Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
37 of your 56 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

LadybirdBrowser/ladybird

https://github.com/LadybirdBrowser/ladybird · scanned 2026-06-05 09:01 UTC (5 days, 18 hours ago) · 10 languages

1179 raw signals (51 security + 1128 graph) 11/13 scanners ran 68th percentile · C · medium (20-100K LoC) System graph score 67 (lower by 5)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 18 hours ago · v2 · 532 actionable findings from 2 signal sources. 81 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
73.1
/100
Security checks
79
12 findings
System graph
67
100.0% cov · 520 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 75.0 0.15 11.25
security_score 100.0 0.25 25.00
testing_score 0.0 0.20 0.00
documentation_score 60.0 0.15 9.00
practices_score 61.0 0.15 9.15
code_quality 80.0 0.10 8.00
Overall 1.00 62.4
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 140 Medium 32 Low 178 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 12 System graph 520 Crowd 0 Layer: Quality 212 Security 150 Software 79 Cicd 4 Api 1 Frontend 80 Network 1 Hardware 5
Scan summary Quality grade C+ (62/100). Dimensions: security 100, maintainability 75. 51 findings (32 security). 58,409 lines analyzed.

Showing 199 of 532 actionable findings. 613 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks software dependencies conf 0.90 ✓ Repobility 3 occurrences [MINED126] Workflow container/services image `ghcr.io/flathub-infra/flatpak-github-actions:kde-6.9` unpinned: `container/services image: ghcr.io/flathub-infra/flatpak-github-actions:kde-6.9` without `@sha256:...` pulls a mutable tag at workflow-run time. Treat workflow container references with the same supply-chain discipline as Dockerfile FROM lines.
Replace with `ghcr.io/flathub-infra/flatpak-github-actions:kde-6.9@sha256:<digest>`. Re-pin via Dependabot Docker scope.
3 files, 3 locations
.github/workflows/flatpak-template.yml:18
.github/workflows/libjs-test262.yml:22
.github/workflows/lint-code.yml:13
medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
Add a .gitignore appropriate for your language/framework.
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/include.js:111
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/fetch/api/headers/headers-no-cors.any.js:5
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/fetch/api/resources/utils.js:113
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/html/canvas/element/manual/imagebitmap/common.sub.js:63
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/resources/idlharness.js:3566
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/resources/testharness-shadowrealm-outer.js:27
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/resources/testharness.js:5052
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/service-workers/cache-storage/cache-add.https.any.js:332
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/service-workers/cache-storage/cache-match.https.any.js:200
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/service-workers/cache-storage/cache-put.https.any.js:25
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/url/resources/a-element-origin.js:2
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/url/url-constructor.any.js:54
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/url/url-origin.any.js:2
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/url/url-setters-a-area.window.js:9
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/url/url-setters.any.js:9
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Tests/LibWeb/Text/input/wpt-import/urlpattern/resources/urlpatterntests.js:185
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph hardware Security conf 1.00 Dockerfile runs as root: .devcontainer/fedora-ci/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph hardware Security conf 1.00 Dockerfile runs as root: Meta/Docker/ci/Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
Container
medium System graph cicd CI/CD security conf 1.00 17 occurrences GitHub Action is tag-pinned rather than SHA-pinned
docker/login-action@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
8 files, 17 locations
.github/workflows/ci-image.yml:90, 97, 100, 121, 128 (5 hits)
.github/workflows/js-and-wasm-benchmarks.yml:52, 72 (4 hits)
.github/workflows/dev-container.yml:29, 36 (2 hits)
.github/workflows/libjs-test262.yml:146 (2 hits)
.github/workflows/flatpak-template.yml:23
.github/workflows/merge-conflict-labeler.yml:23
.github/workflows/nightly-android.yml:46
.github/workflows/notes-push.yml:20
CI/CD securitySupply chainGitHub Actions
medium System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
3 files, 3 locations
.github/workflows/ci-image.yml
.github/workflows/dev-container.yml
.github/workflows/notes-push.yml
CI/CD securitySupply chainGithub actions
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Meta/Generators/generate_libwasm_spec_test.py:278
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Meta/Linters/check_html_doctype.py:29
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Meta/Linters/check_idl_files.py:38
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Meta/Linters/check_newlines_at_eof.py:37
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Meta/Linters/check_style.py:72
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Meta/Utils/build_vcpkg.py:39
`subprocess.check_output(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Tests/LibJS/test-js-ast.py:60
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Tests/LibJS/test-js-bytecode.py:70
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Tests/LibWeb/test-css-tokenizer.py:70
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
low Security checks quality Quality conf 0.60 7 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
7 files, 7 locations
AK/StringView.h:239
AK/Utf8View.cpp:151
Libraries/LibCore/LocalServerWindows.cpp:7
Libraries/LibCore/SocketWindows.cpp:24
Libraries/LibCore/SystemWindows.cpp:142
Libraries/LibCore/TCPServerWindows.cpp:19
Libraries/LibCore/UDPServerWindows.cpp:22
duplicationquality
low System graph quality Maintenance conf 1.00 187 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
Deployment
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: fedora:$VERSION
