dae0ac34058459ea29", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|462bb8b57887719306ec8a3cf2c050b455aeffaa9cbba6dae0ac34058459ea29"}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 65242, "scanner": "repobility-threat-engine", "fingerprint": "4e412bf576271f452d8d53a380314293ad150630a073e041a292c54ddebe44eb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4e412bf576271f452d8d53a380314293ad150630a073e041a292c54ddebe44eb", "aggregated_count": 2}}}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 65241, "scanner": "repobility-threat-engine", "fingerprint": "201301cafddef05bd7a46a5e9514d34b0d58af6d7a72ec41b58e75520d49d772", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|201301cafddef05bd7a46a5e9514d34b0d58af6d7a72ec41b58e75520d49d772"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/bracket_stack.rs"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 65240, "scanner": "repobility-threat-engine", "fingerprint": "3a86583d2d1fff6a953ceda01f7cc723cd96d1be0d0ac4584c5513b7fac9b183", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a86583d2d1fff6a953ceda01f7cc723cd96d1be0d0ac4584c5513b7fac9b183"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/cursor.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED068", "level": "none", "message": {"text": "[MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled inside."}, "properties": {"repobilityId": 65239, "scanner": "repobility-threat-engine", "fingerprint": "59bede92ccbc657e1e585524d8906e3b35a3301c791c18b3a21f1411d35cde84", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unsafe-block", "owasp": null, "cwe_ids": ["CWE-119"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348060+00:00", "triaged_in_corpus": 12, "observations_count": 42383, "ai_coder_pattern_id": 116}, "scanner": "repobility-threat-engine", "correlation_key": "fp|59bede92ccbc657e1e585524d8906e3b35a3301c791c18b3a21f1411d35cde84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/node/src/utf16.rs"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED003", "level": "none", "message": {"text": "[MINED003] Rust Unwrap In Prod (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 65238, "scanner": "repobility-threat-engine", "fingerprint": "2a16de56e5c0507f58750804ed55b728e3ee77fd172df197a0481db18b20d318", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2a16de56e5c0507f58750804ed55b728e3ee77fd172df197a0481db18b20d318", "aggregated_count": 4}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 65234, "scanner": "repobility-threat-engine", "fingerprint": "3df4dbeb8db9c5515bf21121952f7f4896887500c54df47190eaf62bc529eb73", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3df4dbeb8db9c5515bf21121952f7f4896887500c54df47190eaf62bc529eb73", "aggregated_count": 1}}}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 65233, "scanner": "repobility-threat-engine", "fingerprint": "498265fd5946b0761b1dbd027412f64de3bd72ab5efc66042ad5ec481dd28b65", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|498265fd5946b0761b1dbd027412f64de3bd72ab5efc66042ad5ec481dd28b65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/pre_processor.rs"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 65232, "scanner": "repobility-threat-engine", "fingerprint": "98c7c8a83ea8e2f851d290975f7f89a9f71990df0d2297dd28bbcc63a3b5e18c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|98c7c8a83ea8e2f851d290975f7f89a9f71990df0d2297dd28bbcc63a3b5e18c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/node/src/utf16.rs"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED066", "level": "none", "message": {"text": "[MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable errors."}, "properties": {"repobilityId": 65231, "scanner": "repobility-threat-engine", "fingerprint": "3ce616f34a10b0f15988a1591c24e58d4201fcd4b633945b3f7fe7a231fcd282", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-panic-macro", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348055+00:00", "triaged_in_corpus": 12, "observations_count": 48611, "ai_coder_pattern_id": 113}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3ce616f34a10b0f15988a1591c24e58d4201fcd4b633945b3f7fe7a231fcd282"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/classification-macros/src/lib.rs"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 65230, "scanner": "repobility-threat-engine", "fingerprint": "05a343149e80b37257c8d9f0ea5ac0d641c5eeb25f360766bc8fe2f69d138378", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|05a343149e80b37257c8d9f0ea5ac0d641c5eeb25f360766bc8fe2f69d138378"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/pre_processor.rs"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 65229, "scanner": "repobility-threat-engine", "fingerprint": "f4f8f027b69d4279ecced9f8d7ce6da55b220000c55bb7e461dd68b0e4aecdad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f4f8f027b69d4279ecced9f8d7ce6da55b220000c55bb7e461dd68b0e4aecdad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/node/src/lib.rs"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 