Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
48 of your 156 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 64.96s for a 138.0 MB repo slow.
  • Repobility's analysis ran in 25.19s after the clone landed.

nocodb/nocodb

https://github.com/nocodb/nocodb · scanned 2026-06-05 09:04 UTC (5 days, 17 hours ago) · 10 languages

1640 raw signals (130 security + 1510 graph) 10/13 scanners ran 5th percentile · Typescript · huge (>500K LoC) System graph score 55 (higher by 15)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 17 hours ago · v2 · 800 actionable findings from 2 signal sources. 85 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
65.8
/100
Security checks
77
67 findings
System graph
55
100.0% cov · 733 findings
Critical
13
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 100.0 0.25 25.00
testing_score 37.0 0.20 7.40
documentation_score 64.0 0.15 9.60
practices_score 74.0 0.15 11.10
code_quality 80.0 0.10 8.00
Overall 1.00 70.1
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 13 High 36 Medium 17 Low 312 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 67 System graph 733 Crowd 0 Layer: Quality 242 Security 31 Cicd 17 Software 59 Frontend 386 Hardware 1 Api 64
Scan summary Quality grade B (70/100). Dimensions: security 100, maintainability 60. 130 findings (49 security). 555,472 lines analyzed.

Showing 377 of 800 actionable findings. 885 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks software dependencies conf 0.90 ✓ Repobility [MINED123] Trojan Source bidi character (LRM) in source: Line 414 contains a Unicode bidirectional override character (U+200E LRM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer.
Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source.
packages/nc-gui/components/smartsheet/grid/PaginationV2.vue:414
critical Security checks cicd CI/CD security conf 0.96 Compose service contains a literal secret environment value
Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file.
docker-compose/nginx-proxy-manager/docker-compose.yml:33 CI/CD securitycontainers
critical Security checks cicd CI/CD security conf 0.96 Compose service contains a literal secret environment value
Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file.
docker-compose/2_pg/docker-compose.yml:14 CI/CD securitycontainers
critical Security checks cicd CI/CD security conf 0.98 2 occurrences Compose service mounts the Docker socket
Avoid mounting docker.sock. Use a narrow proxy, rootless build service, or provider-native deployment credentials.
lines 42, 84
docker-compose/3_traefik/docker-compose.yml:42, 84 (2 hits)
CI/CD securitycontainers
high Security checks security auth conf 0.88 Token handoff appears to use a callback URL or fragment
Use a server-side one-time authorization code tied to a registered callback allowlist. Do not append access tokens to callback URLs or fragments.
packages/nc-gui/middleware/03.auth.global.ts:185
critical System graph security Secrets conf 1.00 4 occurrences Possible secret in packages/nc-gui/utils/baseCreateUtils.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 119, 126, 133, 140
packages/nc-gui/utils/baseCreateUtils.ts:119, 126, 133, 140 (4 hits)
critical System graph security Secrets conf 1.00 3 occurrences Possible secret in packages/nc-secret-mgr/src/nocodb/cli.js
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
lines 2
packages/nc-secret-mgr/src/nocodb/cli.js:2 (3 hits)
critical System graph security Secrets conf 1.00 Possible secret in packages/noco-integrations/nocodb-sdk-reference.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/noco-integrations/nocodb-sdk-reference.ts:145
critical System graph security Secrets conf 1.00 Possible secret in packages/nocodb-sdk/src/lib/formBuilder/index.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/nocodb-sdk/src/lib/formBuilder/index.ts:9
critical System graph security Secrets conf 1.00 Possible secret in packages/nocodb-sdk/src/lib/XcUIBuilder.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/nocodb-sdk/src/lib/XcUIBuilder.ts:42
critical System graph security Secrets conf 1.00 Possible secret in packages/nocodb/src/modules/auth/ui/auth/resetPassword.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/nocodb/src/modules/auth/ui/auth/resetPassword.ts:89
critical System graph security Secrets conf 1.00 Possible secret in packages/nocodb/src/services/base-users/ui/auth/resetPassword.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/nocodb/src/services/base-users/ui/auth/resetPassword.ts:89
critical System graph security Secrets conf 1.00 Possible secret in packages/nocodb/src/types/nc-plugin/common/XcUIBuilder.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/nocodb/src/types/nc-plugin/common/XcUIBuilder.ts:46
high Security checks security auth conf 0.70 2 occurrences [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /api/v1/notifications/:notificationId.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
lines 103, 119
packages/nocodb/src/controllers/notifications.controller.ts:103, 119 (2 hits)
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /api/v1/workspaces/:workspaceId/invitations.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
packages/nocodb/src/controllers/workspace-users.controller.ts:49
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /api/v1/workspaces/:workspaceId/users/:userId.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
packages/nocodb/src/controllers/workspace-users.controller.ts:30
high Security checks security auth conf 0.70 2 occurrences [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /api/v3/meta/views/:viewId/columns.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
lines 90, 124
packages/nocodb/src/controllers/view-columns.controller.ts:90, 124 (2 hits)
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /data/:viewId/:rowId/hm/:colId/exclude.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
packages/nocodb/src/controllers/datas.controller.ts:98
high Security checks security auth conf 0.70 [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /data/:viewId/:rowId/oo/:colId/exclude.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
packages/nocodb/src/controllers/datas.controller.ts:81
high Security checks security auth conf 0.70 2 occurrences [AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: ANY /row-color-conditions/:id.
