erxes/erxes

Component	Sub-score	Weight	Contribution
`structure_score`	60.0	0.15	9.00
`security_score`	100.0	0.25	25.00
`testing_score`	0.0	0.20	0.00
`documentation_score`	60.0	0.15	9.00
`practices_score`	61.0	0.15	9.15
`code_quality`	80.0	0.10	8.00
Overall		1.00	60.1

low Security checks cicd CI/CD security conf 0.35 ✓ Repobility 25 occurrences Workflow references repository secrets in a pull_request workflow

Fork pull_request runs do not receive normal repository secrets on GitHub Actions. Review this as a reliability/intent signal, not as direct fork-secret exfiltration. Raise severity only for pull_request_target or another trusted-context path that runs untrusted PR code with secrets.

12 files, 24 locations

.github/workflows/ci-api-accounting.yml:61, 62 (2 hits)

.github/workflows/ci-api-content.yml:61, 62 (2 hits)

.github/workflows/ci-api-frontline.yml:62, 63 (2 hits)

.github/workflows/ci-api-gateway.yml:50, 51 (2 hits)

.github/workflows/ci-api-loyalty.yml:61, 62 (2 hits)

.github/workflows/ci-api-operation.yml:61, 62 (2 hits)

.github/workflows/ci-api-payment.yml:61, 62 (2 hits)

.github/workflows/ci-api-tourism.yml:61, 62 (2 hits)

CI/CD securityworkflow secretsGitHub Actions

critical System graph security Secrets conf 1.00 Possible secret in backend/services/automations/src/executions/actions/webhook/outgoing/outgoingWebhook.ts

Detected pattern matching password_literal. Rotate the credential and move to a secret manager.

backend/services/automations/src/executions/actions/webhook/outgoing/outgoingWebhook.ts:80

critical System graph security Secrets conf 1.00 2 occurrences Possible secret in frontend/core-ui/src/modules/types/paths/AppPath.ts

Detected pattern matching password_literal. Rotate the credential and move to a secret manager.

lines 4, 6

frontend/core-ui/src/modules/types/paths/AppPath.ts:4, 6 (2 hits)

critical System graph security Secrets conf 1.00 Possible secret in frontend/core-ui/src/modules/types/paths/SettingsPath.ts

Detected pattern matching password_literal. Rotate the credential and move to a secret manager.

frontend/core-ui/src/modules/types/paths/SettingsPath.ts:6

critical System graph security Secrets conf 1.00 Possible secret in frontend/plugins/mongolian_ui/src/modules/msdynamic/constants.ts

Detected pattern matching password_literal. Rotate the credential and move to a secret manager.

frontend/plugins/mongolian_ui/src/modules/msdynamic/constants.ts:21

high Security checks software dependencies conf 0.90 ✓ Repobility 3 occurrences [MINED122] package.json dep `testing` pulled from URL/Git: `devDependencies.testing` = `link:@apollo/client/testing` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload.

Publish the dependency to npm (or your private registry) and reference it by `^x.y.z`. If that's not possible, lock by commit SHA: `git+https://...#<full-sha>` AND verify the SHA in CI.

lines 1

package.json:1 (3 hits)

low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 71 occurrences GitHub Action is tag-pinned rather than SHA-pinned

[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lo…

12 files, 38 locations

.github/workflows/ci-api-accounting.yml:25, 33 (4 hits)

.github/workflows/ci-api-content.yml:25, 33 (4 hits)

.github/workflows/ci-api-frontline.yml:26, 34 (4 hits)

.github/workflows/ci-api-loyalty.yml:25, 33 (4 hits)

.github/workflows/ci-api-payment.yml:25, 33 (4 hits)

.github/workflows/ci-api-tourism.yml:25, 33 (4 hits)

.github/workflows/ci-api-operation.yml:25, 33 (3 hits)

.github/workflows/ci-service-logs.yml:25, 33, 38 (3 hits)

CI/CD securitySupply chainGitHub Actions

medium Security checks cicd CI/CD security conf 0.90 ✓ Repobility 108 occurrences GitHub Action is tag-pinned rather than SHA-pinned

