{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_LICENSE", "name": "No LICENSE file", "shortDescription": {"text": "No LICENSE file"}, "fullDescription": {"text": "Add a LICENSE file to your repository. Use choosealicense.com to pick the right license (MIT for permissive, Apache 2.0 for patent protection, GPL for copyleft)."}, "properties": {"scanner": "repobility-core", "category": "documentation", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 27 more): Same pattern found in 27 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 20 more): Same pattern found in 20 additional f", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC002] Hardcoded API Key (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 95 more): Same pattern found in 95 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 95 more): Same pattern found in 95 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 229 more): Same pattern found in 229 ad", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 229 more): Same pattern found in 229 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 1096 more): Same pattern found in 1096 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 1096 more): Same pattern found in 1096 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 52 more): Same pattern found in 52 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at work", "shortDescription": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise"}, "fullDescription": {"text": "Replace with: `uses: actions/github-script@<40-char-sha>  # v7` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC129", "name": "[SEC129] Tautological SQL \u2014 WHERE 1=1 AND ... left in production: `WHERE 1=1 AND ...` is a scaffolding trick \u2014 devs use ", "shortDescription": {"text": "[SEC129] Tautological SQL \u2014 WHERE 1=1 AND ... left in production: `WHERE 1=1 AND ...` is a scaffolding trick \u2014 devs use it so they can append AND clauses by string-concat without worrying about the first AND. AI assistants almost always emi"}, "fullDescription": {"text": "Build queries with parameterized builders (SQLAlchemy `where()`, Django `filter()`, Knex `.where()`) instead of string concat. If you must hand-build SQL, use a list-of-clauses + `' AND '.join(...)` pattern rather than a tautology."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1164"}, "properties": {"repository": "DefiLlama/dimension-adapters", "repoUrl": "https://github.com/DefiLlama/dimension-adapters", "branch": "master"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 116723, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["GraphQL"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 116692, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b10bc72f7b2a39f4b4b1dec4ee235c269342cc61b7ff99a6ad19b8dbd92aafd3", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "new", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|b10bc72f7b2a39f4b4b1dec4ee235c269342cc61b7ff99a6ad19b8dbd92aafd3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/orderly-perps-new.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 116689, "scanner": "repobility-threat-engine", "fingerprint": "78e5fd0e075f937fbb62f83666c5d90a3f32194fa7bc95ef2901f26f9a547222", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e: any) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|78e5fd0e075f937fbb62f83666c5d90a3f32194fa7bc95ef2901f26f9a547222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fees/kelp.ts"}, "region": {"startLine": 132}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 116724, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["GraphQL"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116722, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73837325a95882d14fd38d051e7340355e619aaad882f93841186f874716bbcb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/demex-demex-perp.ts", "duplicate_line": 1, "correlation_key": "fp|73837325a95882d14fd38d051e7340355e619aaad882f93841186f874716bbcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/demex-demex.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116721, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b356a54ed042214c0383a92509a8532ae3a5ae4e565e7a374800be0dd804962f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/balancer-v3/index.ts", "duplicate_line": 29, "correlation_key": "fp|b356a54ed042214c0383a92509a8532ae3a5ae4e565e7a374800be0dd804962f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/coinhain/index.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116720, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6f2ed1a580c4e17580b4adb55b9cec9c71f4657765ed37ca9bf8818a0ed8354b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/bmx-derivatives.ts", "duplicate_line": 81, "correlation_key": "fp|6f2ed1a580c4e17580b4adb55b9cec9c71f4657765ed37ca9bf8818a0ed8354b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/bmx-swap.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116719, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d1dc3c4e05ad562eb5cb50ad9a9de4f56c7c8a2d3462562caeb738137427a54", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-derivatives.ts", "duplicate_line": 24, "correlation_key": "fp|9d1dc3c4e05ad562eb5cb50ad9a9de4f56c7c8a2d3462562caeb738137427a54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/bmx-swap.