Add ownership, tenant, relationship, or policy checks before reading or mutating the target object.
lines 76, 106
packages/nocodb/src/controllers/view-row-color.controller.ts:76, 106 (2 hits)
high Security checks software dependencies conf 0.90 ✓ Repobility 4 occurrences [MINED122] package.json dep `xlsx` pulled from URL/Git: `devDependencies.xlsx` = `https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload.
Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI.
4 files, 4 locations
package.json:1
packages/nc-gui/package.json:1
packages/noco-integrations/core/package.json:1
packages/nocodb/package.json:1
high Security checks software Prototype pollution conf 1.00 [SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie).
Sanitize keys BEFORE merge: function sanitize(obj) { delete obj.__proto__; delete obj.constructor; delete obj.prototype; return obj; } Or use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation.
packages/nc-gui/store/base.ts:43
high Security checks software Prototype pollution conf 1.00 [SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled object into a target without filtering `__proto__`/`constructor`/`prototype` keys lets attackers inject properties onto Object.prototype, affecting every object in the process. CWE-1321. Real-world: CVE-2019-10744 (lodash), CVE-2021-23337 (lodash.set), CVE-2023-26136 (tough-cookie).
Sanitize keys BEFORE merge: function sanitize(obj) { delete obj.__proto__; delete obj.constructor; delete obj.prototype; return obj; } Or use Object.create(null) for the target. Or use Map() for user-key-indexed data. Upgrade lodash >= 4.17.21 for partial mitigation.
packages/nc-gui/composables/useUserSorts.ts:81
high Security checks security Injection conf 1.00 [SEC036] HTTP Header Injection / CRLF Injection: Setting an HTTP response header from user input without stripping CRLF lets attackers inject extra headers (Set-Cookie, etc.) or split the response. Real CVEs: CVE-2017-15193 (Mahara), CVE-2019-11358 (Django), CVE-2020-26116 (Python http.client). CWE-93/113.
Strip `\r\n` before setting headers: safe = value.replace('\r','').replace('\n','') response.headers['X-Custom'] = safe Most modern frameworks (Django 3+, Express 4.10+) already do this — but custom header-setting code often doesn't. Prefer framework methods (`response.set_cookie`) over manual …
packages/nocodb/src/controllers/attachments.controller.ts:214
high Security checks security Injection conf 1.00 [SEC036] HTTP Header Injection / CRLF Injection: Setting an HTTP response header from user input without stripping CRLF lets attackers inject extra headers (Set-Cookie, etc.) or split the response. Real CVEs: CVE-2017-15193 (Mahara), CVE-2019-11358 (Django), CVE-2020-26116 (Python http.client). CWE-93/113.
