{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "CFG006", "name": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.", "shortDescription": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "fullDescription": {"text": "Add a .gitignore appropriate for your language/framework."}, "properties": {"scanner": "repobility-threat-engine", "category": "practices", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `Discord-Datamining/comments-action` pinned to mutable ref `@main`: `uses: Discord-Datamining/comments", "shortDescription": {"text": "[MINED115] Action `Discord-Datamining/comments-action` pinned to mutable ref `@main`: `uses: Discord-Datamining/comments-action@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-ac"}, "fullDescription": {"text": "Replace with: `uses: Discord-Datamining/comments-action@<40-char-sha>  # main` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED123", "name": "[MINED123] Trojan Source bidi character (RLM) in source: Line 3468 contains a Unicode bidirectional override character (", "shortDescription": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 3468 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see dif"}, "fullDescription": {"text": "Audit the line manually. If the character is not intentional (it almost never is in code), remove it. Configure your editor / pre-commit hook to reject bidi controls in source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1359"}, "properties": {"repository": "Discord-Datamining/Discord-Datamining", "repoUrl": "https://github.com/Discord-Datamining/Discord-Datamining", "branch": "master"}, "results": [{"ruleId": "CFG006", "level": "warning", "message": {"text": "[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts."}, "properties": {"repobilityId": 138215, "scanner": "repobility-threat-engine", "fingerprint": "c65fc71ce58c37a0e07837c0fe294108b731c43ef16027a2f0971c757bbe9a16", "category": "practices", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "No .gitignore file found in repository root", "evidence": {"reason": "No .gitignore file found in repository root", "rule_id": "CFG006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "repo|practices|cfg006"}}}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 138214, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 138213, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `Discord-Datamining/comments-action` pinned to mutable ref `@main`: `uses: Discord-Datamining/comments-action@main` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 138216, "scanner": "repobility-supply-chain", "fingerprint": "b1d32396c29717fb81c8c9a73880f4f098163c882d3db55a132243cf5cf6f51a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b1d32396c29717fb81c8c9a73880f4f098163c882d3db55a132243cf5cf6f51a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/comments.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 3468 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138237, "scanner": "repobility-supply-chain", "fingerprint": "6305f6d843bc59677c412c1688ef5d88229c48a709e2aa0911a524774874fafb", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/08/24/ hex .js", "duplicate_count": 1, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["6305f6d843bc59677c412c1688ef5d88229c48a709e2aa0911a524774874fafb", "75de7bf5dfadb0c6837197186a4b952d939764aeb374b4b806fc46c538d1e536"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/08/24/c98fa166d72eae11952f.js"}, "region": {"startLine": 3468}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 3468 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138236, "scanner": "repobility-supply-chain", "fingerprint": "f6ec7661433b8f6500ba529a95203b4e68100750fd716aae5c4ce9084e3cad39", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/08/17/ hex .js", "duplicate_count": 1, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["ca3ddaa0ec44edb70f4f8ce0a379fad9b6fcb42701272efafdffc86905f0f119", "f6ec7661433b8f6500ba529a95203b4e68100750fd716aae5c4ce9084e3cad39"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/08/17/b6f25a7887d389abb7e2.js"}, "region": {"startLine": 3468}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 3468 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138235, "scanner": "repobility-supply-chain", "fingerprint": "06c6c2df32b51ee8ae3e06b68612c9665d8a904854c1ecb68b13513e79b5eb36", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "Collapsed 2 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/08/12/ hex .js", "duplicate_count": 2, "duplicate_rule_ids": ["MINED123"], "duplicate_scanners": ["repobility-supply-chain"], "duplicate_fingerprints": ["06c6c2df32b51ee8ae3e06b68612c9665d8a904854c1ecb68b13513e79b5eb36", "0e7e4bbe3e0e0dce129de8ebfcb52ad2f5350067f04dbf2ed70a6fe5acb483ac", "759be05ea76e02c70fd5d727e5fb36d767a30540c18b174b2740bc0bc2f725ba"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/08/12/e487965836a298767bc1.js"}, "region": {"startLine": 3468}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 3468 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138234, "scanner": "repobility-supply-chain", "fingerprint": "1fc1182c76f485abc48e6b0f428178e24e341530ef811ffce219e651cce16276", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/08/25/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/08/25/b5a22ccb3d3992c849e1.js"}, "region": {"startLine": 3468}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7123 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138233, "scanner": "repobility-supply-chain", "fingerprint": "6eba6ff7a4cf9a1edefa2e876505c4aebd3942fd4a1c0f52fcaae02383a85d33", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/02/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/02/ee640ca8e7c1393b15fb.js"}, "region": {"startLine": 7123}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7264 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138232, "scanner": "repobility-supply-chain", "fingerprint": "0ffd89861e1342be8f361d88ae4d6b7fa21c0a501eb01e560bf76a3565e04691", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/16/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/16/1bb08998baf8a4ce9ec0.js"}, "region": {"startLine": 7264}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7268 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138231, "scanner": "repobility-supply-chain", "fingerprint": "7692f1c7d662149e67a8ab3bc8ab90b98dc8e0f2a87ecefaf470f271d5524ca5", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/21/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/21/ce2f0155b28a495d117c.js"}, "region": {"startLine": 