[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v2`: `uses: pnpm/action-setup@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + …

12 files, 67 locations

.github/workflows/ci-api-accounting.yml:28, 52, 55, 59, 66 (6 hits)

.github/workflows/ci-api-content.yml:28, 52, 55, 59, 66 (6 hits)

.github/workflows/ci-api-frontline.yml:29, 53, 56, 60, 67 (6 hits)

.github/workflows/ci-api-loyalty.yml:28, 52, 55, 59, 66 (6 hits)

.github/workflows/ci-api-payment.yml:28, 52, 55, 59, 66 (6 hits)

.github/workflows/ci-api-tourism.yml:28, 52, 55, 59, 66 (6 hits)

.github/workflows/codeql.yml:27, 32, 35 (6 hits)

.github/workflows/ci-api-core.yml:29, 53, 56, 60, 67 (5 hits)

CI/CD securitySupply chainGitHub Actions

high System graph api Wiring conf 1.00 Dangling fetch: DELETE https://api.vercel.com/v9/projects/${projectId} (backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:481)

`backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:481` calls `DELETE https://api.vercel.com/v9/projects/${projectId}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.vercel.com/v9/projects…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.vercel.com/v13/deployments/${id} (backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:509)

`backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:509` calls `GET https://api.vercel.com/v13/deployments/${id}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.vercel.com/v13/deployments/<…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.vercel.com/v6/domains/${domain}/config?teamId=${VERCEL_TEAM_ID} (backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:472)

`backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:472` calls `GET https://api.vercel.com/v6/domains/${domain}/config?teamId=${VERCEL_TEAM_ID}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/a…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.vercel.com/v9/projects/${projectId}/domains (backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:462)

`backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:462` calls `GET https://api.vercel.com/v9/projects/${projectId}/domains` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.vercel.com/v9/pro…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://ebarimt-bridge.erkhet.biz/getCompany?regno=${sendVAT} (backend/plugins/mongolian_api/src/modules/msdynamic/utilsCustomer.ts:91)

`backend/plugins/mongolian_api/src/modules/msdynamic/utilsCustomer.ts:91` calls `GET https://ebarimt-bridge.erkhet.biz/getCompany?regno=${sendVAT}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/ebarimt-bridg…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://geo.erxes.io (apps/frontline-widgets/src/formBundle.js:246)

`apps/frontline-widgets/src/formBundle.js:246` calls `GET https://geo.erxes.io` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/geo.erxes.io` If this points at an external API, prefix it with `https://` so the…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://geo.erxes.io (apps/frontline-widgets/src/formIndex.ts:56)

`apps/frontline-widgets/src/formIndex.ts:56` calls `GET https://geo.erxes.io` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/geo.erxes.io` If this points at an external API, prefix it with `https://` so the m…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST https://api-text.callpro.mn/v1/sms/send (backend/core-api/src/modules/clientportal/services/notification/notificationService.ts:105)

`backend/core-api/src/modules/clientportal/services/notification/notificationService.ts:105` calls `POST https://api-text.callpro.mn/v1/sms/send` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api-text.callpr…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST https://api.vercel.com/v10/projects/${projectId}/domains (backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:493)

`backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:493` calls `POST https://api.vercel.com/v10/projects/${projectId}/domains` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.vercel.com/v10/…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST https://api.vercel.com/v13/deployments?forceNew=0&skipAutoDetectionConfirmation=0 (backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:384)

`backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:384` calls `POST https://api.vercel.com/v13/deployments?forceNew=0&skipAutoDetectionConfirmation=0` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/h…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST https://erxes.io/check-website (backend/gateway/src/middlewares/userMiddleware.ts:90)

`backend/gateway/src/middlewares/userMiddleware.ts:90` calls `POST https://erxes.io/check-website` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/erxes.io/check-website` If this points at an external API, pre…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST https://erxes.io/subscribe (backend/core-api/src/modules/organization/team-member/graphql/mutations.ts:112)

`backend/core-api/src/modules/organization/team-member/graphql/mutations.ts:112` calls `POST https://erxes.io/subscribe` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/erxes.io/subscribe` If this points at an…

Dangling fetchFetch

high System graph security security conf 1.00 Insecure pattern 'exec_used' in frontend/libs/erxes-ui/src/components/multiselect.tsx:330

Found a known-risky pattern (exec_used). Review and replace if possible.

frontend/libs/erxes-ui/src/components/multiselect.tsx:330 Exec used

medium Security checks security auth conf 0.92 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation.

Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them.

medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

Add a .gitignore appropriate for your language/framework.

low Security checks quality Quality conf 1.00 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.

Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.

apps/posclient-front/app/(main)/report/utils/date.ts:28

medium Security checks quality Quality conf 0.70 Public web app has no Content Security Policy

Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors.

index.html

medium Security checks quality Quality conf 0.78 Public web service has no security.txt

Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored.

.well-known/security.txt

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/frontline-widgets/src/app/form/components/ErxesForm.tsx:245

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/frontline-widgets/src/app/messenger/components/conversation.tsx:122

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/posclient-front/app/reciept/components/footer.tsx:24

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/posclient-front/app/reciept/components/header.tsx:75

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/posclient-front/app/reciept/cover/page.tsx:143

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/posclient-front/modules/products/components/productItem/productItem.coffeeShop.tsx:141

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — backend/plugins/frontline_api/src/public/widget/messengerWidget.bundle.js:49

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/core-ui/src/modules/automations/components/builder/nodes/actions/sendEmail/components/SendEmailActionResult.tsx:91

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/libs/erxes-ui/src/components/charts.tsx:79

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/libs/erxes-ui/src/modules/blocks/components/BlockEditorReadOnly.tsx:35

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/libs/ui-modules/src/modules/internal-notes/components/InternalNoteDisplay.tsx:7

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/plugins/frontline_ui/src/modules/forms/components/FormPreview.tsx:237

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/plugins/frontline_ui/src/modules/integrations/facebook/components/FacebookPostTrigger.tsx:30

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph frontend Frontend quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — frontend/plugins/frontline_ui/src/modules/integrations/instagram/components/IgPostTrigger.tsx:30

Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html

Fq dangerous html

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/frontline-widgets/src/formBundle.js:246

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/app/(main)/cover/components/capitron.tsx:33

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/app/(main)/cover/components/golomt.tsx:28

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/app/(main)/cover/components/tdb.tsx:33

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/lib/uploadHandler.ts:47

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/modules/checkout/hooks/useCapitron.tsx:42

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/modules/checkout/hooks/useGolomt.tsx:57

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/modules/checkout/hooks/useKhanCard.tsx:74

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/posclient-front/modules/checkout/hooks/useTDB.tsx:39

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/core-api/src/modules/clientportal/services/helpers/socialAuth.ts:96

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/core-api/src/modules/organization/team-member/graphql/mutations.ts:112

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/core-api/src/utils/file/upload.ts:73

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/erxes-api-shared/src/utils/file/upload.ts:195

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/gateway/src/proxy/targets.ts:55

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/gateway/src/subscription/plugins/downloadPlugins.ts:8

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/content_api/src/modules/cms/utils/pdfAttachments.ts:83

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/content_api/src/modules/webbuilder/utils/utils.ts:94

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/frontline_api/src/modules/inbox/graphql/resolvers/mutations/widget.ts:1055

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/frontline_api/src/modules/integrations/call/helpers.ts:73

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/frontline_api/src/modules/integrations/facebook/helpers.ts:215

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/frontline_api/src/modules/integrations/imap/initApp.ts:172

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/frontline_api/src/modules/integrations/instagram/helpers.ts:196

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/frontline_api/src/public/widget/messengerWidget.bundle.js:1

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/ebarimt/utils/index.ts:954

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/erkhet/utils/ebarimtData.ts:94

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/erkhet/utils/utils.ts:133

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/msdynamic/cronjobs/exchangeRate.ts:58

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/msdynamic/graphql/resolvers/mutations/checkDynamic.ts:62

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/msdynamic/graphql/resolvers/queries/dynamic.ts:167