Strip `\r\n` before setting headers: safe = value.replace('\r','').replace('\n','') response.headers['X-Custom'] = safe Most modern frameworks (Django 3+, Express 4.10+) already do this — but custom header-setting code often doesn't. Prefer framework methods (`response.set_cookie`) over manual …
packages/nocodb/src/controllers/attachments-secure.controller.ts:151
medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 6 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `peter-evans/dockerhub-description` pinned to mutable ref `@v2`: `uses: peter-evans/dockerhub-description@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos…
3 files, 6 locations
.github/workflows/docker-readme-publish.yml:14 (2 hits)
.github/workflows/jest-unit-test.yml:28 (2 hits)
.github/workflows/on-event-issue-closed.yml:14 (2 hits)
CI/CD securitySupply chainGitHub Actions
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 19 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…
7 files, 19 locations
.github/workflows/bats-test.yml:17, 34 (4 hits)
.github/workflows/dependency-review.yml:23, 26 (4 hits)
.github/workflows/jest-unit-test.yml:24, 32 (4 hits)
.github/workflows/ci-cd.yml:34 (2 hits)
.github/workflows/cleanup-caches-by-branch.yml:11 (2 hits)
.github/workflows/docker-readme-publish.yml:12 (2 hits)
.github/workflows/dispatch-oss.yml:12
CI/CD securitySupply chainGitHub Actions
high Security checks cicd CI/CD security conf 0.90 ✓ Repobility 2 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `tim-actions/get-pr-commits` pinned to mutable ref `@master`: `uses: tim-actions/get-pr-commits@master` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin …
lines 20, 24
.github/workflows/dco-check.yml:20, 24 (2 hits)
CI/CD securitySupply chainGitHub Actions
high System graph security Secrets conf 1.00 .env file present in repo: docker-compose/3_traefik/.env
A raw .env file is in the working tree. Verify it isn't committed and that secrets are in a vault.
Config
high System graph api Wiring conf 1.00 Dangling fetch: GET http://localhost:${process.env.PORT || 8080}/api/v1/auth/user/me (packages/nocodb/src/run/testDocker.ts:78)
`packages/nocodb/src/run/testDocker.ts:78` calls `GET http://localhost:${process.env.PORT || 8080}/api/v1/auth/user/me` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/http:/localhost:/<p>/api/v1/auth/user/me` If thi…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: GET https://nocodb.com/api/v1/feedback_form (packages/nocodb/src/utils/feedbackForm.ts:5)
`packages/nocodb/src/utils/feedbackForm.ts:5` calls `GET https://nocodb.com/api/v1/feedback_form` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/nocodb.com/api/v1/feedback_form` If this points at an external …
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: PATCH http://localhost:${process.env.PORT || 8080}/api/v1/users/${ user.data.id } (packages/nocodb/src/run/testDocker.ts:87)
`packages/nocodb/src/run/testDocker.ts:87` calls `PATCH http://localhost:${process.env.PORT || 8080}/api/v1/users/${ user.data.id }` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/http:/loc…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST http://localhost:${ process.env.PORT || 8080 }/api/v1/auth/user/signin (packages/nocodb/src/run/testDocker.ts:54)
`packages/nocodb/src/run/testDocker.ts:54` calls `POST http://localhost:${ process.env.PORT || 8080 }/api/v1/auth/user/signin` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/http:/localhost:/<p…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST http://localhost:${ process.env.PORT || 8080 }/api/v1/auth/user/signup (packages/nocodb/src/run/testDocker.ts:43)
`packages/nocodb/src/run/testDocker.ts:43` calls `POST http://localhost:${ process.env.PORT || 8080 }/api/v1/auth/user/signup` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/http:/localhost:/<p…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST http://localhost:${ process.env.PORT || 8080 }/api/v1/auth/user/signup (packages/nocodb/src/run/testDocker.ts:67)
`packages/nocodb/src/run/testDocker.ts:67` calls `POST http://localhost:${ process.env.PORT || 8080 }/api/v1/auth/user/signup` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/http:/localhost…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://product-feed.nocodb.com/api/v1/cloud/features (packages/nocodb/src/services/utils.service.ts:634)
`packages/nocodb/src/services/utils.service.ts:634` calls `POST https://product-feed.nocodb.com/api/v1/cloud/features` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/product-feed.nocodb.com/api/v1/cloud/featu…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://product-feed.nocodb.com/api/v1/social/feed (packages/nocodb/src/services/utils.service.ts:578)