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116718, "scanner": "repobility-ai-code-hygiene", "fingerprint": "106487bbea7bb819b096ce6c46eba45c29f10a0e4d675d50115855bb5bd88a9d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-swap.ts", "duplicate_line": 18, "correlation_key": "fp|106487bbea7bb819b096ce6c46eba45c29f10a0e4d675d50115855bb5bd88a9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/bmx-swap.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116717, "scanner": "repobility-ai-code-hygiene", "fingerprint": "636d5ff7ba7957fbe05dd2c8434804b4ac75d525aa16f48e09f59dfbf00b5c22", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-derivatives.ts", "duplicate_line": 24, "correlation_key": "fp|636d5ff7ba7957fbe05dd2c8434804b4ac75d525aa16f48e09f59dfbf00b5c22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/bmx-derivatives.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116716, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c75ffdca784872572496a470c9cec0bd00d564a38c1d7a051e704a78e61b4af9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/blex-derivatives.ts", "duplicate_line": 13, "correlation_key": "fp|c75ffdca784872572496a470c9cec0bd00d564a38c1d7a051e704a78e61b4af9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/blex-volume.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116715, "scanner": "repobility-ai-code-hygiene", "fingerprint": "98c4516927ef046ad5673cc3d5ae044170a2d62d0b875804c6447e9d0836696d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/blackhole-CL.ts", "duplicate_line": 52, "correlation_key": "fp|98c4516927ef046ad5673cc3d5ae044170a2d62d0b875804c6447e9d0836696d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/blackhole.ts"}, "region": {"startLine": 82}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116714, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8a2da15101672fb9aa64268afb683569a5f387eecbd1d5fffcdf61b28fe5b3ce", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/balancer-v3/index.ts", "duplicate_line": 34, "correlation_key": "fp|8a2da15101672fb9aa64268afb683569a5f387eecbd1d5fffcdf61b28fe5b3ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/beets-v3/index.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116713, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0f9cb3190abdcc59f36a0b51fe89efa454c0cb6f08fa2b65b45e9017f16653be", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/beamex-beamex-perps.ts", "duplicate_line": 15, "correlation_key": "fp|0f9cb3190abdcc59f36a0b51fe89efa454c0cb6f08fa2b65b45e9017f16653be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/beamex-beamex-swap.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116712, "scanner": "repobility-ai-code-hygiene", "fingerprint": "314a2181d3eceb42a00230815d027ccf50e4ba109818a5c7b51c4136f313c434", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-derivatives.ts", "duplicate_line": 24, "correlation_key": "fp|314a2181d3eceb42a00230815d027ccf50e4ba109818a5c7b51c4136f313c434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/beamex-beamex-swap.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116711, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fcc6e0da964b9feb27b2be66c1bcad5a0de640d89cff52082abb4f1975a63759", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-swap.ts", "duplicate_line": 18, "correlation_key": "fp|fcc6e0da964b9feb27b2be66c1bcad5a0de640d89cff52082abb4f1975a63759"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/beamex-beamex-swap.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116710, "scanner": "repobility-ai-code-hygiene", "fingerprint": "82464bd67b40dbd9a3fbb63ab05c5cac4ae35533f1d9014573ca0c6f40f3e036", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-derivatives.ts", "duplicate_line": 18, "correlation_key": "fp|82464bd67b40dbd9a3fbb63ab05c5cac4ae35533f1d9014573ca0c6f40f3e036"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/beamex-beamex-perps.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116709, "scanner": "repobility-ai-code-hygiene", "fingerprint": "948da531cafdcf642f2088b82c22fafeb5aa513c362b809ef23f1b744617dc25", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/amped-derivatives.ts", "duplicate_line": 1, "correlation_key": "fp|948da531cafdcf642f2088b82c22fafeb5aa513c362b809ef23f1b744617dc25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/amped-swap.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116708, "scanner": "repobility-ai-code-hygiene", "fingerprint": "980ebf41896d09f332325477c490fdfc7e669e2855ed768cc78a58c6103a4671", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/aerodrome-slipstream/index.ts", "duplicate_line": 113, "correlation_key": "fp|980ebf41896d09f332325477c490fdfc7e669e2855ed768cc78a58c6103a4671"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/aerodrome/index.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116707, "scanner": "repobility-ai-code-hygiene", "fingerprint": "601a20d367a0898db42daf13833ce787e9de18633967d2338ecf41b3ed0abd83", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/aborean/index.ts", "duplicate_line": 12, "correlation_key": "fp|601a20d367a0898db42daf13833ce787e9de18633967d2338ecf41b3ed0abd83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/aerodrome/index.