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/msdynamic/utils.ts:329

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/mongolian_api/src/modules/msdynamic/utilsCustomer.ts:91

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/payment_api/src/apis/base.ts:30

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/payment_api/src/apis/qpayQuickqr/vendorBase.ts:168

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/payment_api/src/apis/storepay/api.ts:110

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/payment_api/src/modules/payment/graphql/resolvers/mutations/invoices.ts:248

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/posclient_api/src/modules/posclient/db/models/PutData.ts:395

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/plugins/posclient_api/src/modules/posclient/graphql/resolvers/mutations/configs.ts:92

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — backend/services/automations/src/executions/actions/webhook/outgoing/outgoingWebhookDoFetch.ts:44

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/core-ui/src/modules/automations/components/settings/components/agents/components/AiAgentContextFileEditorDialog.tsx:27

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/core-ui/src/modules/organization/providers/OrganizationProviderEffect.tsx:26

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/core-ui/src/modules/templates/components/TemplateExport.tsx:14

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/libs/erxes-ui/src/hooks/use-upload-new.ts:112

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/libs/erxes-ui/src/hooks/use-upload.tsx:119

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/plugins/content_ui/src/modules/cms/posts/CustomFieldInput.tsx:365

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — frontend/plugins/content_ui/src/modules/cms/posts/PostPreview.tsx:47

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph frontend Frontend quality conf 1.00 Custom React Flow node registered without explicit width/height — frontend/core-ui/src/modules/automations/components/builder/nodes/hooks/useNodeDropDownActions.ts:70

When you register a custom node type via `nodeTypes`, the RFNode object you build must include `width` and `height` props. Without them, MiniMap renders ZERO mini-nodes for that type and `fitView` underestimates the bounds (cuts off lane labels, etc.). Add `width: …, height: …` to the node object. …

Fq rfnode no dims

medium System graph hardware Security conf 1.00 Dockerfile runs as root: apps/frontline-widgets/Dockerfile

No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.

Container

medium System graph hardware Security conf 1.00 Dockerfile runs as root: apps/posclient-front/Dockerfile

No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.

Container

medium System graph hardware Security conf 1.00 Dockerfile runs as root: backend/gateway/Dockerfile

No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.

Container

medium System graph hardware Security conf 1.00 Dockerfile runs as root: frontend/core-ui/Dockerfile

No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.

Container

medium System graph quality Integrity conf 1.00 Frontend route `/*` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/modules/erkhet-sync/Settings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `/:event/*` has no Link/navigate to it — frontend/core-ui/src/modules/notification/settings/components/NotificationSettingsRoutes.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `/:id` has no Link/navigate to it — frontend/plugins/sales_ui/src/modules/pos/pos/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 3 occurrences Frontend route `/:type/*` has no Link/navigate to it — frontend/core-ui/src/modules/properties/components/PropertiesRoutes.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

3 occurrences

repo-level (3 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 8 occurrences Frontend route `/accounts` has no Link/navigate to it — frontend/plugins/accounting_ui/src/modules/AccountingSettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

8 occurrences

repo-level (8 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 8 occurrences Frontend route `/bots` has no Link/navigate to it — frontend/core-ui/src/modules/automations/components/settings/components/AutomationSettingsRoutes.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

8 occurrences

repo-level (8 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 4 occurrences Frontend route `/form/:formId` has no Link/navigate to it — apps/frontline-widgets/src/app/routes.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

4 occurrences

repo-level (4 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `/invoice/:id` has no Link/navigate to it — backend/plugins/payment_api/src/widget/src/App.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 14 occurrences Frontend route `/knowledgebase` has no Link/navigate to it — frontend/plugins/frontline_ui/src/modules/FrontlineMain.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

14 occurrences

repo-level (14 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 14 occurrences Frontend route `/main` has no Link/navigate to it — frontend/plugins/accounting_ui/src/modules/AccountingMain.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

14 occurrences

repo-level (14 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 5 occurrences Frontend route `/pos-order` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/modules/erkhet-sync/settings/components/ErkhetSettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