`packages/nocodb/src/services/utils.service.ts:578` calls `POST https://product-feed.nocodb.com/api/v1/social/feed` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/product-feed.nocodb.com/api/v1/social/feed` I…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://telemetry.nocodb.com/api/v1/newsletter/sdhjh34u3yuy34bj343jhj4iwolaAdsdj3434uiut4nn (packages/nocodb/src/utils/tele.ts:168)
`packages/nocodb/src/utils/tele.ts:168` calls `POST https://telemetry.nocodb.com/api/v1/newsletter/sdhjh34u3yuy34bj343jhj4iwolaAdsdj3434uiut4nn` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/telemetry.nocodb…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://telemetry.nocodb.com/api/v1/telemetry (packages/nocodb/src/utils/tele.ts:130)
`packages/nocodb/src/utils/tele.ts:130` calls `POST https://telemetry.nocodb.com/api/v1/telemetry` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/telemetry.nocodb.com/api/v1/telemetry` If this points at an ex…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://telemetry.nocodb.com/api/v1/telemetry (packages/nocodb/src/utils/tele.ts:93)
`packages/nocodb/src/utils/tele.ts:93` calls `POST https://telemetry.nocodb.com/api/v1/telemetry` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/telemetry.nocodb.com/api/v1/telemetry` If this points at an ext…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://telemetry.nocodb.com/api/v1/telemetry (packages/nocodb/src/utils/TeleBatchProcessor.ts:46)
`packages/nocodb/src/utils/TeleBatchProcessor.ts:46` calls `POST https://telemetry.nocodb.com/api/v1/telemetry` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/telemetry.nocodb.com/api/v1/telemetry` If this po…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https://telemetry.nocodb.com/api/v1/telemetry/apis_created (packages/nocodb/src/utils/tele.ts:158)
`packages/nocodb/src/utils/tele.ts:158` calls `POST https://telemetry.nocodb.com/api/v1/telemetry/apis_created` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: axios Normalized path used for matching: `/https:/telemetry.nocodb.com/api/v1/telemetry/apis_create…
Dangling fetchAxios
high System graph api Wiring conf 1.00 Dangling fetch: POST https:\\u002F\\u002Fo1061291.ingest.sentry.io\\u002Fapi\\u002F6173372\\u002Fstore\\u002F?sentry_key=e2e585110fec1fe15198199002e82b9a (packages/nocodb/src/modules/jobs/jobs/at-import/engine/mockResponses/initialize.ts:9)
`packages/nocodb/src/modules/jobs/jobs/at-import/engine/mockResponses/initialize.ts:9` calls `POST https:\\u002F\\u002Fo1061291.ingest.sentry.io\\u002Fapi\\u002F6173372\\u002Fstore\\u002F?sentry_key=e2e585110fec1fe15198199002e82b9a` but no backend route matches that path. This is a runtime 404 wait…
Dangling fetchFetch
high System graph cicd CI/CD security conf 1.00 2 occurrences GitHub Action tracks a moving branch
tim-actions/get-pr-commits@master can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
lines 20, 24
.github/workflows/dco-check.yml:20, 24 (2 hits)
CI/CD securitySupply chainGithub actions
high System graph security security conf 1.00 Insecure pattern 'exec_used' in scripts/installLocalSdk.js:7
Found a known-risky pattern (exec_used). Review and replace if possible.
scripts/installLocalSdk.js:7 Exec used
medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.
Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.
high Security checks security auth conf 0.74 [AUC002] Low visible authorization coverage in route inventory: Only 39.7% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence.
Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes.
high Security checks security auth conf 0.68 10 occurrences [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: ANY /[.
Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml.
5 files, 10 locations
packages/nocodb/src/controllers/views.controller.ts:32, 61, 90, 193 (4 hits)
packages/nocodb/src/controllers/extensions.controller.ts:26, 76 (2 hits)
packages/nocodb/src/controllers/integrations.controller.ts:31, 82 (2 hits)
packages/nocodb/src/controllers/kanbans.controller.ts:25
packages/nocodb/src/controllers/view-columns.controller.ts:33
medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
packages/nc-gui/composables/useDialog/index.ts:111
packages/nc-gui/composables/useProvideChatwoot.ts:55
packages/nc-gui/utils/validation.ts:359
medium Security checks quality Quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
packages/nc-gui/utils/generateName.ts:7
medium Security checks quality Quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
packages/nc-gui/utils/aliasUtils.ts:5
low Security checks quality Quality conf 1.00 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.
Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.
packages/nc-gui/composables/useUserSync.ts:33
medium Security checks cicd CI/CD security conf 0.94 4 occurrences Compose service `nocodb` image uses the latest tag
Pin to a maintained version tag or digest and update it deliberately through dependency automation.