65228, "scanner": "repobility-threat-engine", "fingerprint": "eff061744ad12643c0790366b5a283acc18a52408f7cd12f6d363bebb9e4cd8b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|eff061744ad12643c0790366b5a283acc18a52408f7cd12f6d363bebb9e4cd8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/classification-macros/src/lib.rs"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 65286, "scanner": "repobility-threat-engine", "fingerprint": "37066f627d7aa772c0848d0a0c43e18583e7019a7e8c4636ba1b5d17b3f78b9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(\n  Object", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|37066f627d7aa772c0848d0a0c43e18583e7019a7e8c4636ba1b5d17b3f78b9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/tailwindcss/src/css-functions.ts"}, "region": {"startLine": 169}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 65285, "scanner": "repobility-threat-engine", "fingerprint": "45f1251ba6ad7af1a49ef3210ac7b025e68d1b25506548fc504986318f79e9b6", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|packages/ token|92|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-webpack/src/index.ts"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 65279, "scanner": "repobility-threat-engine", "fingerprint": "8607ca364ad12fb7e6fe33685b743fb8cd8a03e44d50d10a5b5c902411570d41", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "manifests.delete(base)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8607ca364ad12fb7e6fe33685b743fb8cd8a03e44d50d10a5b5c902411570d41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/packages.ts"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 65278, "scanner": "repobility-threat-engine", "fingerprint": "665e540c127c918f95e61db87d15d6baaf9ed39963c2a2527350d74250e005c0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "utilitySheets.delete(sheet)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|665e540c127c918f95e61db87d15d6baaf9ed39963c2a2527350d74250e005c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/css/split.ts"}, "region": {"startLine": 253}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 65277, "scanner": "repobility-threat-engine", "fingerprint": "33bf7cede7f00623aff411898db1b8677cdca19621e0dbe6e9c57b77b41ddc1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "commonParents.delete(sheetA)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|33bf7cede7f00623aff411898db1b8677cdca19621e0dbe6e9c57b77b41ddc1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/css/analyze.ts"}, "region": {"startLine": 256}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 65276, "scanner": "repobility-threat-engine", "fingerprint": "d39cd4856820ac2787c0c7c36e2ec93670b87cde25da29e77320615ad5600cfc", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((x) => `${x}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d39cd4856820ac2787c0c7c36e2ec93670b87cde25da29e77320615ad5600cfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/tailwindcss/src/css-functions.ts"}, "region": {"startLine": 171}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 65275, "scanner": "repobility-threat-engine", "fingerprint": "f966db7ac0925379be5fa89649ca6588b56e86e77306e6a3151747a0c69fbd8a", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(({ name, sum }) => `${sum}  ./${name}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f966db7ac0925379be5fa89649ca6588b56e86e77306e6a3151747a0c69fbd8a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-standalone/scripts/build.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 65273, "scanner": "repobility-threat-engine", "fingerprint": "34f9ec7c9120540ab6a04fed373e5a0f487c25ca751085c7c15e0a32590a3986", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|34f9ec7c9120540ab6a04fed373e5a0f487c25ca751085c7c15e0a32590a3986"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/packages.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 65272, "scanner": "repobility-threat-engine", "fingerprint": "aeb30f6ba2c9df02933ac044f951886ea93150a0351d4df1cfa4753a20f47ab8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(prefix", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aeb30f6ba2c9df02933ac044f951886ea93150a0351d4df1cfa4753a20f47ab8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/codemods/template/migrate-prefix.ts"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 65271, "scanner": "repobility-threat-engine", "fingerprint": "a53a8bf3516d90ec5192e1decbbc0908c23acd2730e96e48bdd8c956c9051af4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(remaining", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a53a8bf3516d90ec5192e1decbbc0908c23acd2730e96e48bdd8c956c9051af4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-node/src/urls.ts"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 65249, "scanner": "repobility-threat-engine", "fingerprint": "09cb955e5dd9f5b023689f745dfbd6f81de594a929795652043a2a4eaa16f830", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|09cb955e5dd9f5b023689f745dfbd6f81de594a929795652043a2a4eaa16f830"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/modifier_machine.rs"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 65248, "scanner": "repobility-threat-engine", "fingerprint": "d70cffacaef4dc90e8b4e8a40436628708e1cf9443aa224627f79eefd8b472a1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d70cffacaef4dc90e8b4e8a40436628708e1cf9443aa224627f79eefd8b472a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/css_variable_machine.rs"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED039", "level": "error", "message": {"text": "[MINED039] Rust Todo Macro: todo!