{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB012", "name": "Service worker is present without a web app manifest", "shortDescription": {"text": "Service worker is present without a web app manifest"}, "fullDescription": {"text": "A service worker without a manifest often means the PWA install surface is incomplete or inconsistent across devices."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-3v7f-55p6-f55p", "name": "picomatch: GHSA-3v7f-55p6-f55p", "shortDescription": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "fullDescription": {"text": "Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `parse_envelope` has cognitive complexity 16 (SonarSource scale). Cognitiv", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `parse_envelope` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursio"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 8 more): Same pattern found in 8 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED098", "name": "[MINED098] Global Scope Pollution (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED098] Global Scope Pollution (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Import the library where you need it instead of attaching to window. For legitimate global registries, use a namespaced object (e.g., `window.__myApp.axios`)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "GHSA-v2wj-q39q-566r", "name": "vite: GHSA-v2wj-q39q-566r", "shortDescription": {"text": "vite: GHSA-v2wj-q39q-566r"}, "fullDescription": {"text": "Vite: `server.fs.deny` bypassed with queries"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-p9ff-h696-f583", "name": "vite: GHSA-p9ff-h696-f583", "shortDescription": {"text": "vite: GHSA-p9ff-h696-f583"}, "fullDescription": {"text": "Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-mw96-cpmx-2vgc", "name": "rollup: GHSA-mw96-cpmx-2vgc", "shortDescription": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "fullDescription": {"text": "Rollup 4 has Arbitrary File Write via Path Traversal"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-c2c7-rcm5-vvqj", "name": "picomatch: GHSA-c2c7-rcm5-vvqj", "shortDescription": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "fullDescription": {"text": "Picomatch has a ReDoS vulnerability via extglob quantifiers"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "high", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "MINED027", "name": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated ", "shortDescription": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-node` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-5xrq-8626-4rwp", "name": "vitest: GHSA-5xrq-8626-4rwp", "shortDescription": {"text": "vitest: GHSA-5xrq-8626-4rwp"}, "fullDescription": {"text": "When Vitest UI server is listening, arbitrary file can be read and executed"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1416"}, "properties": {"repository": "build23w/fdv.lol", "repoUrl": "https://github.com/build23w/fdv.lol", "branch": "main"}, "results": [{"ruleId": "WEB012", "level": "warning", "message": {"text": "Service worker is present without a web app manifest"}, "properties": {"repobilityId": 145356, "scanner": "repobility-web-presence", "fingerprint": "fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A service worker was discovered but no common web manifest file was found.", "evidence": {"rule_id": "WEB012", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/Manifest"], "correlation_key": "fp|fcb0b1c9ad72f83092dc6928d3e76ca25d428a654bdcd26192cf227ad67fe1ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "manifest.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 145355, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 145349, "scanner": "osv-scanner", "fingerprint": "a29c39154b3d962e8a92986cb687c2cc93311e1dc67bf75ba86db7706122cbe3", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 145347, "scanner": "osv-scanner", "fingerprint": "ad7318438e51ccee7492377e5970a124721c0bb1dd7374697e2060cbf57cc787", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-3v7f-55p6-f55p", "level": "warning", "message": {"text": "picomatch: GHSA-3v7f-55p6-f55p"}, "properties": {"repobilityId": 145345, "scanner": "osv-scanner", "fingerprint": "30ae3a5488d2a087216d3ceabd3d79d159e6bbb8b9cca8ff3ebbef177a49b0fe", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33672"], "package": "picomatch", "rule_id": "GHSA-3v7f-55p6-f55p", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33672|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_envelope` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, except=2, for=1, if=6, nested_bonus=5."}, "properties": {"repobilityId": 145332, "scanner": "repobility-threat-engine", "fingerprint": "c9fabe1f8ae531f60a77bfaaa147bb4d2a3479e5a2a1312201186338b8a17eea", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_envelope", "breakdown": {"if": 6, "for": 1, "except": 2, "continue": 2, "nested_bonus": 5}, "complexity": 16, "correlation_key": "fp|c9fabe1f8ae531f60a77bfaaa147bb4d2a3479e5a2a1312201186338b8a17eea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/extra/decrypt.