4 files, 4 locations
docker-compose/2_pg/docker-compose.yml:2
docker-compose/3_traefik/docker-compose.yml:5
docker-compose/nginx-proxy-manager/docker-compose.yml:20
docker-compose/nginx/docker-compose.yml:20
CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.84 Database data bind mount is inside the Docker build context
Prefer a named volume or a host path outside the build context. If a repo-local path is required, add it to .dockerignore and .gitignore and verify backups separately.
docker-compose/nginx/docker-compose.yml:37 CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.86 Database dump or local database file is included in Docker build context
Move database dumps outside the Docker build context or exclude them with .dockerignore. Keep backup and restore artifacts in private object storage or a dedicated backup workflow.
.dockerignore CI/CD securitycontainers
medium Security checks cicd CI/CD security conf 0.88 Database service has no healthcheck
Add a database-native healthcheck such as pg_isready, mysqladmin ping, redis-cli ping, or the vendor's readiness command.
docker-compose/nginx/docker-compose.yml:37 CI/CD securitycontainers
high Security checks quality Quality conf 0.74 9 occurrences Frontend API reference is not matched by discovered backend routes
Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore.
7 files, 9 locations
packages/nc-gui/components/account/UserList.vue:29, 100 (2 hits)
packages/nc-gui/components/dashboard/TreeView/Project/ActionMenu.vue:134, 142 (2 hits)
packages/nc-gui/components/account/UsersModal.vue:151
packages/nc-gui/components/dashboard/settings/base/Migrate.vue:25
packages/nc-gui/components/dlg/QuickImport.vue:252
packages/nc-gui/components/smartsheet/details/Api.vue:77
packages/nc-secret-mgr/src/nocodb/cli.js:2
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nc-gui/components/cell/attachment/utils.ts:430
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nc-gui/composables/useInfiniteGroups.ts:117
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nc-gui/utils/svgToPng.ts:101
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nocodb/src/mcp/mcp.service.ts:200
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nocodb/src/modules/jobs/jobs/at-import/engine/mockResponses/initialize.ts:9
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in packages/nc-gui/utils/cryptoUtils.ts:5
Found a known-risky pattern (weak_hash). Review and replace if possible.
packages/nc-gui/utils/cryptoUtils.ts:5 Weak hash
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in packages/nc-gui/utils/dataUtils.ts:74
Found a known-risky pattern (weak_hash). Review and replace if possible.
packages/nc-gui/utils/dataUtils.ts:74 Weak hash
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
20 test file(s) for 1951 source file(s) (ratio 0.01). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks security auth conf 0.76 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.
Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior.
high Security checks cicd CI/CD security conf 0.56 Compose service does not declare a runtime user
Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive.
docker-compose/2_pg/docker-compose.yml:2 CI/CD securitycontainers
high Security checks cicd CI/CD security conf 0.62 Compose service lacks no-new-privileges hardening
Add `security_opt: ["no-new-privileges:true"]` unless the service has a documented need for privilege escalation.
docker-compose/2_pg/docker-compose.yml:2 CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.58 Database password is wired through an environment variable placeholder
Prefer Compose secrets or your platform secret manager with *_FILE variables where the image supports them. Rotate only if a real value was committed.
docker-compose/nginx/docker-compose.yml:37 CI/CD securitycontainers
low Security checks cicd CI/CD security conf 0.58 Database password is wired through an environment variable placeholder
Prefer Compose secrets or your platform secret manager with *_FILE variables where the image supports them. Rotate only if a real value was committed.