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116706, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7cc43832f312539596af7e45e97c80951fc629406dcd4a90f63f805d10ee2de", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/aborean-cl/index.ts", "duplicate_line": 71, "correlation_key": "fp|c7cc43832f312539596af7e45e97c80951fc629406dcd4a90f63f805d10ee2de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/aerodrome-slipstream/index.ts"}, "region": {"startLine": 119}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116705, "scanner": "repobility-ai-code-hygiene", "fingerprint": "672964454384a4b36a3df82cec1a75fee8ecfe87ff3076d716a6b0c0f690d2a8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/0x-limit.ts", "duplicate_line": 1, "correlation_key": "fp|672964454384a4b36a3df82cec1a75fee8ecfe87ff3076d716a6b0c0f690d2a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/0x-rfq.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ae2e8e4ef5aaffb6c2574e8ebb615e835cf928c069aa918976b661e4cf77d82", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dexs/0x-limit.ts", "duplicate_line": 1, "correlation_key": "fp|3ae2e8e4ef5aaffb6c2574e8ebb615e835cf928c069aa918976b661e4cf77d82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/0x-otc.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2676abf41ec96ae9ac96002266bbb3c2af8cea34b7af71d4a82d6f03279b3e73", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cli/buildModules.ts", "duplicate_line": 115, "correlation_key": "fp|2676abf41ec96ae9ac96002266bbb3c2af8cea34b7af71d4a82d6f03279b3e73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/migrateDeadProjects.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116702, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7d79f7a18c1310394258fd94b3f10853d9ddc17601454b3271d19d67a00f5c31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/wheelx/index.ts", "duplicate_line": 1, "correlation_key": "fp|7d79f7a18c1310394258fd94b3f10853d9ddc17601454b3271d19d67a00f5c31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/wheelx/index.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116701, "scanner": "repobility-ai-code-hygiene", "fingerprint": "643e4ed0a96b39ccd2734a204c0ab9b3a24b87c155d334e3d073df7072560390", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/virtus/index.ts", "duplicate_line": 8, "correlation_key": "fp|643e4ed0a96b39ccd2734a204c0ab9b3a24b87c155d334e3d073df7072560390"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/virtus/index.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116700, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1ccea223eb9f04874258be9e10b23f9c6386c09bfd646b16adbc2e29a7484327", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/swing/index.ts", "duplicate_line": 4, "correlation_key": "fp|1ccea223eb9f04874258be9e10b23f9c6386c09bfd646b16adbc2e29a7484327"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/swing/index.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116699, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ed5f4e5052d0a0e481ca1c5437f5f4f4d01b02807d36bd27e7491cb8c10d3c87", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/rubic/index.ts", "duplicate_line": 4, "correlation_key": "fp|ed5f4e5052d0a0e481ca1c5437f5f4f4d01b02807d36bd27e7491cb8c10d3c87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/rubic/index.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116698, "scanner": "repobility-ai-code-hygiene", "fingerprint": "14b1670d8d976deefd5d0a2310f1ce2ae43d4a6738c5a86dd1e26eba9af767f9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "bridge-aggregators/jumper.exchange/index.ts", "duplicate_line": 9, "correlation_key": "fp|14b1670d8d976deefd5d0a2310f1ce2ae43d4a6738c5a86dd1e26eba9af767f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/lifi/index.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116697, "scanner": "repobility-ai-code-hygiene", "fingerprint": "922bb8b869a97f8a4d51602224bd280d12028b079e4e9cbf3150914fc0f9e4ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/bitgetwallet/index.ts", "duplicate_line": 42, "correlation_key": "fp|922bb8b869a97f8a4d51602224bd280d12028b079e4e9cbf3150914fc0f9e4ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/bitgetwallet/index.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116696, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e9a4c13d6806f3dcff3adcfb0c97ccb162520b95cca74f37cae59a5a3d72902", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/bim/index.ts", "duplicate_line": 8, "correlation_key": "fp|6e9a4c13d6806f3dcff3adcfb0c97ccb162520b95cca74f37cae59a5a3d72902"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bridge-aggregators/bim/index.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116695, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ea0fd8469c38b08367197334708c4d9c61a79a069c5fc47693c66c38a0ef36f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregators/aura-agg/index.ts", "duplicate_line": 21, "correlation_key": "fp|ea0fd8469c38b08367197334708c4d9c61a79a069c5fc47693c66c38a0ef36f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/hyperbloom/index.