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
.devcontainer/fedora-ci/Dockerfile:2 containersPinned dependencies
low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: ubuntu:26.04
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Meta/Docker/ci/Dockerfile:1 containersPinned dependencies
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Base/res/ladybird/about-pages/settings/new-tab-page.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/HTML/DedicatedWorkerGlobalScope-instanceof-worker.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/HTML/ModuleLoading/evaluation-error-cycle-a.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/HTML/ModuleLoading/evaluation-error-cycle-b.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/HTML/ModuleLoading/evaluation-error-cycle-throw.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/HTML/ModuleLoading/evaluation-error-cycle-throw2.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/HTML/ModuleLoading/import-in-a-module.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/js-export-rename-helper.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/js-export-rename-module.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/script-src-set-after-insertion.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/content-security-policy/script-src/simpleSourcedScript.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/fullscreen/idlharness.window.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/gamepad/idlharness.window.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/geolocation/idlharness.https.window.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/html-aam/roles-dynamic-switch.tentative.window.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/notifications/idlharness.https.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/quirks/hashless-hex-color/support/common.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/serial/idlharness.https.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/idlharness.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/abort.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/close-propagation-backward.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/close-propagation-forward.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/error-propagation-backward.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/error-propagation-forward.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/general-addition.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/piping/general.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/readable-byte-streams/enqueue-with-detached-buffer.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/readable-byte-streams/patched-global.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/resources/recording-streams.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/resources/rs-test-templates.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/resources/test-utils.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/transform-streams/cancel.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/transform-streams/errors.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/writable-streams/aborting.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/writable-streams/bad-strategies.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/streams/writable-streams/close.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/core/js/call_indirect.wast.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/core/js/call_ref.wast.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/core/js/return_call_ref.wast.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/core/js/simd/simd_linking.wast.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/core/js/start.wast.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/constructor/instantiate-bad-imports.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/global/value-get-set.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/global/valueOf.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/memory/constructor-shared.tentative.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/memory/constructor.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/memory/grow.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/memory/to-fixed-length-buffer.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/memory/to-resizable-buffer-shared.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/memory/to-resizable-buffer.any.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph cicd CI/CD security conf 1.00 38 occurrences GitHub Action is tag-pinned rather than SHA-pinned
actions/[email protected] can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
11 files, 38 locations
.github/workflows/libjs-test262.yml:26, 31, 37, 43, 49 (10 hits)
.github/workflows/js-and-wasm-artifacts.yml:52, 169, 176 (6 hits)
.github/workflows/web-benchmarks.yml:39, 50, 135 (6 hits)
.github/workflows/js-and-wasm-benchmarks.yml:38, 114 (4 hits)
.github/workflows/lagom-template.yml:52, 54, 223 (4 hits)
.github/workflows/ci-image.yml:37, 82 (2 hits)
.github/workflows/lint-commits.yml:15 (2 hits)
.github/workflows/dev-container.yml:26
CI/CD securitySupply chainGitHub Actions
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 10 places
Functions with the same first-5-line body hash: Meta/Debuggers/gdb/AK.py:children, Meta/Debuggers/gdb/AK.py:children, Meta/Debuggers/gdb/AK.py:children, Meta/Debuggers/gdb/AK.py:children This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygien…
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 18 places
Functions with the same first-5-line body hash: Meta/Debuggers/gdb/AK.py:to_string, Meta/Debuggers/gdb/AK.py:to_string, Meta/Debuggers/gdb/AK.py:to_string, Meta/Debuggers/gdb/AK.py:to_string This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hy…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 9 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: Libraries/LibGfx/TIFFGenerator.py:export_name, Libraries/LibGfx/TIFFGenerator.py:export_name This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separa…
9 occurrences