docker-compose/3_traefik/docker-compose.yml:100 CI/CD securitycontainers
low System graph quality Maintenance conf 1.00 392 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb-sdk-v2/rslib.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb-sdk-v2/script/build.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb-sdk-v2/src/sdk/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/.eslintrc.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/build-utils/resolveTsAliases.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/jest.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/rspack.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/rspack.dev.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/rspack.timely.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/app.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/cli.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/constants/controllers.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/dbQueryClient/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/guards/global/global.guard.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/init.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/instrument.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/integrations/integration.store.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/interface/AppSettings.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/interface/IEmailAdapter.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/interface/IStorageAdapter.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/interface/Mail.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/interface/XcMetaMgr.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/mcp/descriptions.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/nocobuild.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/data-columns/attachment.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/express.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/metaProps/base-meta-props.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/mime-lite.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-context-cache.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/common/XcNotification.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/common/XcUIBuilder.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/index.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/lib/IEmailAdapter.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/lib/IStorageAdapter.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/lib/IStorageAdapterV2.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/lib/IWebhookNotificationAdapter.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/nc-plugin/lib/XcPluginConfig.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/resumable-stream.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/types/utils.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/utils/getInstance.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/utils/globals.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/utils/packageVersion.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/version-upgrader/upgraders/0100002_ncFilterUpgrader.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/version-upgrader/upgraders/0105002_ncStickyColumnUpgrader.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/version-upgrader/upgraders/0105004_ncHookUpgrader.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/version-upgrader/upgraders/0107004_ncProjectConfigUpgrader.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/src/version-upgrader/upgraders/0258003_ncDuplicatePluginMerge.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/nocodb/test/app.e2e-spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/downgradeSqlite.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/installLocalSdk.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `allow_copy` in packages/nocodb/src/meta/migrations/v1/nc_001_init.ts:305
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `allow_copy` in packages/nocodb/src/meta/migrations/v2/nc_096_deprecate_unused.ts:20
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `columnListOld` in packages/nocodb/src/db/sql-client/lib/mysql/mysql.queries.ts:1
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `conflictsWithOld` in packages/nocodb/src/services/columns.service.ts:2321
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `filterHelpers_old` in packages/nocodb-sdk/src/lib/filterHelpers.ts:10
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `filterHelpers_old` in packages/nocodb-sdk/src/lib/filterHelpers_old.spec.ts:2
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `filterHelpers_old` in packages/nocodb-sdk/src/lib/filterHelpers_withparser.spec.ts:2
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `iconMapOld` in packages/nc-gui/utils/iconUtils.ts:851
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `isOld` in packages/nocodb/src/providers/init-meta-service.provider.ts:81
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_018_add_enabled_to_filter_exp_v2` in packages/nocodb/src/meta/migrations/XcMigrationSourcev0.ts:18
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_094_add_meta_to_filter_exp_v2` in packages/nocodb/src/meta/migrations/XcMigrationSourcev2.ts:84
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_base_users_v2` in packages/nocodb/src/meta/migrations/v0/nc_202605160000_cleanup_orphan_base_users.ts:5
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_bases_v2` in packages/nocodb/src/meta/migrations/v0/nc_019_sandboxes.ts:32
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_bases_v2` in packages/nocodb/src/utils/globals.ts:2
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_calendar_view_range_v2` in packages/nocodb/src/meta/migrations/v2/nc_050_tenant_isolation.ts:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_col_lookup_v2` in packages/nocodb/src/meta/migrations/v0/nc_001_init.ts:199
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_col_props_v2` in packages/nocodb/src/meta/migrations/v2/nc_011.ts:127
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_col_props_v2` in packages/nocodb/src/models/Column.ts:540
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_columns_v2` in packages/nocodb/src/modules/jobs/migration-jobs/nc_job_010_soft_delete_column.ts:470
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_columns_v2` in packages/nocodb/src/modules/jobs/migration-jobs/nc_job_011_normalize_soft_delete_sqlite.ts:38
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_dashboards_v2` in packages/nocodb/src/meta/migrations/v2/nc_091_unify_model.ts:6
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_doc_revisions_v2` in packages/nocodb/src/meta/migrations/v0/nc_202605281200_doc_revisions.ts:15
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_filter_exp_v2` in packages/nocodb/src/meta/migrations/v0/nc_018_add_enabled_to_filter_exp_v2.ts:4
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_filter_exp_v2` in packages/nocodb/src/meta/migrations/v2/nc_094_add_meta_to_filter_exp_v2.ts:4
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_models_v2` in packages/nocodb/src/meta/migrations/v0/nc_202604160000_docs_in_data.ts:5