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116694, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1919e719f759e1c318d5dd8f45f530faf379c0f87566b3cc5f92d58b91544bdf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregator-derivatives/flat-money-v1/index.ts", "duplicate_line": 11, "correlation_key": "fp|1919e719f759e1c318d5dd8f45f530faf379c0f87566b3cc5f92d58b91544bdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregator-derivatives/flat-money/index.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116693, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8bff6977cff516c9566e8d822e4abe96b8f283c14464045f445613fae1397d38", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "aggregator-derivatives/flat-money-v1/index.ts", "duplicate_line": 1, "correlation_key": "fp|8bff6977cff516c9566e8d822e4abe96b8f283c14464045f445613fae1397d38"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregator-derivatives/flat-money-v2/index.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 116691, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7417b921c4f5a211cf2de67db5847e45f4d631c81d90bcc9280789c78d11e67", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "new", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|b7417b921c4f5a211cf2de67db5847e45f4d631c81d90bcc9280789c78d11e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/orderly-perps-new.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 116686, "scanner": "repobility-threat-engine", "fingerprint": "32ed6d47e66b0af60aff487663570a95a5f9c8b3e169b935ffd59d95750410a7", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"https://gateway-arbitrum.network.thegraph.com/api/\"+KEY+\"/subgraphs/id/wTKJtDwtthHZDpp79HbHuegwJRqi", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|32ed6d47e66b0af60aff487663570a95a5f9c8b3e169b935ffd59d95750410a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/yfx-v3/index.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "CORE_NO_LICENSE", "level": "note", "message": {"text": "No LICENSE file"}, "properties": {"repobilityId": 116646, "scanner": "repobility-core", "fingerprint": "9314e9238cd99885865b92490d1aaa96ca62b1390c9377878d5f3d99227e1c3c", "category": "documentation", "severity": "low", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_LICENSE", "scanner": "repobility-core", "correlation_key": "repo|documentation|core_no_license"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 27 more): Same pattern found in 27 additional files. Review if needed."}, "properties": {"repobilityId": 116683, "scanner": "repobility-threat-engine", "fingerprint": "002ed18f0cc5b966c0e1016096182df7b33bfb6f2d7e2335f53c8bbed01ecaf8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 27 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|002ed18f0cc5b966c0e1016096182df7b33bfb6f2d7e2335f53c8bbed01ecaf8", "aggregated_count": 27}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 116682, "scanner": "repobility-threat-engine", "fingerprint": "7b4db580876c5b3e8cd1c8a2cfc0d22a7da86cf1ff4236ab2c037b9bed0b012d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b4db580876c5b3e8cd1c8a2cfc0d22a7da86cf1ff4236ab2c037b9bed0b012d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/aborean-cl/index.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 116681, "scanner": "repobility-threat-engine", "fingerprint": "5caa95037d8bbc7f332d182e3541562921979673aa0cb35988e69a4f3a404f9e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5caa95037d8bbc7f332d182e3541562921979673aa0cb35988e69a4f3a404f9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/SmarDex/index.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 116680, "scanner": "repobility-threat-engine", "fingerprint": "c84348e78170927e92886d632503c8a6f11249abd04a0825b4e54f2321a15f19", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c84348e78170927e92886d632503c8a6f11249abd04a0825b4e54f2321a15f19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cli/buildModules.ts"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 116679, "scanner": "repobility-threat-engine", "fingerprint": "133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|133d0321df668823d68fda7a262cc53d13053f2174d79a753e1fabffb7f20eec", "aggregated_count": 4}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 116678, "scanner": "repobility-threat-engine", "fingerprint": "6cabe440ce4495e54f58942c0913379c7bad96a6911f37b4fee9ef06e3f3db82", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6cabe440ce4495e54f58942c0913379c7bad96a6911f37b4fee9ef06e3f3db82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/ociswap-basic.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 116677, "scanner": "repobility-threat-engine", "fingerprint": "285c9e64457ca0898cad0d6776ae6b6ffbbe43552a2d1ce72e9ec724b20aa557", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|285c9e64457ca0898cad0d6776ae6b6ffbbe43552a2d1ce72e9ec724b20aa557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/metric/index.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 116676, "scanner": "repobility-threat-engine", "fingerprint": "ac47c7308735c55d867e74b57742fe3a4fea222bcce41fab4b1a1d046accc8bb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ac47c7308735c55d867e74b57742fe3a4fea222bcce41fab4b1a1d046accc8bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/symphony/index.