← Back to scan
File as GitHub Issue repo: Stirling-Tools/Stirling-PDF

Push this scan report to Stirling-Tools/Stirling-PDF

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

`self._load_translation_file` used but never assigned in __init__

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
HIGH MINED108 [MINED108] `self.find_untranslated_entries` used but never assigned in __init__: Method `… scripts/translations/translation_analyz…:155
HIGH MINED108 [MINED108] `self.find_missing_translations` used but never assigned in __init__: Method `… scripts/translations/translation_analyz…:154
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `find_extra_t… scripts/translations/translation_analyz…:146
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `find_extra_t… scripts/translations/translation_analyz…:145
HIGH MINED108 [MINED108] `self._load_translation_file` used but never assigned in __init__: Method `fin… scripts/translations/translation_analyz…:143
HIGH MINED108 [MINED108] `self._is_expected_identical` used but never assigned in __init__: Method `fin… scripts/translations/translation_analyz…:119
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `find_untrans… scripts/translations/translation_analyz…:101
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `find_untrans… scripts/translations/translation_analyz…:100
HIGH MINED108 [MINED108] `self._load_translation_file` used but never assigned in __init__: Method `fin… scripts/translations/translation_analyz…:98
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `find_missing… scripts/translations/translation_analyz…:87
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `find_missing… scripts/translations/translation_analyz…:86
HIGH MINED108 [MINED108] `self._load_translation_file` used but never assigned in __init__: Method `fin… scripts/translations/translation_analyz…:84
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `_flatten_dic… scripts/translations/translation_analyz…:67
HIGH MINED108 [MINED108] `self.get_translation_prompt` used but never assigned in __init__: Method `tra… scripts/translations/batch_translator.py:99
HIGH MINED108 [MINED108] `self._load_toml` used but never assigned in __init__: Method `validate_key_or… scripts/translations/toml_beautifier.py:181
HIGH MINED108 [MINED108] `self._compare_structures` used but never assigned in __init__: Method `beauti… scripts/translations/toml_beautifier.py:138
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `beautify_and… scripts/translations/toml_beautifier.py:129
HIGH MINED108 [MINED108] `self._flatten_dict` used but never assigned in __init__: Method `beautify_and… scripts/translations/toml_beautifier.py:128
HIGH MINED108 [MINED108] `self._save_toml` used but never assigned in __init__: Method `beautify_and_re… scripts/translations/toml_beautifier.py:125
HIGH MINED108 [MINED108] `self.restructure_translation_file` used but never assigned in __init__: Metho… scripts/translations/toml_beautifier.py:122
HIGH MINED134 [MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gra… gradle/wrapper/gradle-wrapper.jar:1
HIGH MINED121 [MINED121] requirements.txt installs from `brotli @ git+https://github.com/google/brotli.… .github/scripts/requirements_dev.txt:10
HIGH MINED118 [MINED118] Dockerfile FROM `eclipse-temurin:25-jre-alpine` not pinned by digest: `FROM ec… docker/embedded/Dockerfile.ultra-lite:50
HIGH MINED118 [MINED118] Dockerfile FROM `gradle:9.3.1-jdk25` not pinned by digest: `FROM gradle:9.3.1-… docker/embedded/Dockerfile.ultra-lite:5
HIGH MINED118 [MINED118] Dockerfile FROM `eclipse-temurin:25-jre-noble` not pinned by digest: `FROM ecl… docker/embedded/Dockerfile.fat:50
HIGH MINED118 [MINED118] Dockerfile FROM `gradle:9.3.1-jdk25` not pinned by digest: `FROM gradle:9.3.1-… docker/embedded/Dockerfile.fat:9
HIGH MINED118 [MINED118] Dockerfile FROM `ghcr.io/astral-sh/uv:python3.13-bookworm-slim` not pinned by … engine/Dockerfile.dev:2
HIGH MINED131 [MINED131] pre-commit hook `https://github.com/pappasam/toml-sort` pinned to mutable rev … .pre-commit-config.yaml:37
HIGH MINED131 [MINED131] pre-commit hook `https://github.com/pre-commit/pre-commit-hooks` pinned to mut… .pre-commit-config.yaml:28
HIGH MINED131 [MINED131] pre-commit hook `https://github.com/gitleaks/gitleaks` pinned to mutable rev `… .pre-commit-config.yaml:24
HIGH MINED131 [MINED131] pre-commit hook `https://github.com/codespell-project/codespell` pinned to mut… .pre-commit-config.yaml:14
HIGH MINED131 [MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutab… .pre-commit-config.yaml:2
HIGH MINED112 [MINED112] FastAPI POST /generate has no auth: Handler `generate_endpoint` is registered … engine/src/stirling/api/routes/pdf_comm…:28
HIGH MINED112 [MINED112] FastAPI DELETE /by-owner has no auth: Handler `purge_caller_documents` is regi… engine/src/stirling/api/routes/document…:70
HIGH MINED112 [MINED112] FastAPI DELETE /by-id/{document_id} has no auth: Handler `delete_document` is … engine/src/stirling/api/routes/document…:49
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `ingest_document` is register… engine/src/stirling/api/routes/document…:23
HIGH MINED112 [MINED112] FastAPI POST /deliberate has no auth: Handler `deliberate_endpoint` is registe… engine/src/stirling/api/routes/ledger.py:47
HIGH MINED112 [MINED112] FastAPI POST /examine has no auth: Handler `examine_endpoint` is registered wi… engine/src/stirling/api/routes/ledger.py:38
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `orchestrate` is registered w… engine/src/stirling/api/routes/orchestr…:30
HIGH MINED112 [MINED112] FastAPI POST /next-action has no auth: Handler `next_action` is registered wit… engine/src/stirling/api/routes/executio…:15
HIGH MINED112 [MINED112] FastAPI POST /revise has no auth: Handler `revise_agent` is registered with ro… engine/src/stirling/api/routes/agent_dr…:28
HIGH MINED112 [MINED112] FastAPI POST /draft has no auth: Handler `draft_agent` is registered with rout… engine/src/stirling/api/routes/agent_dr…:20
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `pdf_edit` is registered with… engine/src/stirling/api/routes/pdf_edit…:15
HIGH MINED112 [MINED112] FastAPI POST (unknown path) has no auth: Handler `pdf_questions` is registered… engine/src/stirling/api/routes/pdf_ques…:15
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/bulk_auto_translat…:89
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/compact_translator…:56
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/compact_translator…:41
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/validate_json_stru…:41
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/translation_merger…:289
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/translation_merger…:77
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/translation_merger…:46
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/auto_translate.py:379