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_users_v2` in packages/nocodb/src/meta/migrations/v0/nc_202602260000_unify_ce_roles.ts:25
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nc_users_v2` in packages/nocodb/src/meta/migrations/v2/nc_017_add_user_token_version_column.ts:4
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nocoBaseDataProcessing_v2` in packages/nocodb/src/modules/jobs/jobs/at-import/at-import.processor.ts:1544
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `nocoBaseDataProcessing_v2` in packages/nocodb/src/modules/jobs/jobs/at-import/helpers/readAndProcessData.ts:116
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `tn_old` in packages/nc-secret-mgr/src/nocodb/cli.js:2
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `tn_old` in packages/nocodb/src/db/sql-client/lib/KnexClient.ts:896
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `tn_old` in packages/nocodb/src/db/sql-client/lib/pg/PgClient.ts:3656
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `tn_old` in packages/nocodb/src/services/tables.service.ts:245
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph cicd CI/CD security conf 1.00 3 occurrences package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
3 files, 3 locations
package.json
packages/nc-gui/package.json
packages/nocodb-sdk/package.json
CI/CD securitySupply chainNpm
low System graph frontend Frontend quality conf 1.00 React Flow <Controls> without dark theming — packages/nc-gui/components/ai/Erd/Flow.vue:85
`<Controls>` ships with white buttons. Override `.react-flow__controls` and `.react-flow__controls-button` in your stylesheet or pass a styled wrapper. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.controls.no-bg
Fq controls no bg
low System graph frontend Frontend quality conf 1.00 React Flow <Controls> without dark theming — packages/nc-gui/components/erd/Flow.vue:85
`<Controls>` ships with white buttons. Override `.react-flow__controls` and `.react-flow__controls-button` in your stylesheet or pass a styled wrapper. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.controls.no-bg
Fq controls no bg
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/account/setup/Config.vue:67
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/cell/attachment/utils.ts:282
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/cell/Json.vue:83
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/cell/MultiSelect/Editor.vue:261
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/cell/RichText/LinkOrImageOptions.vue:80
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/cell/SingleSelect/Editor.vue:201
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/dashboard/MiniSidebar/CreateNewActionMenu.vue:93
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/dashboard/settings/app-store/AppInstall.vue:121
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/dashboard/TreeView/Table/Node.vue:365
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/dlg/NocoDbImport.vue:98
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/dlg/QuickImport.vue:520
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/monaco/Editor.vue:215
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/nc/form-builder/SampleModal.vue:76
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/details/Api.vue:80
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/grid/canvas/cells/index.ts:533
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/grid/canvas/composables/useCopyPaste.ts:1287
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/grid/canvas/composables/useFillHandler.ts:218
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/grid/canvas/loaders/ActionManager.ts:100
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/grid/InfiniteTable.vue:1961
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/grid/Table.vue:1674
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/header/ColumnMenu.vue:359
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/smartsheet/toolbar/Calendar/Range.vue:137
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/tabs/Smartsheet.vue:239
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/virtual-cell/barcode/JsBarcodeWrapper.vue:43
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/components/virtual-cell/Button.vue:236
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useAccountSetupStore.ts:123
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useBetaFeatureToggle.ts:304
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useCalendarViewStore.ts:628
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useCommandPalette/index.ts:171
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useExtensions.ts:368
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useFieldQuery.ts:90
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useGlobal/index.ts:33
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useInfiniteData.ts:2283
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useSharedExecutionFn.ts:36
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useViewAggregate.ts:115
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useViewFilters.ts:513
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/composables/useViewGroupBy.ts:447
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/helpers/tiptap-markdown/extensions/marks/underline.ts:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/lib/ncMessage.ts:325
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/plugins/error-handler.ts:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/plugins/state.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/store/notification.ts:82
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/utils/commonUtils.ts:61
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/utils/datetimeUtils.ts:94
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/utils/generateName.ts:28
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/utils/storageUtils.ts:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-gui/workers/importWorker.ts:163
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-secret-mgr/src/core/logger.ts:4
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-secret-mgr/src/core/SecretManager.ts:104
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-secret-mgr/src/index.ts:8
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nc-secret-mgr/src/nocodb/cli.js:2
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/noco-integrations/core/src/sync/types.ts:86
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/noco-integrations/scripts/build-optimized.js:216
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/error-handler/nc-error-base.ts:661
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/is.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/sqlUi/DatabricksUi.ts:287
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/sqlUi/MysqlUi.ts:666
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/sqlUi/PgUi.ts:1167
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/sqlUi/SnowflakeUi.ts:377
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/sqlUi/SqliteUi.ts:297
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb-sdk/src/lib/timezoneUtils.spec.ts:42
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/build-utils/registerIntegrations.js:67