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 116675, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 20 more): Same pattern found in 20 additional files. Review if needed."}, "properties": {"repobilityId": 116671, "scanner": "repobility-threat-engine", "fingerprint": "c1ac4f7bfd3cb5749074172447bbd649d3b8d62a711943e2d06a444e028cdfdd", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 20 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c1ac4f7bfd3cb5749074172447bbd649d3b8d62a711943e2d06a444e028cdfdd"}}}, {"ruleId": "SEC002", "level": "none", "message": {"text": "[SEC002] Hardcoded API Key (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 116666, "scanner": "repobility-threat-engine", "fingerprint": "3d3cf2fe698902d4dff187f3e4c4afb0b043ae1c1b5487d9b244f00881c7ac3d", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|3d3cf2fe698902d4dff187f3e4c4afb0b043ae1c1b5487d9b244f00881c7ac3d"}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 95 more): Same pattern found in 95 additional files. Review if needed."}, "properties": {"repobilityId": 116662, "scanner": "repobility-threat-engine", "fingerprint": "e5099ae402ece5a9921b43f9ce7d48b776d4ec6085a68cbccca016068a1c88e9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 95 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e5099ae402ece5a9921b43f9ce7d48b776d4ec6085a68cbccca016068a1c88e9", "aggregated_count": 95}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 116661, "scanner": "repobility-threat-engine", "fingerprint": "06ffe7d20653c0e0ed18528ed589e359a7b56d39c40c97bcbabeccc781a35a2f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06ffe7d20653c0e0ed18528ed589e359a7b56d39c40c97bcbabeccc781a35a2f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/bebop/index.ts"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 116660, "scanner": "repobility-threat-engine", "fingerprint": "2925bc02bcb08ad5bcb515cec7b30c0e9b6583fce884476ffd5577bfa4cb3171", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2925bc02bcb08ad5bcb515cec7b30c0e9b6583fce884476ffd5577bfa4cb3171"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/barter/index.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 116659, "scanner": "repobility-threat-engine", "fingerprint": "5f340d5ba57763686a19903473e76912ac864bc4723ac59e550dacd54bf94612", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f340d5ba57763686a19903473e76912ac864bc4723ac59e550dacd54bf94612"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregator-derivatives/mux-protocol-agge.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 229 more): Same pattern found in 229 additional files. Review if needed."}, "properties": {"repobilityId": 116658, "scanner": "repobility-threat-engine", "fingerprint": "a0e659a463d592d465a604d30a642738e0ce397f942c131c2389dea33a0095e2", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 229 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 229 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a0e659a463d592d465a604d30a642738e0ce397f942c131c2389dea33a0095e2"}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 1096 more): Same pattern found in 1096 additional files. Review if needed."}, "properties": {"repobilityId": 116654, "scanner": "repobility-threat-engine", "fingerprint": "22a7e3e814cd942694879294da15fd022931e7c010124f005d41b192251c139b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1096 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|22a7e3e814cd942694879294da15fd022931e7c010124f005d41b192251c139b", "aggregated_count": 1096}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 116653, "scanner": "repobility-threat-engine", "fingerprint": "fd3dc251010f4f6cbe7477dadacbc0cad9ddd72278972f9d9cd39bc28f57f905", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fd3dc251010f4f6cbe7477dadacbc0cad9ddd72278972f9d9cd39bc28f57f905"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "active-users/lighter.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 116652, "scanner": "repobility-threat-engine", "fingerprint": "ea59f0a08da57edb965bc2b57537004183354b7c7433a715d10eb74786fc4e5a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea59f0a08da57edb965bc2b57537004183354b7c7433a715d10eb74786fc4e5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "active-users/hyperevm.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 116651, "scanner": "repobility-threat-engine", "fingerprint": "f58d91d3fa3c9b173fb6dde039c0bf975db796e1f1dfcc85771d85e3cefdc910", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f58d91d3fa3c9b173fb6dde039c0bf975db796e1f1dfcc85771d85e3cefdc910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "active-users/aptos.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 116650, "scanner": "repobility-threat-engine", "fingerprint": "49740e3cda1ad7d33d39ae640807944dff49a7f056df62abdcd905c65a4eadfa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|49740e3cda1ad7d33d39ae640807944dff49a7f056df62abdcd905c65a4eadfa", "aggregated_count": 52}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 116649, "scanner": "repobility-threat-engine", "fingerprint": "0b9cf4ca2d3d5baf1489fcaa57f723ee3734e39109efbc8847a6367258595299", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b9cf4ca2d3d5baf1489fcaa57f723ee3734e39109efbc8847a6367258595299"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/mimboku-aggregator/index.