repo-level (9 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 3 occurrences Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: Tests/LibWeb/test-css-tokenizer.py:diff, Tests/LibJS/test-js-bytecode.py:diff, Tests/LibJS/test-js-ast.py:diff This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document …
3 occurrences
repo-level (3 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: Meta/Debuggers/lldb/AK.py:has_children, Meta/Debuggers/lldb/AK.py:has_children, Meta/Debuggers/lldb/AK.py:has_children, Meta/Debuggers/lldb/AK.py:has_children This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 3 occurrences Near-duplicate function bodies in 7 places
Functions with the same first-5-line body hash: Meta/Debuggers/lldb/AK.py:update, Meta/Debuggers/lldb/AK.py:update, Meta/Debuggers/lldb/AK.py:update, Meta/Debuggers/lldb/AK.py:update This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). …
3 occurrences
repo-level (3 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `cssSizeToLegacy` in Tests/LibWeb/Text/input/wpt-import/editing/include/implementation.js:138
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `cssSizeToLegacy` in Tests/LibWeb/Text/input/wpt-import/editing/include/tests.js:4847
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `maybe_unused` in Libraries/LibGfx/TIFFGenerator.py:583
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `maybe_unused` in Meta/Generators/generate_ipc_definitions.py:580
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `maybe_unused` in Meta/Generators/generate_libjs_bytecode_def_derived.py:376
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `maybe_unused` in Meta/Generators/generate_libweb_css_property_id.py:105
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `maybe_unused` in Meta/Generators/generate_window_or_worker_interfaces.py:385
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `type_copy` in Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/wasm-module-builder.js:992
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_atomic_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:4
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_bytestring_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:9
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_distinct_numeric_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:41
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_fixedarray_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:47
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_hashmap_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:53
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_nonnullrefptr_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:60
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_optional_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:78
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_ownptr_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:92
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_refcounted_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:102
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_refptr_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:107
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_singlylinkedlist_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:125
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_string_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:141
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_stringview_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:186
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_variant_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:196
low System graph software Dead code conf 1.00 Possibly dead Python function: ak_vector_summary
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:208
low System graph software Dead code conf 1.00 Possibly dead Python function: handle_comment
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_dom_tree.py:259
low System graph software Dead code conf 1.00 Possibly dead Python function: handle_data
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_dom_tree.py:253
low System graph software Dead code conf 1.00 Possibly dead Python function: handle_startendtag
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_dom_tree.py:177
low System graph software Dead code conf 1.00 Possibly dead Python function: handle_starttag
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_dom_tree.py:174
low System graph software Dead code conf 1.00 Possibly dead Python function: has_children
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Debuggers/lldb/AK.py:507
low System graph software Dead code conf 1.00 Possibly dead Python function: Settings
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
.ycm_extra_conf.py:59
low System graph software Dead code conf 1.00 Possibly dead Python function: sort_key
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_libweb_css_property_id.py:1111
low System graph software Dead code conf 1.00 Possibly dead Python function: write_exposed_interface_header
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_window_or_worker_interfaces.py:553
low System graph software Dead code conf 1.00 Possibly dead Python function: write_exposed_interface_implementation
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_window_or_worker_interfaces.py:569
low System graph software Dead code conf 1.00 Possibly dead Python function: write_forward_header
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_window_or_worker_interfaces.py:687
low System graph software Dead code conf 1.00 Possibly dead Python function: write_intrinsic_definitions_header
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_window_or_worker_interfaces.py:201
low System graph software Dead code conf 1.00 Possibly dead Python function: write_intrinsic_definitions_implementation
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Meta/Generators/generate_window_or_worker_interfaces.py:227
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/AST/input/locals-and-globals.js:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/annex-b-function-in-if.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/baseline.js:5
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/block-scoping.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/catch-scope-boundary.js:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/class-environment.js:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/class-literal-fields.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/for-loop-scoping.js:8