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 145326, "scanner": "repobility-threat-engine", "fingerprint": "1e29fe83eef76b03c64c65fdd9be61f6117e59fded86c059865ff4c75de85d41", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/core/tools.js|161|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/tools.js"}, "region": {"startLine": 161}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 145318, "scanner": "repobility-threat-engine", "fingerprint": "75d5a862c0bff7fc0765cb8c18b4e5407e029c42aa5e37c482deccaa7873acd6", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|75d5a862c0bff7fc0765cb8c18b4e5407e029c42aa5e37c482deccaa7873acd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/router/switch.js"}, "region": {"startLine": 130}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 145317, "scanner": "repobility-threat-engine", "fingerprint": "babe02adc3b8728c441eadd95e4b8da0932660fb4db02b99c36f9c29416a744c", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|babe02adc3b8728c441eadd95e4b8da0932660fb4db02b99c36f9c29416a744c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/sw/register.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 145316, "scanner": "repobility-threat-engine", "fingerprint": "074e86072b8ded0fae951c66a983b2bf56c0af2c1a81257855b7df123b42dac5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|074e86072b8ded0fae951c66a983b2bf56c0af2c1a81257855b7df123b42dac5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "main.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145307, "scanner": "repobility-agent-runtime", "fingerprint": "41ced9ea5fd384d04a79010224368a0a8fd83dada999b799b8149524da4c51a5", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|41ced9ea5fd384d04a79010224368a0a8fd83dada999b799b8149524da4c51a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/lib/flamebar.js"}, "region": {"startLine": 339}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145306, "scanner": "repobility-agent-runtime", "fingerprint": "bd69eba94c9578696e867fa71146190a8b5449c5a9c8e9d76f0769320f059837", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|bd69eba94c9578696e867fa71146190a8b5449c5a9c8e9d76f0769320f059837"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/lib/evolve/evolveRules.js"}, "region": {"startLine": 74}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145305, "scanner": "repobility-agent-runtime", "fingerprint": "dd87453f01555171ccc0ffc16b2d681fed2ebc942798dce2cf8b17486d30bfbd", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|dd87453f01555171ccc0ffc16b2d681fed2ebc942798dce2cf8b17486d30bfbd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/lib/evolve/agentOutcomes.js"}, "region": {"startLine": 60}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145304, "scanner": "repobility-agent-runtime", "fingerprint": "e5a9b11d81dcf55fc8aaace9726c4bd83246c5dfca8ce67ce33e5326f1f38199", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|e5a9b11d81dcf55fc8aaace9726c4bd83246c5dfca8ce67ce33e5326f1f38199"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/hold/index.js"}, "region": {"startLine": 404}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145303, "scanner": "repobility-agent-runtime", "fingerprint": "49ad240a3a436af7ce85509ad602058cb99f450cdd9d61e99d049a9186f95197", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|49ad240a3a436af7ce85509ad602058cb99f450cdd9d61e99d049a9186f95197"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/follow/index.js"}, "region": {"startLine": 68}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145302, "scanner": "repobility-agent-runtime", "fingerprint": "57d82122a179ca0f099b4db15c242655c0d580b2550fefe89a8b82be2b8ee583", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|57d82122a179ca0f099b4db15c242655c0d580b2550fefe89a8b82be2b8ee583"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/cli/app.js"}, "region": {"startLine": 17}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145301, "scanner": "repobility-agent-runtime", "fingerprint": "b5290b4757f484d1273c1968d8bc60e59da4615c285fec536b746f0a257ff039", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|b5290b4757f484d1273c1968d8bc60e59da4615c285fec536b746f0a257ff039"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/router/main/home.js"}, "region": {"startLine": 34}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145300, "scanner": "repobility-agent-runtime", "fingerprint": "597e49ccf50e7d029a873020a63aff73ec67acac534ea31189a9e998e15e9c03", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|597e49ccf50e7d029a873020a63aff73ec67acac534ea31189a9e998e15e9c03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/tools.js"}, "region": {"startLine": 