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 116648, "scanner": "repobility-threat-engine", "fingerprint": "299d502b893b3a8ae3f11d113aa9fdfea5b717ec2a9e1cbb5dbb1be132ec3065", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|299d502b893b3a8ae3f11d113aa9fdfea5b717ec2a9e1cbb5dbb1be132ec3065"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/getFileList.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 116647, "scanner": "repobility-threat-engine", "fingerprint": "9e8b86a094949492d86c3c5e2f20da7af951407a8b9407114be497b443c0ed24", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9e8b86a094949492d86c3c5e2f20da7af951407a8b9407114be497b443c0ed24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/commentResult.js"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116738, "scanner": "repobility-supply-chain", "fingerprint": "ee5cdb18f292f8ba3f4be771bbf6402826070943d8b268280a4f315747824a4f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ee5cdb18f292f8ba3f4be771bbf6402826070943d8b268280a4f315747824a4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/comment.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v4`: `uses: actions/download-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116737, "scanner": "repobility-supply-chain", "fingerprint": "93637fb42dcf0263d53d4811b3f1f35523f09f6a8685ada1b4cfdcef83f0b579", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|93637fb42dcf0263d53d4811b3f1f35523f09f6a8685ada1b4cfdcef83f0b579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/comment.yml"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116736, "scanner": "repobility-supply-chain", "fingerprint": "2d581581c83bd71a0bb6ef8f32f51a471166d0a3f511456b52f874fcb9cc5a5b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d581581c83bd71a0bb6ef8f32f51a471166d0a3f511456b52f874fcb9cc5a5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-adapter.yml"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116735, "scanner": "repobility-supply-chain", "fingerprint": "9ac9293ccc8593f257e653e4fe654d72a61c25c2f99babd24b19a3b489940859", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9ac9293ccc8593f257e653e4fe654d72a61c25c2f99babd24b19a3b489940859"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-adapter.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116734, "scanner": "repobility-supply-chain", "fingerprint": "530d91c48fabfac9358c7639c0fbf8f5296a82a8537bbcbeaaf83fd3df9e0256", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|530d91c48fabfac9358c7639c0fbf8f5296a82a8537bbcbeaaf83fd3df9e0256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-adapter.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116733, "scanner": "repobility-supply-chain", "fingerprint": "6cfb1a7e6209c2cdc3fe2610bcbbb2b6458a615b1d600576b661d0b4e21cad67", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6cfb1a7e6209c2cdc3fe2610bcbbb2b6458a615b1d600576b661d0b4e21cad67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-adapter.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116732, "scanner": "repobility-supply-chain", "fingerprint": "8b4bc247057596729c84ada30b136994389deed420cb4fe16c56552bb340704a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b4bc247057596729c84ada30b136994389deed420cb4fe16c56552bb340704a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-modules-and-alert.yml"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `ncipollo/release-action` pinned to mutable ref `@v1`: `uses: ncipollo/release-action@v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116731, "scanner": "repobility-supply-chain", "fingerprint": "bacfafad863b7ce6e2636f0582ac3fbe44743f5c23e9e62204be54dec88b5002", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bacfafad863b7ce6e2636f0582ac3fbe44743f5c23e9e62204be54dec88b5002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-modules-and-alert.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116730, "scanner": "repobility-supply-chain", "fingerprint": "2da6bfdbc47b33e699a516cd285c9769fdbd1492458787df085a9192cd140053", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2da6bfdbc47b33e699a516cd285c9769fdbd1492458787df085a9192cd140053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-modules-and-alert.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116729, "scanner": "repobility-supply-chain", "fingerprint": "47e376a176515ec9fd5647b1aab5c0c769cdafcca91f8b991c8577ca5251471b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|47e376a176515ec9fd5647b1aab5c0c769cdafcca91f8b991c8577ca5251471b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-modules-and-alert.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116728, "scanner": "repobility-supply-chain", "fingerprint": "b7b6d8fa26b8639dda0107cea1c13895c9d5d7209724a69257ab1064e76da5c7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b7b6d8fa26b8639dda0107cea1c13895c9d5d7209724a69257ab1064e76da5c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/build-modules-and-alert.yml"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116727, "scanner": "repobility-supply-chain", "fingerprint": "1810de0d7aca9322e5f452de5db9956a8b6a2cf513ce06113a74e024f8a4a277", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1810de0d7aca9322e5f452de5db9956a8b6a2cf513ce06113a74e024f8a4a277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ts-check.