5 occurrences

repo-level (5 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `/pos/*` has no Link/navigate to it — frontend/plugins/sales_ui/src/modules/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 2 occurrences Frontend route `/pos` has no Link/navigate to it — frontend/plugins/sales_ui/src/pages/SalesSettingsIndexPage.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

2 occurrences

repo-level (2 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 5 occurrences Frontend route `/stage-in` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/modules/ebarimt/settings/components/EBarimtSettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

5 occurrences

repo-level (5 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 3 occurrences Frontend route `/team` has no Link/navigate to it — frontend/plugins/operation_ui/src/modules/OperationSettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

3 occurrences

repo-level (3 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 3 occurrences Frontend route `/tms` has no Link/navigate to it — frontend/plugins/tourism_ui/src/modules/tms/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

3 occurrences

repo-level (3 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 15 occurrences Frontend route `/vendors` has no Link/navigate to it — frontend/plugins/insurance_ui/src/modules/insurance/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

15 occurrences

repo-level (15 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 2 occurrences Frontend route `:id` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/pages/exchangeRates/ExchangeRateFormPage.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

2 occurrences

repo-level (2 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 7 occurrences Frontend route `:posId/orders` has no Link/navigate to it — frontend/plugins/sales_ui/src/modules/pos/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

7 occurrences

repo-level (7 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 4 occurrences Frontend route `branches` has no Link/navigate to it — frontend/core-ui/src/pages/settings/workspace/structure/StructureSettingsPage.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

4 occurrences

repo-level (4 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 12 occurrences Frontend route `categories` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/modules/MongolianMain.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

12 occurrences

repo-level (12 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 13 occurrences Frontend route `cms/:websiteId` has no Link/navigate to it — frontend/plugins/content_ui/src/modules/cms/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

13 occurrences

repo-level (13 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `deals` has no Link/navigate to it — frontend/plugins/sales_ui/src/modules/deals/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 5 occurrences Frontend route `ebarimt/*` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/modules/MongolianSettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

5 occurrences

repo-level (5 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 2 occurrences Frontend route `import` has no Link/navigate to it — frontend/core-ui/src/modules/import-export/settings/components/ImportExportSettingsRoutes.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

2 occurrences

repo-level (2 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `invoices` has no Link/navigate to it — frontend/plugins/payment_ui/src/modules/payment/Settings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 5 occurrences Frontend route `score` has no Link/navigate to it — frontend/plugins/loyalty_ui/src/modules/loyalties/settings/components/LoyaltySettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

5 occurrences

repo-level (5 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 3 occurrences Frontend route `split` has no Link/navigate to it — frontend/plugins/mongolian_ui/src/modules/productplaces/components/ProductPlacesSettings.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

3 occurrences

repo-level (3 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 9 occurrences Frontend route `tasks/created` has no Link/navigate to it — frontend/plugins/operation_ui/src/modules/OperationMain.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

9 occurrences

repo-level (9 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 Frontend route `tickets` has no Link/navigate to it — frontend/plugins/frontline_ui/src/modules/ticket/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

Orphan pageWiring

medium System graph quality Integrity conf 1.00 2 occurrences Frontend route `tms/branches/:branchId` has no Link/navigate to it — frontend/plugins/tourism_ui/src/modules/main/Main.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

2 occurrences

repo-level (2 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 7 occurrences Frontend route `uoms` has no Link/navigate to it — frontend/core-ui/src/modules/products/settings/components/ProductSettingsRoutes.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

7 occurrences

repo-level (7 hits)

Orphan pageWiring

medium System graph quality Integrity conf 1.00 7 occurrences Frontend route `vouchers` has no Link/navigate to it — frontend/plugins/loyalty_ui/src/modules/loyalties/SubNavigations.tsx

The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.