() panics when reached. Unimplemented code path."}, "properties": {"repobilityId": 65247, "scanner": "repobility-threat-engine", "fingerprint": "0cf0629699bbf889575dc123ac0c1fd5e90d1c3d5964e6e31f68fb0656324453", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-todo-macro", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347989+00:00", "triaged_in_corpus": 15, "observations_count": 1561, "ai_coder_pattern_id": 114}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0cf0629699bbf889575dc123ac0c1fd5e90d1c3d5964e6e31f68fb0656324453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/arbitrary_value_machine.rs"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 65245, "scanner": "repobility-threat-engine", "fingerprint": "4d9805f7bfdbf7a22f40f41f4f55100237969ff1ec431bc5507f3baa64f5c297", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4d9805f7bfdbf7a22f40f41f4f55100237969ff1ec431bc5507f3baa64f5c297"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/rust.rs"}, "region": {"startLine": 196}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 65244, "scanner": "repobility-threat-engine", "fingerprint": "5b9c1cd364ad943073398610223e471d007a2ce67538207806da42e7e288a322", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b9c1cd364ad943073398610223e471d007a2ce67538207806da42e7e288a322"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/pre_processors/pug.rs"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 65243, "scanner": "repobility-threat-engine", "fingerprint": "c011dcfcf67a8fda2b9034304f105be891e8e0bf165da15fff96974c0008a26a", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c011dcfcf67a8fda2b9034304f105be891e8e0bf165da15fff96974c0008a26a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/oxide/src/extractor/arbitrary_value_machine.rs"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 65237, "scanner": "repobility-threat-engine", "fingerprint": "a9551fc9047d384956d2d90c6384be55c1c1b0eda0f0c1544a87bdc1c08bfc2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a9551fc9047d384956d2d90c6384be55c1c1b0eda0f0c1544a87bdc1c08bfc2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/node/src/lib.rs"}, "region": {"startLine": 141}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 65236, "scanner": "repobility-threat-engine", "fingerprint": "3e23a975bd4c33871a4439f1abf2202a1189d23a07b09132abc26d7a1ce6cd1e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e23a975bd4c33871a4439f1abf2202a1189d23a07b09132abc26d7a1ce6cd1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/ignore/src/overrides.rs"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED003", "level": "error", "message": {"text": "[MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky elsewhere."}, "properties": {"repobilityId": 65235, "scanner": "repobility-threat-engine", "fingerprint": "a25eba5224f4fb5c984293d71102322f9aed2ec6a0ed6cad190b75edf3690052", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-unwrap-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347903+00:00", "triaged_in_corpus": 15, "observations_count": 386515, "ai_coder_pattern_id": 111}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a25eba5224f4fb5c984293d71102322f9aed2ec6a0ed6cad190b75edf3690052"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "crates/ignore/examples/walk.rs"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 65313, "scanner": "repobility-supply-chain", "fingerprint": "e79754bd94ebb4e21dcae926e434edddf8a05e8908a481ea2a33aa38d0d4795a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e79754bd94ebb4e21dcae926e434edddf8a05e8908a481ea2a33aa38d0d4795a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.DISCORD_WEBHOOK_URL` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.DISCORD_WEBHOOK_URL }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 65312, "scanner": "repobility-supply-chain", "fingerprint": "59fcd2efea0430c24563dbf0a62392b01b0b1b8f881a53ca025294eb1b690ed7", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|59fcd2efea0430c24563dbf0a62392b01b0b1b8f881a53ca025294eb1b690ed7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/integration-tests.yml"}, "region": {"startLine": 124}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 65283, "scanner": "repobility-threat-engine", "fingerprint": "d0eb0de03728fce5368f8c7576cdf1bb63c868e895ddb2e1b13986ae201e2c2d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require\n    (variable_declarator", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d0eb0de03728fce5368f8c7576cdf1bb63c868e895ddb2e1b13986ae201e2c2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/@tailwindcss-upgrade/src/utils/extract-static-plugins.ts"}, "region": {"startLine": 301}}}]}]}]}