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/function-decl-source-order.js:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/global-variables.js:5
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/lexical-env-teardown.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/mov-merging.js:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/nested-function-decl-source-order.js:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/nested-try-finally-continue.js:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/sequential-try-blocks.js:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/switch-completion-value.js:1
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/switch-local-only-let.js:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/switch-scoping.js:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/try-catch-scoping.js:8
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/try-finally-continue.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/try-finally.js:5
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Bytecode/input/with-statement.js:4
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Runtime/modules/json-modules.js:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Runtime/operators/binary-relational.js:38
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Runtime/operators/delete-basic.js:129
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Runtime/regress/proxied-constructor-leads-to-use-after-free.js:27
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Runtime/syntax/functions-in-tree-order-non-strict.js:105
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibJS/Runtime/syntax/functions-in-tree-order-strict.js:110
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibWeb/Text/input/ServiceWorker/service-worker.js:2
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibWeb/Text/input/wpt-import/html/browsers/origin/api/origin-from-messageevent.window.js:4
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Tests/LibWeb/Text/input/wpt-import/resources/testharness.js:2852
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph quality Integrity conf 1.00 Stub function `handle_comment` (body is just `pass`/`return`) — Meta/Generators/generate_dom_tree.py:259
Likely an AI scaffold that was never filled in. Remove or implement.
Empty handlerDead code
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/AsmIntGen/src/allocator.rs (1607 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/AsmIntGen/src/codegen_aarch64.rs (2833 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/AsmIntGen/src/codegen_x86_64.rs (1740 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/ast.rs (1797 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/ast_dump.rs (1432 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/bytecode/codegen.rs (10025 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/bytecode/generator.rs (2078 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/bytecode_cache.rs (4091 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/lexer.rs (1369 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/lib.rs (3754 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/parser.rs (1654 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/parser/declarations.rs (2265 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/parser/expressions.rs (2769 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibJS/Rust/src/scope_collector.rs (1480 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibRegex/Rust/src/compiler.rs (1535 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibRegex/Rust/src/parser.rs (1784 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibRegex/Rust/src/vm.rs (3600 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibURL/Rust/src/url/parser.rs (1297 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibWasm/Rust/src/compiler.rs (2117 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibWeb/HTML/Parser/Rust/src/parser.rs (4979 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibWeb/HTML/Parser/Rust/src/tokenizer.rs (3248 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Libraries/LibWeb/Rust/src/css_tokenizer.rs (1382 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Meta/Generators/generate_libweb_css_property_id.py (1631 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibJS/Runtime/3rdparty/webkit/pcre-test-1.js (6133 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibJS/Runtime/builtins/Intl/NumberFormat/NumberFormat.prototype.format.js (1868 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibJS/Runtime/builtins/Intl/NumberFormat/NumberFormat.prototype.formatToParts.js (1666 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Ref/input/wpt-import/resources/testdriver.js (2758 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/css/style-invalidation/structural-matrix.js (2566 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/editing/include/implementation.js (8526 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/editing/include/tests.js (5756 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/html/syntax/parsing/named-character-references-data.js (2233 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/resources/idlharness.js (3573 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/resources/testdriver.js (2758 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/resources/testharness.js (5225 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/resources/WebIDLParser.js (4001 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/streams/readable-byte-streams/general.any.js (2987 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/streams/writable-streams/aborting.any.js (1567 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/wasm/jsapi/wasm-module-builder.js (1645 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/mldsa_vectors.js (1086 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/ade0aeb2-8611-4ef2-a50d-31b9bd439477/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/ade0aeb2-8611-4ef2-a50d-31b9bd439477/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.