7 occurrences

repo-level (7 hits)

Orphan pageWiring

medium System graph cicd CI/CD security conf 1.00 15 occurrences GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

12 files, 12 locations

.github/workflows/ci-apps-frontline-widgets.yml

.github/workflows/ci-core-ui.yml

.github/workflows/ci-ui-accounting.yml

.github/workflows/ci-ui-content.yml

.github/workflows/ci-ui-frontline.yml

.github/workflows/ci-ui-insurance.yml

.github/workflows/ci-ui-loyalty.yml

.github/workflows/ci-ui-mongolian.yml

CI/CD securitySupply chainGithub actions

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/frontline-widgets/src/app/form/components/ErxesForm.tsx:245

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/frontline-widgets/src/app/form/components/ErxesForm.tsx:245 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/frontline-widgets/src/app/messenger/components/conversation.tsx:122

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/frontline-widgets/src/app/messenger/components/conversation.tsx:122 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/posclient-front/app/reciept/components/footer.tsx:24

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/posclient-front/app/reciept/components/footer.tsx:24 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/posclient-front/app/reciept/components/header.tsx:75

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/posclient-front/app/reciept/components/header.tsx:75 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/posclient-front/app/reciept/cover/page.tsx:143

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/posclient-front/app/reciept/cover/page.tsx:143 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/posclient-front/modules/products/components/productItem/productItem.coffeeShop.tsx:141

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

apps/posclient-front/modules/products/components/productItem/productItem.coffeeShop.tsx:141 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in backend/plugins/frontline_api/src/public/widget/messengerWidget.bundle.js:49

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

backend/plugins/frontline_api/src/public/widget/messengerWidget.bundle.js:49 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/core-ui/src/modules/automations/components/builder/nodes/actions/sendEmail/components/SendEmailActionResult.tsx:91

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/core-ui/src/modules/automations/components/builder/nodes/actions/sendEmail/components/SendEmailActionResult.tsx:91

Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/libs/erxes-ui/src/components/charts.tsx:79

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/libs/erxes-ui/src/components/charts.tsx:79 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/libs/erxes-ui/src/modules/blocks/components/BlockEditorReadOnly.tsx:35

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/libs/erxes-ui/src/modules/blocks/components/BlockEditorReadOnly.tsx:35 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/libs/ui-modules/src/modules/internal-notes/components/InternalNoteDisplay.tsx:7

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/libs/ui-modules/src/modules/internal-notes/components/InternalNoteDisplay.tsx:7 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/plugins/frontline_ui/src/modules/forms/components/FormPreview.tsx:237

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/plugins/frontline_ui/src/modules/forms/components/FormPreview.tsx:237 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/plugins/frontline_ui/src/modules/integrations/facebook/components/FacebookPostTrigger.tsx:30

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/plugins/frontline_ui/src/modules/integrations/facebook/components/FacebookPostTrigger.tsx:30 Dangerous innerhtml

medium System graph security security conf 1.00 Insecure pattern 'dangerous_innerhtml' in frontend/plugins/frontline_ui/src/modules/integrations/instagram/components/IgPostTrigger.tsx:30

Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.

frontend/plugins/frontline_ui/src/modules/integrations/instagram/components/IgPostTrigger.tsx:30 Dangerous innerhtml

medium System graph network Security conf 1.00 Privileged port 993 in use

Port 993 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.

backend/plugins/frontline_api/src/modules/integrations/imap/imapClient.ts Ports

medium System graph quality Tests conf 1.00 Very low test-to-source ratio

19 test file(s) for 9497 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.

Coverage

low Security checks security auth conf 0.76 [AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found.

Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior.

low Security checks quality Quality conf 0.60 8 occurrences Duplicated implementation block across source files

Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.

7 files, 8 locations

apps/frontline-widgets/src/messengerBundle.js:2, 116 (2 hits)

apps/frontline-widgets/src/app/form/live-form.tsx:55

apps/frontline-widgets/src/app/messenger/ticket/graphql/mutations.ts:4

apps/frontline-widgets/src/messenger-widget.js:254

apps/posclient-front/app/(main)/cover/components/tdb.tsx:22

apps/posclient-front/modules/apolloClientMain.tsx:7

apps/posclient-front/modules/auth/configsFetch.tsx:3

duplicationquality

low Security checks quality Quality conf 0.64 Public docs site has no llms.txt

Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents.

llms.txt

low Security checks quality Quality conf 0.50 Public web app has no humans.txt

Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date.

humans.txt

low Security checks quality Quality conf 0.74 Public web app has no robots.txt

Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths.

robots.txt

low Security checks quality Quality conf 0.72 Public web app has no sitemap

Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt.

sitemap.xml

low System graph quality Maintenance conf 1.00 43 TODO/FIXME markers

High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.

low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found

Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.