230}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145299, "scanner": "repobility-agent-runtime", "fingerprint": "9d013b71577b7d5158ac020675b16daad7555387118805cce522ca454783d5c7", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|9d013b71577b7d5158ac020675b16daad7555387118805cce522ca454783d5c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/core/ipfs.js"}, "region": {"startLine": 42}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145298, "scanner": "repobility-agent-runtime", "fingerprint": "968cffbfe41a7e59870bd30a17a9a82c9777ba3dc5d2bb34f9bd0b9d6d9e9b84", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|968cffbfe41a7e59870bd30a17a9a82c9777ba3dc5d2bb34f9bd0b9d6d9e9b84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/analytics/shill.js"}, "region": {"startLine": 20}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145297, "scanner": "repobility-agent-runtime", "fingerprint": "a81d61a3e773f9076284be81e44cbb5eab722297008fb0bb862afed528be6519", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|a81d61a3e773f9076284be81e44cbb5eab722297008fb0bb862afed528be6519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agents/driver.js"}, "region": {"startLine": 1861}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 145296, "scanner": "repobility-agent-runtime", "fingerprint": "88889db0738f712044511b51de399227eeabf6b5fbb00c642d820293f6fa46b7", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|88889db0738f712044511b51de399227eeabf6b5fbb00c642d820293f6fa46b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/ads/load.js"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 145293, "scanner": "repobility-ast-engine", "fingerprint": "d59e5ad5a2e58a88931ac3e1cfe37f746ae297acc955672539107f9d5a1e10d7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d59e5ad5a2e58a88931ac3e1cfe37f746ae297acc955672539107f9d5a1e10d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/utils/extra/decrypt.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 145354, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 145353, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 145335, "scanner": "repobility-threat-engine", "fingerprint": "e063e40154853cf5228366eebb6547c6d801d2b1507a6bcc27b299aec8d986ab", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|14|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/parts/header.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 145334, "scanner": "repobility-threat-engine", "fingerprint": "fc941c06473f946ed3742774a01694010cae56ba8238cbb22f8426c253b3d5b8", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = `", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|86|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/search/index.js"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 145333, "scanner": "repobility-threat-engine", "fingerprint": "02bf8668720f72138514b224db4fad5e0eb78b33bc775a60703b589458c91760", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = h", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|66|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/help/index.js"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145292, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b2a1e02f7db4c72a2fd77db71d913df80c24075e83b4c565f28abdbe62b8a35", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/draw.js", "duplicate_line": 39, "correlation_key": "fp|7b2a1e02f7db4c72a2fd77db71d913df80c24075e83b4c565f28abdbe62b8a35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/sticky.js"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03d4de9693a2abaad0c7b84b58fe82a8c895a7270da7f14ec0129847dba0288b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/performers.js", "duplicate_line": 117, "correlation_key": "fp|03d4de9693a2abaad0c7b84b58fe82a8c895a7270da7f14ec0129847dba0288b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/smq.js"}, "region": {"startLine": 137}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145290, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a586593496612037a8ad51073ff056c5cd7057c69e6a649bae021e87faebe55d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/comeback.js", "duplicate_line": 84, "correlation_key": "fp|a586593496612037a8ad51073ff056c5cd7057c69e6a649bae021e87faebe55d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/performers.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145289, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44cfdf0104163c0ce56f204d28ab4a588ebece2ed616880ecd70e72e799fe2ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/draw.js", "duplicate_line": 44, "correlation_key": "fp|44cfdf0104163c0ce56f204d28ab4a588ebece2ed616880ecd70e72e799fe2ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/mom.js"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145288, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8b337f1f6c5e2765c4d4c64da29dca81511b79d5096a2977d48ae68583feb89", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/comeback.js", "duplicate_line": 91, "correlation_key": "fp|f8b337f1f6c5e2765c4d4c64da29dca81511b79d5096a2977d48ae68583feb89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/liquid.js"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145287, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f40e01f638c29e7055ad79f846bf2c811bf0c14289a0305dfdb57717b13ca6d2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/draw.js", "duplicate_line": 44, "correlation_key": "fp|f40e01f638c29e7055ad79f846bf2c811bf0c14289a0305dfdb57717b13ca6d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/holders.