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/translation_analyz…:55
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/translation_analyz…:35
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/batch_translator.py:345
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/translations/toml_beautifier.py:31
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… testing/cucumber/features/environment.py:59
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… testing/cucumber/features/environment.py:46
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/index_type3_catalogue.py:58
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/download_pdf_samples.py:154
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/harvest_type3_fonts.py:221
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/harvest_type3_fonts.py:211
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/harvest_type3_fonts.py:123
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/type3_to_cff.py:492
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/type3_to_cff.py:318
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/type3_to_cff.py:92
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/convert_cff_to_ttf.py:490
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/convert_cff_to_ttf.py:77
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… scripts/update_type3_library.py:113
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… frontend/editor/src/proprietary/compone…:86
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… frontend/editor/src/proprietary/compone…:93
MED SEC046 [SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning win… frontend/editor/src/core/hooks/useUrlSy…:41
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… frontend/editor/src/core/components/too…:165
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… frontend/editor/src/core/components/too…:108
MED SEC041 [SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blan… frontend/editor/src/core/components/onb…:42
MED SEC123 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production … engine/src/stirling/config/settings.py:168
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … frontend/editor/src/core/services/updat…:195
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … frontend/editor/src/core/services/share…:11
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … app/proprietary/src/main/java/stirling/…:63
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… app/common/src/main/java/stirling/softw…:121
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… app/common/src/main/java/stirling/softw…:89
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… app/common/src/main/java/stirling/softw…:66
MED SEC031 [SEC031] Catastrophic Backtracking Regex (ReDoS): Regex contains nested quantifiers like … app/common/src/main/java/stirling/softw…:49
MED COMP001 [COMP001] High cognitive complexity: Function `discover` has cognitive complexity 17 (Son… engine/scripts/generate_tool_models.py:67
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DKR018 Database dump or local database file is included in Docker build context .dockerignore
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/services/au…:145
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/services/au…:95
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/extensions/…:96
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/extensions/…:23
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/components/…:144
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/components/…:143
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/components/…:128
MED JRN002 Browser storage is used for session token material frontend/editor/src/desktop/components/…:127
MED JRN002 Browser storage is used for session token material frontend/editor/src/core/services/httpE…:80
MED JRN002 Browser storage is used for session token material frontend/editor/src/core/services/googl…:161
MED JRN002 Browser storage is used for session token material frontend/editor/src/core/components/sha…:56
MED JRN002 Browser storage is used for session token material frontend/editor/src/core/components/onb…:30
MED DKR001 Docker final stage has no non-root USER engine/Dockerfile.dev:2
MED DKR001 Docker final stage has no non-root USER engine/Dockerfile:2
MED DKR001 Docker final stage has no non-root USER docker/frontend/Dockerfile:19
MED DKR001 Docker final stage has no non-root USER docker/embedded/Dockerfile.ultra-lite:50
MED DKR001 Docker final stage has no non-root USER docker/embedded/Dockerfile.fat:57
MED DKR001 Docker final stage has no non-root USER docker/embedded/Dockerfile:61
MED DKR001 Docker final stage has no non-root USER docker/base/Dockerfile:367
MED AGT007 localStorage write failures are swallowed silently frontend/editor/src/core/components/too…:395
MED AGT007 localStorage write failures are swallowed silently frontend/editor/src/core/components/sha…:49
MED AGT007 localStorage write failures are swallowed silently frontend/editor/src/core/components/onb…:17
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore docker/embedded/Dockerfile.ultra-lite:40
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore docker/embedded/Dockerfile.fat:41
MED DKR014 Dockerfile copies broad context with incomplete .dockerignore docker/embedded/Dockerfile:40
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:538
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:531
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:440
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:148
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:127
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:254
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:214
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:155
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:137
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:97
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:289
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:265
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/sha…:81
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/onb…:123
MED JRN003 Frontend API reference is not matched by discovered backend routes frontend/editor/src/core/components/fil…:151
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/core/src/main/java/stirling/softwar…:265
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/core/src/main/java/stirling/softwar…:44
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/core/src/main/java/stirling/softwar…:384
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/common/src/main/java/stirling/softw…:20
MED AUC009 [AUC009] Sensitive function route lacks elevated authorization evidence: A route appears … app/common/src/main/java/stirling/softw…:15
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… app/proprietary/src/main/java/stirling/…:31