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `pnpm/action-setup` pinned to mutable ref `@v4`: `uses: pnpm/action-setup@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116726, "scanner": "repobility-supply-chain", "fingerprint": "891ee3ae19cbfefac301959565762f147e751e89eee4eb32771fb1a432b3a8bc", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|891ee3ae19cbfefac301959565762f147e751e89eee4eb32771fb1a432b3a8bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ts-check.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 116725, "scanner": "repobility-supply-chain", "fingerprint": "73b4dcb72aae8dccff875e59923444d937b837bee97a1909494ec5d4fc8500a2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|73b4dcb72aae8dccff875e59923444d937b837bee97a1909494ec5d4fc8500a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ts-check.yml"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 116690, "scanner": "repobility-threat-engine", "fingerprint": "7e4594b2a1dc2c67c8f327dfe48e86f1cdfb3d22fcaa93e4b81fd0efd299291f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7e4594b2a1dc2c67c8f327dfe48e86f1cdfb3d22fcaa93e4b81fd0efd299291f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "fees/move-dollar.ts"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 116687, "scanner": "repobility-threat-engine", "fingerprint": "615b33237226a60127c559080883250c02e47f52a4c90ca7c6168f0a3b393fa0", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search({\n      index: HOURLY_VOLUME_INDEX,\n      body: {\n        query: {\n          bool: {", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|factory/normalizedvolume.ts|100|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/normalizedVolume.ts"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 116685, "scanner": "repobility-threat-engine", "fingerprint": "1b8ece3560e3e895001fb6e16670d4b662d6c886c44d42fa70d53482b5334cda", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "positionSize.delete(log.tradeId);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b8ece3560e3e895001fb6e16670d4b662d6c886c44d42fa70d53482b5334cda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/pandora-speed-trading/index.ts"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 116684, "scanner": "repobility-threat-engine", "fingerprint": "aaec5a40d056114337a467039d3aca81966c7cfec42a38863833e02faada1d1b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "positionQty.delete(log.moonIndex);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|aaec5a40d056114337a467039d3aca81966c7cfec42a38863833e02faada1d1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/aark/index.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 116674, "scanner": "repobility-threat-engine", "fingerprint": "a4646f24e356feadc1a0c455ef589072c2cbfc55acc236af9c724c1cb38c445c", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.warn(`Price not found for token ${event.tokenIn} at timestamp ${endTimestamp}`)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|dexs/kyex/index.ts|8|console.warn price not found for token event.tokenin at timestamp endtimestamp"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/kyex/index.ts"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 116673, "scanner": "repobility-threat-engine", "fingerprint": "6ab17560cf49071e014751567fc1351349dce0a89ded52466437c2cfea032107", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.warn(`Invalid fee: ${feeNum} for token ${actualToken}`)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|22|console.warn invalid fee: feenum for token actualtoken"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/fluid-dex-lite/index.ts"}, "region": {"startLine": 221}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 116672, "scanner": "repobility-threat-engine", "fingerprint": "d7612e97bbb056c38d6e196a38ba3aa4c42ed9a591478631e3ee6c796a3d0cc2", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.warn(`Failed to get SuperToken metadata for ${superTokenAddress}:`, e)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|12|console.warn failed to get supertoken metadata for supertokenaddress : e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/superboring/index.ts"}, "region": {"startLine": 125}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 116670, "scanner": "repobility-threat-engine", "fingerprint": "45b70a4a3421f03109985a5a9b1338223a10cd1a06f3fd44fbb01bfd732cd688", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((e) => `\"${e}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|45b70a4a3421f03109985a5a9b1338223a10cd1a06f3fd44fbb01bfd732cd688"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/etherex.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 116669, "scanner": "repobility-threat-engine", "fingerprint": "54a02bba0ae8683ddfc9e487ffdd3791a04bf3bb7c8ee0f046e303764a483994", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((a) => `'${a}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|54a02bba0ae8683ddfc9e487ffdd3791a04bf3bb7c8ee0f046e303764a483994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/axiom.