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145286, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2db8a77d0b41c30e53cd500df0587969551a3409fe783d2791106ed9a942bd02", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/das.js", "duplicate_line": 96, "correlation_key": "fp|2db8a77d0b41c30e53cd500df0587969551a3409fe783d2791106ed9a942bd02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/engagement.js"}, "region": {"startLine": 144}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145285, "scanner": "repobility-ai-code-hygiene", "fingerprint": "772583de5d962ff15248593ddebd3535b07e7b544112e319d7166c8da6252934", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/das.js", "duplicate_line": 95, "correlation_key": "fp|772583de5d962ff15248593ddebd3535b07e7b544112e319d7166c8da6252934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/degen.js"}, "region": {"startLine": 130}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145284, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9387d81ca933a3f7837340b2ca6ffedf88e749a5fd7c274f002f70a33459f29", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/meme/metrics/kpi/24h.js", "duplicate_line": 49, "correlation_key": "fp|f9387d81ca933a3f7837340b2ca6ffedf88e749a5fd7c274f002f70a33459f29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/kpi/bsi.js"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145283, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5d4ced4092d2c592073349576d1f0e99fb2a9585ae993dece6835d4f35674dd2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/addons/auto/index.js", "duplicate_line": 86, "correlation_key": "fp|5d4ced4092d2c592073349576d1f0e99fb2a9585ae993dece6835d4f35674dd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/loader.js"}, "region": {"startLine": 370}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145282, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cab818a90eac54be8f4823d3e427ac83aa7b7d4ad4dc6ba3405d1602783bd8b4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/addons/auto/lib/tools/dextoolsCandlestickEmbed.js", "duplicate_line": 28, "correlation_key": "fp|cab818a90eac54be8f4823d3e427ac83aa7b7d4ad4dc6ba3405d1602783bd8b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/lib/tools/dextoolsCandlestickHover.js"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145281, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bc907a37bcf06b600b3a08d236889c1bfb6ad3a6482ca11af4d6cfb79600d94b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/vista/addons/auto/lib/evolve/agentOutcomes.js", "duplicate_line": 55, "correlation_key": "fp|bc907a37bcf06b600b3a08d236889c1bfb6ad3a6482ca11af4d6cfb79600d94b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/lib/evolve/evolveRules.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145280, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3d4e8ddd55a6cad82e60e7d0cc50bd6346c0991a13a993de3c57b6c119f5cb5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/utils/netImport.js", "duplicate_line": 20, "correlation_key": "fp|a3d4e8ddd55a6cad82e60e7d0cc50bd6346c0991a13a993de3c57b6c119f5cb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/cli/helpers/web3.node.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145279, "scanner": "repobility-ai-code-hygiene", "fingerprint": "163b7b08e35d1bf1d10e9bad174e257136f83acb5dc554e5655be05c3814a492", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/data/dexscreener.js", "duplicate_line": 183, "correlation_key": "fp|163b7b08e35d1bf1d10e9bad174e257136f83acb5dc554e5655be05c3814a492"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/data/jupiter.js"}, "region": {"startLine": 141}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145278, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bdf19dcadd2dd3aaf2b0988c900cc10b984ef7fe32f1b38be221af6f17c36a70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/agents/frameworks/gary.js", "duplicate_line": 17, "correlation_key": "fp|bdf19dcadd2dd3aaf2b0988c900cc10b984ef7fe32f1b38be221af6f17c36a70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agents/training.js"}, "region": {"startLine": 287}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145277, "scanner": "repobility-ai-code-hygiene", "fingerprint": "268357cf57a7e1b714dffdae89c629024b3cfa4431302fc1a71b676e1315d992", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/agents/memory.js", "duplicate_line": 