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… app/common/src/main/java/stirling/softw…:20
MED AUC004 [AUC004] Admin route does not show super_admin separation: An administrative route was de… app/common/src/main/java/stirling/softw…:15
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… app/common/src/main/java/stirling/softw…:75
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… app/common/src/main/java/stirling/softw…:119
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… app/common/src/main/java/stirling/softw…:207
LOW COMP001 [COMP001] High cognitive complexity: Function `_rewrite_refs` has cognitive complexity 10… engine/scripts/generate_tool_models.py:185
LOW COMP001 [COMP001] High cognitive complexity: Function `_get_query_parameters` has cognitive compl… engine/scripts/generate_tool_models.py:149
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:30
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:50
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:120
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:38
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:34
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:36
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:31
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:49
LOW AIC003 Duplicated implementation block across source files app/core/src/main/java/stirling/softwar…:25
LOW AIC003 Duplicated implementation block across source files app/common/src/main/java/stirling/softw…:30
LOW AIC003 Duplicated implementation block across source files app/common/src/main/java/stirling/softw…:16
LOW AIC003 Duplicated implementation block across source files app/common/src/main/java/stirling/softw…:161
LOW AIC003 Duplicated implementation block across source files app/common/src/main/java/stirling/softw…:27
LOW AIC003 Duplicated implementation block across source files app/common/src/main/java/stirling/softw…:38
LOW WEB005 robots.txt does not advertise a sitemap frontend/editor/public/robots.txt
LOW DKR008 .dockerignore misses sensitive defaults .dockerignore
LOW DKC010 Compose service lacks no-new-privileges hardening docker/compose/docker-compose.yml:1
LOW DKC006 Compose service does not declare a runtime user docker/compose/docker-compose.yml:1
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. frontend/editor/src/proprietary/auth/Us…:267
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. frontend/editor/src/desktop/extensions/…:25
INFO MINED049 [MINED049] Print Pii: Logging password/token/email/ssn directly to stdout. frontend/editor/src/core/hooks/useRainb…:157
INFO MINED053 [MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin… frontend/editor/src/core/components/too…:3
INFO MINED053 [MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin… frontend/editor/src/core/components/too…:3
INFO MINED053 [MINED053] Placeholder Default Username: [email protected] / [email protected] / admin/admin… frontend/editor/src/core/components/too…:4
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. frontend/editor/src/core/components/sha…:115
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. frontend/editor/src/core/components/sha…:140
INFO MINED054 [MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely. frontend/editor/src/core/components/sha…:32
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. frontend/editor/src/core/components/sha…:102
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. frontend/editor/src/core/components/sha…:156
INFO MINED052 [MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety. frontend/editor/src/core/components/pag…:32
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … frontend/editor/src/core/components/sha…:77
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … frontend/editor/src/core/components/sha…:151
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … frontend/editor/src/core/components/onb…:102
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… frontend/editor/src/core/components/sha…:57
INFO MINED058 [MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escapi… frontend/editor/src/core/components/onb…:163
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… frontend/editor/src/core/components/sha…:31
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… frontend/editor/src/core/components/sha…:48
INFO MINED056 [MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re… frontend/editor/src/core/components/onb…:40
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. frontend/editor/src-tauri/src/lib.rs:201
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… frontend/editor/src-tauri/thumbnail-han…:149
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… frontend/editor/src-tauri/src/commands/…:27
INFO MINED068 [MINED068] Rust Unsafe Block: unsafe { ... } block. Compiler safety guarantees disabled i… frontend/editor/src-tauri/src/commands/…:62
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … frontend/editor/scripts/setup-env.mts:50
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … frontend/editor/scripts/sample-pdf/gene…:24
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … frontend/editor/scripts/generate-icons.…:12
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. engine/src/stirling/documents/store.py:11
INFO MINED062 [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model. engine/src/stirling/api/routes/orchestr…:72
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. engine/src/stirling/agents/pdf_comment/…:19
INFO MINED047 [MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explic… frontend/editor/src/core/i18n.ts:35
INFO MINED047 [MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explic… engine/src/stirling/agents/ledger/valid…:32
INFO MINED047 [MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explic… engine/src/stirling/agents/ledger/valid…:11
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… engine/src/stirling/api/routes/orchestr…:168
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… engine/src/stirling/api/app.py:110
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… engine/src/stirling/agents/contradictio…:48
INFO MINED085 [MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM. app/proprietary/src/main/java/stirling/…:59
INFO MINED085 [MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM. app/core/src/main/java/stirling/softwar…:122
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… app/core/src/main/java/stirling/softwar…:66
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… app/core/src/main/java/stirling/softwar…:154
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… app/common/src/main/java/stirling/softw…:89
INFO MINED083 [MINED083] Java Thread Start: Raw thread creation. Should use ExecutorService for managed… app/common/src/main/java/stirling/softw…:31
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `Stirling-Tools/Stirling-PDF`