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 116668, "scanner": "repobility-threat-engine", "fingerprint": "a826f0cb02b4ecf97a531ac3690d41c6e046a8f12c8089ddd291b2266d081765", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((eventType) => `'${eventType}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a826f0cb02b4ecf97a531ac3690d41c6e046a8f12c8089ddd291b2266d081765"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/lamboo/index.ts"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC129", "level": "error", "message": {"text": "[SEC129] Tautological SQL \u2014 WHERE 1=1 AND ... left in production: `WHERE 1=1 AND ...` is a scaffolding trick \u2014 devs use it so they can append AND clauses by string-concat without worrying about the first AND. AI assistants almost always emit it, then ship it. Result: SQL is syntactically valid, runs successfully, returns ALL rows when the dynamic AND was never appended. Combined with an auth bug, this becomes a mass-data-leak query. CWE-697 (incorrect comparison) crossed with CWE-89 footprint."}, "properties": {"repobilityId": 116667, "scanner": "repobility-threat-engine", "fingerprint": "80d0ab28f36c18b53c2e3ddc1e39fe63299afcb3622d2c890dcb0fe496150330", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "where 1 = 1\n            and", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC129", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|80d0ab28f36c18b53c2e3ddc1e39fe63299afcb3622d2c890dcb0fe496150330"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/binancewallet/index.ts"}, "region": {"startLine": 33}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 116657, "scanner": "repobility-threat-engine", "fingerprint": "a1726be0823173be66a7b32791e8f9006f670429f76469ff6b385a50f1fa35c2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a1726be0823173be66a7b32791e8f9006f670429f76469ff6b385a50f1fa35c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregator-derivatives/mux-protocol-agge.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 116656, "scanner": "repobility-threat-engine", "fingerprint": "7252cf34d6abd45504fa94414a4b3e3a969cf697a7e7ffa58431fbe3c9d0d02c", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(\n    T", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7252cf34d6abd45504fa94414a4b3e3a969cf697a7e7ffa58431fbe3c9d0d02c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "active-users/ton.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 116655, "scanner": "repobility-threat-engine", "fingerprint": "082e97464f311d6feb9fdd76b4df38b3e1e887690a5a85f928b485747baa7dc9", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(C", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|082e97464f311d6feb9fdd76b4df38b3e1e887690a5a85f928b485747baa7dc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "active-users/near.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 116645, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 116688, "scanner": "repobility-threat-engine", "fingerprint": "5d92abf55b87305501fca501e7141c333bc6d64788bc41f40fe5215a9abdf45b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(importPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5d92abf55b87305501fca501e7141c333bc6d64788bc41f40fe5215a9abdf45b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "factory/registry.ts"}, "region": {"startLine": 137}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 116665, "scanner": "repobility-threat-engine", "fingerprint": "2f847f30413f3286ac230a332a5ae23671be5da61384462a8a29add7991c12a9", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.2 bits) \u2014 likely real secret", "evidence": {"match": "apiKey = '<redacted>'", "reason": "High entropy value (4.2 bits) \u2014 likely real secret", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|dexs/spark/index.ts|1|apikey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dexs/spark/index.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 116664, "scanner": "repobility-threat-engine", "fingerprint": "c3a533540021a9eaedff290c0fb6872ade903b85ac39faae92a7ad572ee12150", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.6 bits) \u2014 likely real secret", "evidence": {"match": "ApiKey = \"<redacted>\"", "reason": "High entropy value (4.6 bits) \u2014 likely real secret", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|aggregators/navi/index.ts|1|apikey redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/navi/index.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 116663, "scanner": "repobility-threat-engine", "fingerprint": "1532abb641c223c5d32efffdd91e4fc0d6225962013bac5f64b467f2c10f1bf5", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.8 bits) \u2014 likely real secret", "evidence": {"match": "API_KEY = '<redacted>'", "reason": "High entropy value (4.8 bits) \u2014 likely real secret", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|aggregators/1delta/index.ts|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "aggregators/1delta/index.ts"}, "region": {"startLine": 6}}}]}]}]}