11, "correlation_key": "fp|268357cf57a7e1b714dffdae89c629024b3cfa4431302fc1a71b676e1315d992"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agents/training.js"}, "region": {"startLine": 149}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145276, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2ee70ec3449b146789f8938606c4b535475ba21a7b7d5248e70e91116821c145", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/agents/frameworks/deepseek.js", "duplicate_line": 16, "correlation_key": "fp|2ee70ec3449b146789f8938606c4b535475ba21a7b7d5248e70e91116821c145"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agents/frameworks/open.js"}, "region": {"startLine": 187}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145275, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a743dbc5a0442087b80982f5fbdb5ca80af727ba7cc9c4c13e56597f24a8250", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/agents/frameworks/grok.js", "duplicate_line": 26, "correlation_key": "fp|5a743dbc5a0442087b80982f5fbdb5ca80af727ba7cc9c4c13e56597f24a8250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agents/frameworks/open.js"}, "region": {"startLine": 175}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 145274, "scanner": "repobility-ai-code-hygiene", "fingerprint": "31959b30e31c5a75e69927766209f4defabfd815c457f6916dd7264a53b01d86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/agents/frameworks/deepseek.js", "duplicate_line": 16, "correlation_key": "fp|31959b30e31c5a75e69927766209f4defabfd815c457f6916dd7264a53b01d86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agents/frameworks/grok.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 145340, "scanner": "repobility-threat-engine", "fingerprint": "479ad3ecd592fb67b4d7a6e885f9f264f18b2f11939abf87277284ef886c8b37", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|479ad3ecd592fb67b4d7a6e885f9f264f18b2f11939abf87277284ef886c8b37"}}}, {"ruleId": "SEC006", "level": "none", "message": {"text": "[SEC006] XSS Risk (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 145336, "scanner": "repobility-threat-engine", "fingerprint": "c7223c5b293eab3205e03c1e7571c1a465b50f9f78c299b0b335e03f4979b570", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c7223c5b293eab3205e03c1e7571c1a465b50f9f78c299b0b335e03f4979b570"}}}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 145331, "scanner": "repobility-threat-engine", "fingerprint": "781219ee48c59486d780877829c9169928fcedcbec550181d331d15cc72aa283", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|781219ee48c59486d780877829c9169928fcedcbec550181d331d15cc72aa283", "aggregated_count": 1}}}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 145330, "scanner": "repobility-threat-engine", "fingerprint": "5f3a0f4af8cafff5a4177c7cbe5c22c2a7664ea87a8bbaa89168ecdc61016b3c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f3a0f4af8cafff5a4177c7cbe5c22c2a7664ea87a8bbaa89168ecdc61016b3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/help/index.js"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 145329, "scanner": "repobility-threat-engine", "fingerprint": "a6b6e72bd73394612d96d770c1c47bd8f72370e4f82fe6f99a8c06da733de737", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a6b6e72bd73394612d96d770c1c47bd8f72370e4f82fe6f99a8c06da733de737"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/addons/auto/cli/helpers/web3.node.js"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED098", "level": "none", "message": {"text": "[MINED098] Global Scope Pollution: Attaching libraries/objects directly to the global window scope (e.g., `window.axios = axios;`) makes the code harder to test and increases the risk of naming collisions."}, "properties": {"repobilityId": 145328, "scanner": "repobility-threat-engine", "fingerprint": "732ef8df954ce9ae0c79a6f10a0db70b563df9c302ae082a5b8c0fed8e8a9b56", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "global-scope-pollution", "owasp": null, "cwe_ids": [], "languages": ["javascript"], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 12, "observations_count": 173528, "ai_coder_pattern_id": 55}, "scanner": "repobility-threat-engine", "correlation_key": "fp|732ef8df954ce9ae0c79a6f10a0db70b563df9c302ae082a5b8c0fed8e8a9b56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/router/switch.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 145322, "scanner": "repobility-threat-engine", "fingerprint": "81847de429283ccd4097c4ce25a138d7a05f611fabd151deb07053e96bc73e74", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|81847de429283ccd4097c4ce25a138d7a05f611fabd151deb07053e96bc73e74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/profile/render/liveLine.