Deployment

low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: alpine:3.11

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

frontend/core-ui/Dockerfile:1 containersPinned dependencies

low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: alpine:3.11

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

apps/frontline-widgets/Dockerfile:2 containersPinned dependencies

low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nginx:alpine

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

frontend/core-ui/Dockerfile:19 containersPinned dependencies

low System graph hardware Supply chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nginx:alpine

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

apps/frontline-widgets/Dockerfile:19 containersPinned dependencies

low System graph hardware Supply chain conf 1.00 5 occurrences Docker base image is tag-pinned but not digest-pinned: node:22-alpine

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

4 files, 5 locations

apps/posclient-front/Dockerfile:1, 7 (2 hits)

apps/frontline-widgets/Dockerfile:10

backend/services/logs/Dockerfile:2

frontend/core-ui/Dockerfile:11

containersPinned dependencies

low System graph hardware Supply chain conf 1.00 26 occurrences Docker base image is tag-pinned but not digest-pinned: node:22-alpine3.22

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

12 files, 24 locations

backend/core-api/Dockerfile:2, 41 (2 hits)

backend/plugins/accounting_api/Dockerfile:2, 41 (2 hits)

backend/plugins/content_api/Dockerfile:2, 42 (2 hits)

backend/plugins/frontline_api/Dockerfile:2, 41 (2 hits)

backend/plugins/insurance_api/Dockerfile:3, 45 (2 hits)

backend/plugins/loyalty_api/Dockerfile:2, 41 (2 hits)

backend/plugins/mongolian_api/Dockerfile:2, 41 (2 hits)

backend/plugins/operation_api/Dockerfile:2, 41 (2 hits)

containersPinned dependencies

low System graph hardware Supply chain conf 1.00 3 occurrences Docker base image is tag-pinned but not digest-pinned: node:22-bookworm

Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.

lines 2, 31, 61

backend/gateway/Dockerfile:2, 31, 61 (3 hits)

containersPinned dependencies

low System graph software Dead code candidate conf 1.00 File has no detected symbols: core-libraries.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: eslint.config.js

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/eslint.config.js

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/jest.config.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/__stories__/InternalNoteDisplay.stories.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/activity-logs/graphql/queries.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/activity-logs/graphql/subscriptions.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/activity-logs/utils.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/brands/components/BrandBadge.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/brands/contexts/SelectBrandsContext.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/brands/graphql/mutations/addBrands.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/brands/graphql/queries/BrandsQuery.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/brands/types/brand.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/import-export/graphql/export/exportMutations.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/import-export/graphql/export/exportQueries.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/import-export/graphql/import/importMutations.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/import-export/graphql/import/importsQueries.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/import-export/types/export/exportTypes.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/import-export/types/import/importTypes.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/notifications/types/welcome.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/components/BranchBadge.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/components/DepartmentBadge.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/components/PositionBadge.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/components/UnitBadge.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/contexts/SelectBranchesContext.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/contexts/SelectDepartmentsContext.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/contexts/SelectPositionsContext.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/contexts/SelectUnitContext.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/mutations/addBranches.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/mutations/addDepartments.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/mutations/addPositions.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/mutations/addUnits.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/queries/getBranches.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/queries/getDepartments.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/queries/getPositions.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/graphql/queries/getUnits.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/types/Branch.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/types/Department.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/types/Position.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/structure/types/Unit.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/modules/types/PageInfo.tsx

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/clientConfigApiStatusState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/currentOrganizationLoadingState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/currentOrganizationState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/currentUserPermissionsState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/currentUserState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/isCurrentUserLoadingState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: frontend/libs/ui-modules/src/states/pluginsConfigState.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: jest.config.ts

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph software Dead code candidate conf 1.00 File has no detected symbols: jest.preset.js

Source file with no class/function declarations — possible config, dead code, or scratch file.