7268}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7144 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138230, "scanner": "repobility-supply-chain", "fingerprint": "c1e823f2e2523660ac06b9406e1bdfb9868df66ab169f6f2b5d43c0fb2592938", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/14/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/14/0584587053f470863c80.js"}, "region": {"startLine": 7144}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7135 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138229, "scanner": "repobility-supply-chain", "fingerprint": "b50d18ca7c899e1bb64aa796b3ae4c376155d9a25fc2476f8e513ca9b0794abc", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/04/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/04/fef01036f6d68c9c8e01.js"}, "region": {"startLine": 7135}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7291 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138228, "scanner": "repobility-supply-chain", "fingerprint": "68e4b85769ddbe8c6f0c7d6f70ecefe427dd13329341fc381ca063198b6a9637", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/28/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/28/ff5ad90d6dc1fd6e1c2c.js"}, "region": {"startLine": 7291}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 7283 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138227, "scanner": "repobility-supply-chain", "fingerprint": "cd9e16c7ebe7a17d44ef2eb68de8642be07c79d7a97f5e3cab6e32c5c71807d8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2017/02/25/ hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2017/02/25/a7eee00a48ede58f47e2.js"}, "region": {"startLine": 7283}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6990 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138226, "scanner": "repobility-supply-chain", "fingerprint": "7197d7be73ab8aa21c1a5a28d057afc9bd09ef1772cb75e1d924ea31750de8a3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/24/2. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/24/2. 326f4873d48e0e2ddaee/326f4873d48e0e2ddaee.js"}, "region": {"startLine": 6990}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6990 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138225, "scanner": "repobility-supply-chain", "fingerprint": "4269e4fc21939ed90a7fa6f34bc5ab673b7e1c58be471b37d5e917c06f3e279e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/24/1. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/24/1. cbcc4d7f0d032c8af057/cbcc4d7f0d032c8af057.js"}, "region": {"startLine": 6990}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6917 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138224, "scanner": "repobility-supply-chain", "fingerprint": "2d4e8081de4b2d70fb308653e6d8ca8aedb2dd1f9630763ca1036923d49de91e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/20/2. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/20/2. a8870963c250a8cd2093/a8870963c250a8cd2093.js"}, "region": {"startLine": 6917}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6917 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138223, "scanner": "repobility-supply-chain", "fingerprint": "8fabc414d63b5317d367d9b7278416b324040e79c28ec2bd349e81a5cf1657fb", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/20/1. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/20/1. 94e485ff035e20ee430c/94e485ff035e20ee430c.js"}, "region": {"startLine": 6917}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6918 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138222, "scanner": "repobility-supply-chain", "fingerprint": "9ed3d9922eaf54e6a59c051788c3817bbb0cf45a7c2c4e055b1b9e4affe7bad2", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/21/1. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/21/1. ced997097f067a231e64/ced997097f067a231e64.js"}, "region": {"startLine": 6918}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6990 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138221, "scanner": "repobility-supply-chain", "fingerprint": "520a9fa15eb232ff419d34ec0a05b65e8fcccd5ac333035166f57b987bb77b9e", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/29/1. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/29/1. 17b49a9d05ecb2de92db/17b49a9d05ecb2de92db.js"}, "region": {"startLine": 6990}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6990 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138220, "scanner": "repobility-supply-chain", "fingerprint": "78d0b46f7631b8f476daddb5c1971d36eb0b9ec1add7b3a440f91cf0152fafc3", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/22/5. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/22/5. 0da66baae3ec9e8bc569/0da66baae3ec9e8bc569.js"}, "region": {"startLine": 6990}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6990 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138219, "scanner": "repobility-supply-chain", "fingerprint": "2179d91cc43db71733a4e882ba0ab7a8f66481e490da539ad058c1a3a17d5eaa", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/22/4. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/22/4. 2467ea7beed931194b02/2467ea7beed931194b02.js"}, "region": {"startLine": 6990}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6990 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138218, "scanner": "repobility-supply-chain", "fingerprint": "a832f8af9e12544b9cb0b31ce35c3f50d2e4d9dfae40bf7b42e7076cae21c610", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/22/3. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/22/3. f9b8657a6a72b3773f85/f9b8657a6a72b3773f85.js"}, "region": {"startLine": 6990}}}]}, {"ruleId": "MINED123", "level": "error", "message": {"text": "[MINED123] Trojan Source bidi character (RLM) in source: Line 6991 contains a Unicode bidirectional override character (U+200F RLM). This is the 'Trojan Source' attack (CVE-2021-42574): the character makes the compiler / interpreter see different code than the human reviewer."}, "properties": {"repobilityId": 138217, "scanner": "repobility-supply-chain", "fingerprint": "1b4393eca8bc11641f06ed4d3ed6dc7337b438efa0c55d7ba963168d5721c7cf", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "trojan-source-bidi", "owasp": null, "cwe_ids": ["CWE-1007"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "vuln||CVE-2021-42574|2016/12/22/1. hex / hex .js"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "2016/12/22/1. 4133efe1694ad190db59/4133efe1694ad190db59.js"}, "region": {"startLine": 6991}}}]}]}]}