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 145321, "scanner": "repobility-threat-engine", "fingerprint": "ac6691ab1f2e690040213aca5c93157196017c23d57bb61782cb640e36a97df3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac6691ab1f2e690040213aca5c93157196017c23d57bb61782cb640e36a97df3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/render/sparkline.js"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 145320, "scanner": "repobility-threat-engine", "fingerprint": "964c1136428c2529b47ae94bb6d85f22d9052f2c6ec449e3e60b20421bb2e7f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|964c1136428c2529b47ae94bb6d85f22d9052f2c6ec449e3e60b20421bb2e7f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/config/env.js"}, "region": {"startLine": 172}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 145319, "scanner": "repobility-threat-engine", "fingerprint": "60d6be488fc9792b7c544c84123a75cbfde5e34988a54174c40e3a6c52f2694e", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|60d6be488fc9792b7c544c84123a75cbfde5e34988a54174c40e3a6c52f2694e"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 145315, "scanner": "repobility-threat-engine", "fingerprint": "317c961554ed23683dcac1775831b9eda180ad5028734917a32bc667d866b39c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|317c961554ed23683dcac1775831b9eda180ad5028734917a32bc667d866b39c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/trader.mjs"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 145314, "scanner": "repobility-threat-engine", "fingerprint": "da744c8cafebe9279f721e7315e49759149bc9c1fe9bbd46f541dfd04c163387", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|da744c8cafebe9279f721e7315e49759149bc9c1fe9bbd46f541dfd04c163387"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/shill/page.js"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 145313, "scanner": "repobility-threat-engine", "fingerprint": "652603a8b90a68a9b5e4bba3be6b0f089b1da1a4de263c1a43d85dc2671e9751", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|652603a8b90a68a9b5e4bba3be6b0f089b1da1a4de263c1a43d85dc2671e9751"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli.mjs"}, "region": {"startLine": 311}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 145311, "scanner": "repobility-threat-engine", "fingerprint": "d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d57f94c2e96069b4a87a7fb2ba46f76103ae7ecd579ffae7064a6551df416baa"}}}, {"ruleId": "GHSA-v2wj-q39q-566r", "level": "error", "message": {"text": "vite: GHSA-v2wj-q39q-566r"}, "properties": {"repobilityId": 145351, "scanner": "osv-scanner", "fingerprint": "26dd44d904cb58efc27da82c8f3fd12bd90966beb7c41fff61781002c1c269b3", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39364"], "package": "vite", "rule_id": "GHSA-v2wj-q39q-566r", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39364|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-p9ff-h696-f583", "level": "error", "message": {"text": "vite: GHSA-p9ff-h696-f583"}, "properties": {"repobilityId": 145350, "scanner": "osv-scanner", "fingerprint": "74706d04ab6d8bfe7312a4697f147a5516ecc3d8594635783aa73d093aa1cf65", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39363"], "package": "vite", "rule_id": "GHSA-p9ff-h696-f583", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39363|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-mw96-cpmx-2vgc", "level": "error", "message": {"text": "rollup: GHSA-mw96-cpmx-2vgc"}, "properties": {"repobilityId": 145348, "scanner": "osv-scanner", "fingerprint": "ed276b578dd792205530ea8c1755b60a57b763362e9f3af6f2df12199cc7050c", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-27606"], "package": "rollup", "rule_id": "GHSA-mw96-cpmx-2vgc", "scanner": "osv-scanner", "correlation_key": "vuln|rollup|CVE-2026-27606|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-c2c7-rcm5-vvqj", "level": "error", "message": {"text": "picomatch: GHSA-c2c7-rcm5-vvqj"}, "properties": {"repobilityId": 145346, "scanner": "osv-scanner", "fingerprint": "356628ab6cc3056e83b1170d71837bfac9065ba371ffe0eb957a317fb053e285", "category": "dependency", "severity": "high", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-33671"], "package": "picomatch", "rule_id": "GHSA-c2c7-rcm5-vvqj", "scanner": "osv-scanner", "correlation_key": "vuln|picomatch|CVE-2026-33671|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/meme/metrics/tests/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED027", "level": "error", "message": {"text": "[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState \u2014 React skips re-render on mutated reference."}, "properties": {"repobilityId": 145341, "scanner": "repobility-threat-engine", "fingerprint": "7af1bb8829edccd51b256f5f862bacfe1dd4f30a5a3fa6594a2b763bc20d40db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-state-array-mutation", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347961+00:00", "triaged_in_corpus": 15, "observations_count": 14444, "ai_coder_pattern_id": 136}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7af1bb8829edccd51b256f5f862bacfe1dd4f30a5a3fa6594a2b763bc20d40db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/vista/profile/render/liveLine.js"}, "region": {"startLine": 164}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any