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/insurance_ui/src/modules/insurance/components/ContractForm.tsx:184

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/insurance_ui/src/modules/insurance/components/ContractForm.tsx:184 Document write

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/insurance_ui/src/modules/insurance/components/ProductForm.tsx:550

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/insurance_ui/src/modules/insurance/components/ProductForm.tsx:550 Document write

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/insurance_ui/src/pages/insurance/ContractPdfEditorPage.tsx:67

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/insurance_ui/src/pages/insurance/ContractPdfEditorPage.tsx:67 Document write

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/insurance_ui/src/utils/contractPdfGenerator.ts:330

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/insurance_ui/src/utils/contractPdfGenerator.ts:330 Document write

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/mongolian_ui/src/modules/productplaces/containers/ResponseContainer.tsx:83

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/mongolian_ui/src/modules/productplaces/containers/ResponseContainer.tsx:83 Document write

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/mongolian_ui/src/pages/EbarimtRespondedPage.tsx:48

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/mongolian_ui/src/pages/EbarimtRespondedPage.tsx:48 Document write

low System graph security security conf 1.00 Insecure pattern 'document_write' in frontend/plugins/mongolian_ui/src/pages/productplaces/ProductPlacesRespondedPage.tsx:31

Found a known-risky pattern (document_write). Review and replace if possible.

frontend/plugins/mongolian_ui/src/pages/productplaces/ProductPlacesRespondedPage.tsx:31 Document write

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `ActivityLogsLegacy` in frontend/libs/ui-modules/src/modules/activity-logs/components/ActivityLogs.tsx:100

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `hasOld` in backend/plugins/accounting_api/src/meta/import-export/import/processAccountTransactions.ts:11

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `matchesOld` in backend/plugins/accounting_api/src/apollo/subscription.ts:67

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `matchesOld` in backend/plugins/accounting_api/src/modules/accounting/trpc/transaction.ts:53

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `matchesOld` in backend/plugins/sales_api/src/apollo/subscription.ts:54

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `probabilityOld` in backend/plugins/sales_api/src/modules/sales/graphql/resolvers/queries/deals.ts:829

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `SegmentFormLegacy` in frontend/libs/ui-modules/src/modules/segments/components/form/SegmentForm.tsx:154

Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.

old markerDead code

low System graph frontend Frontend quality conf 1.00 React Flow <Controls> without dark theming — frontend/core-ui/src/modules/automations/components/builder/history/components/AutomationHistoryByFlow.tsx:57

`<Controls>` ships with white buttons. Override `.react-flow__controls` and `.react-flow__controls-button` in your stylesheet or pass a styled wrapper. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.controls.no-bg

Fq controls no bg

low System graph frontend Frontend quality conf 1.00 React Flow <Controls> without dark theming — frontend/core-ui/src/modules/automations/components/builder/nodes/components/WorkflowActionMapper.tsx:93

`<Controls>` ships with white buttons. Override `.react-flow__controls` and `.react-flow__controls-button` in your stylesheet or pass a styled wrapper. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.controls.no-bg

Fq controls no bg

low System graph frontend Frontend quality conf 1.00 React Flow <MiniMap> without dark background — frontend/core-ui/src/modules/automations/components/builder/AutomationBuilderCanvas.tsx:60

A bare <MiniMap> renders with the vendor's white default in dark themes. Wrap the canvas in a class that overrides `.react-flow__minimap` background, or pass an explicit `style`/`maskColor`/`bgColor`. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.minimap.no-bg

Fq minimap no bg

low System graph frontend Frontend quality conf 1.00 React Flow <MiniMap> without dark background — frontend/core-ui/src/modules/automations/components/builder/nodes/components/WorkflowActionMapper.tsx:94

A bare <MiniMap> renders with the vendor's white default in dark themes. Wrap the canvas in a class that overrides `.react-flow__minimap` background, or pass an explicit `style`/`maskColor`/`bgColor`. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.minimap.no-bg

Fq minimap no bg

low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — backend/core-api/src/commands/migrateConformitiesToRelations.ts:41