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/build-utils/syncDependencies.js:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/controllers/api-docs/template/redocHtml.ts:63
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/controllers/api-docs/template/swaggerHtml.ts:55
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/CustomKnex.ts:782
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/formulav2/lookup-or-ltar-builder.ts:688
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-client/lib/data.helper.ts:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-client/lib/KnexClient.ts:325
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-client/lib/mysql/MysqlClient.ts:1935
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-client/lib/order.ts:46
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-client/lib/pg/PgClient.ts:2711
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-client/lib/sqlite/SqliteClient.ts:1714
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-data-mapper/__tests__/conditionClause.test.js:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-data-mapper/__tests__/conditionGraph.test.js:84
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-data-mapper/__tests__/sql.test.js:80
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-data-mapper/__tests__/whereClause.test.js:152
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-data-mapper/__tests__/xSelect.test.js:135
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-data-mapper/lib/BaseModel.ts:243
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-mgr/SqlMgr.ts:326
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-mgr/v2/SqlMgrv2.ts:103
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/sql-migrator/lib/KnexMigratorv2.ts:1212
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/util/Debug.ts:52
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/db/util/DebugMgr.ts:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/guards/global/global.guard.ts:32
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/helpers/initAdminFromEnv.ts:24
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/helpers/populateMeta.ts:500
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/helpers/syncMigration.ts:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/meta.service.ts:679
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v0/nc_001_init.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v0/nc_013_composite_pk_missing_tables.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v0/nc_202604071200_default_org.ts:61
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v0/nc_202604071201_scim_config_default_role.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v0/nc_202604100000_audit_org_id.ts:8
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v2/nc_044_view_column_index.ts:5
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v2/nc_050_tenant_isolation.ts:18
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v2/nc_054_id_length.ts:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v2/nc_056_integration.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/meta/migrations/v2/nc_092_composite_pk.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts:1063
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/models/View.ts:2229
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/init-migration-jobs.ts:111
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_001_attachment.ts:21
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_002_thumbnail.ts:21
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_003_recover_links.ts:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_004_cleanup_duplicate_column.ts:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_007_recover_order_column.ts:30
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_008_recover_disconnected_table_name.ts:57
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/modules/jobs/migration-jobs/nc_job_011_normalize_soft_delete_sqlite.ts:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/discord/Discord.ts:23
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/mattermost/Mattermost.ts:23
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/ses/SES.ts:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/slack/Slack.ts:23
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/smtp/SMTP.ts:62
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/teams/Teams.ts:23
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/twilio/Twilio.ts:25
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/plugins/twilioWhatsapp/TwilioWhatsapp.ts:25
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/public/js/vue.global.js:2018
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/cloud.ts:71
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/docker.ts:29
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/dockerEntry.ts:21
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/dockerRunMysql.ts:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/dockerRunPG.ts:39
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/dockerRunPG_CyQuick.ts:33
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/local.ts:22
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/testDocker.ts:52
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/run/timely.ts:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/services/columns.service.ts:5328
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/services/meta-diffs.service.ts:843
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/services/public-datas.service.ts:448
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/services/utils.service.ts:149
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/utils/weAreHiring.ts:4
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/version-upgrader/NcUpgrader.ts:122
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/version-upgrader/upgraders/0111005_ncXcdbCreatedAndUpdatedSystemFieldsUpgrader.ts:24
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/version-upgrader/upgraders/0225002_ncDatasourceDecrypt.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/src/version-upgrader/upgraders/0258003_ncDuplicatePluginMerge.ts:49
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/tests/export-import/exportSchema.js:276
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/nocodb/tests/export-import/importSchema.js:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — scripts/addMigration.js:62
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — scripts/installLocalSdk.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph api Wiring conf 1.00 Unused endpoint: ALL /mcp/:mcpTokenId
`packages/nocodb/src/mcp/mcp.controller.ts` declares `ALL /mcp/:mcpTokenId` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /api/v1/db/meta/views/:viewId/row-color-conditions/:id
`packages/nocodb/src/controllers/view-row-color.controller.ts` declares `DELETE /api/v1/db/meta/views/:viewId/row-color-conditions/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead…
Unused endpoint

Showing first 300 of 377. Refine filters or use the findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/ac9bfbed-85b8-40b6-bc96-88903626f9c2/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/ac9bfbed-85b8-40b6-bc96-88903626f9c2/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.