**Score: 68/100 (A-)**  ·  281 findings  ·  scanned 2026-06-05 07:26 UTC  ·  510,008 LOC

| Severity | Count |
|---|---|
| CRITICAL | 32 |
| HIGH | 81 |
| MEDIUM | 91 |
| LOW | 23 |

📊 [Full filterable report](https://repobility.com/scan/aeb22723-45c8-4d6f-af4d-b72b584ba6d4/)  ·  ![scorecard](https://repobility.com/scan/aeb22723-45c8-4d6f-af4d-b72b584ba6d4/report.png?v=1780644395-s2)

### Top findings

1. **HIGH** `MINED108` — `self.find_untranslated_entries` used but never assigned in __init__
   `scripts/translations/translation_analyzer.py:155` · ✓ Repobility
2. **HIGH** `MINED108` — `self.find_missing_translations` used but never assigned in __init__
   `scripts/translations/translation_analyzer.py:154` · ✓ Repobility
3. **HIGH** `MINED108` — `self._flatten_dict` used but never assigned in __init__
   `scripts/translations/translation_analyzer.py:146` · ✓ Repobility
4. **HIGH** `MINED108` — `self._flatten_dict` used but never assigned in __init__
   `scripts/translations/translation_analyzer.py:145` · ✓ Repobility
5. **HIGH** `MINED108` — `self._load_translation_file` used but never assigned in __init__
   `scripts/translations/translation_analyzer.py:143` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/aeb22723-45c8-4d6f-af4d-b72b584ba6d4/_
Already filed
This repo publishes a SECURITY.md policy and the scan contains 22 Critical/High security finding(s). Public issue filing would violate coordinated disclosure. Submit privately via the project's security reporting channel.
Megaproject â high spam risk
Could not determine 'Stirling-Tools/Stirling-PDF' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Filing guard overridden Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.