Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
75 of your 119 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 4.59s · analysis 2.56s · 24.8 MB · GitHub API rate-limit (preflight)

microsoft/markitdown

https://github.com/microsoft/markitdown · scanned 2026-06-04 04:10 UTC (1 day, 10 hours ago) · 10 languages

223 findings (115 legacy + 108 scanner) 70th percentile · Python · small (2-20K LoC) Scanner says 89 (lower by 12)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 day, 10 hours ago · v2 · 169 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
83.0
/100
Repobility
77
115 legacy
9-layer
89
88.9% cov · 54 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 55.0 0.15 8.25
security_score 97.7 0.25 24.43
testing_score 85.0 0.20 17.00
documentation_score 80.0 0.15 12.00
practices_score 75.0 0.15 11.25
code_quality 43.6 0.10 4.36
Overall 1.00 77.3
Severity distribution — click a segment to filter
Active filters: source: legacy × excluding tests × Reset all
Severity: Critical 0 High 89 Medium 9 Low 59 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 115 9-layer 54 Crowd 0 Layer: Cicd 6 Quality 115 Software 42 Api 1 Hardware 3 Frontend 1 Security 1
Scan summary Repository scanned at 89.4/100 with 88.9% coverage. It contains 606 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 54 findings — concentrated in software (35), quality (12), hardware (3). Risk profile is low: 0 critical, 0 high, 0 medium. Recommended next step: open the software layer findings first — that's where the highest-impact wins live.

Showing 94 of 169 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:211 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:121 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows everything including KeyboardInterrupt and bugs.
Review and fix per the pattern semantics. See CWE-755 / for context.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:155 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and SystemExit from working.
Review and fix per the pattern semantics. See CWE-705 / for context.
packages/markitdown/src/markitdown/converters/_rss_converter.py:68 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._column_number_to_letter` used but never assigned in __init__
Method `_extract_and_ocr_sheet_images` of class `XlsxConverterWithOCR` reads `self._column_number_to_letter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:191 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._convert_chart_to_markdown` used but never assigned in __init__
Method `convert` of class `PptxConverterWithOCR` reads `self._convert_chart_to_markdown`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:146 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._convert_standard` used but never assigned in __init__
Method `convert` of class `XlsxConverterWithOCR` reads `self._convert_standard`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:86 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._convert_table_to_markdown` used but never assigned in __init__
Method `convert` of class `PptxConverterWithOCR` reads `self._convert_table_to_markdown`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:142 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._convert_with_ocr` used but never assigned in __init__
Method `convert` of class `XlsxConverterWithOCR` reads `self._convert_with_ocr`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:82 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._extract_and_ocr_images` used but never assigned in __init__
Method `convert` of class `DocxConverterWithOCR` reads `self._extract_and_ocr_images`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:88 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._extract_and_ocr_sheet_images` used but never assigned in __init__
Method `_convert_with_ocr` of class `XlsxConverterWithOCR` reads `self._extract_and_ocr_sheet_images`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:139 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._extract_page_images` used but never assigned in __init__
Method `convert` of class `PdfConverterWithOCR` reads `self._extract_page_images`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:193 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._inject_placeholders` used but never assigned in __init__
Method `convert` of class `DocxConverterWithOCR` reads `self._inject_placeholders`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:99 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._is_picture` used but never assigned in __init__
Method `convert` of class `PptxConverterWithOCR` reads `self._is_picture`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:91 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._is_table` used but never assigned in __init__
Method `convert` of class `PptxConverterWithOCR` reads `self._is_table`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:141 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self._ocr_full_pages` used but never assigned in __init__
Method `convert` of class `PdfConverterWithOCR` reads `self._ocr_full_pages`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:309 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:195 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:194 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:193 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:192 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:191 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:188 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:185 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility `self.register_converter` used but never assigned in __init__
Method `enable_builtins` of class `MarkItDown` reads `self.register_converter`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
packages/markitdown/src/markitdown/_markitdown.py:182 qualitylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`
`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pre-commit.yml:8 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-python` pinned to mutable ref `@v5`
`uses: actions/setup-python@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.
.github/workflows/pre-commit.yml:10 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `python:3.13-slim-bullseye` not pinned by digest
`FROM python:3.13-slim-bullseye` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
packages/markitdown-mcp/Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `python:3.13-slim-bullseye` not pinned by digest
`FROM python:3.13-slim-bullseye` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
Dockerfile:1 dependencylegacy
high Legacy software dependency conf 0.90 ✓ Repobility pre-commit hook `https://github.com/psf/black` pinned to mutable rev `23.7.0`
`.pre-commit-config.yaml` references `https://github.com/psf/black` at `rev: 23.7.0`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine.
.pre-commit-config.yaml:2 dependencylegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:211 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:121 error_handlinglegacy
medium Legacy quality error_handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:155 error_handlinglegacy
medium Legacy quality quality conf 1.00 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production exposes stack traces, environment variables, framework internals — sometimes triggers RCE (Django debug page with arbitrary template eval).
Set DEBUG=False / APP_DEBUG=false in production. Provide a generic 500 handler that logs to backend but returns a sanitized page to clients.
packages/markitdown-mcp/src/markitdown_mcp/__main__.py:129 qualitylegacy
medium Legacy quality quality conf 1.00 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.
Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.
packages/markitdown/src/markitdown/converters/_llm_caption.py:22 qualitylegacy
medium Legacy quality quality conf 1.00 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.
Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.
packages/markitdown/src/markitdown/converters/_image_converter.py:110 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converter_utils/docx/pre_process.py:150 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_pptx_converter.py:262 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_image_converter.py:112 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_pdf_converter.py:576 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_rss_converter.py:176 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_youtube_converter.py:176 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_youtube_converter.py:232 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_youtube_converter.py:114 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/converters/_llm_caption.py:24 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/_markitdown.py:630 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/_markitdown.py:268 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown/src/markitdown/_markitdown.py:79 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:78 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:107 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:413 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:380 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:419 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:302 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:120 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:386 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:297 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:208 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_docx_converter_with_ocr.py:152 qualitylegacy
high Legacy quality quality conf 1.00 ✓ Repobility Bare except continues silently
Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:248 qualitylegacy
medium Legacy cicd docker conf 0.76 Dockerfile copies broad context with incomplete .dockerignore
COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts.
packages/markitdown-mcp/Dockerfile:17 dockerlegacy
medium Legacy cicd docker conf 0.76 Dockerfile copies broad context with incomplete .dockerignore
COPY . or ADD . is safer when .dockerignore excludes secrets, git history, keys, and generated artifacts.
Dockerfile:22 dockerlegacy
medium Legacy quality quality conf 1.00 ✓ Repobility Mutable default argument in `__init__` (list)
`def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too.
packages/markitdown/src/markitdown/converters/_doc_intel_converter.py:133 qualitylegacy
low Legacy cicd docker conf 0.72 .dockerignore misses sensitive defaults
.dockerignore exists but does not cover common secret or VCS patterns.
.dockerignore dockerlegacy
low Legacy cicd docker conf 0.74 Dockerfile leaves apt package indexes in the image layer
Package indexes increase image size and can expose stale metadata in the final image layer.
packages/markitdown-mcp/Dockerfile:10 dockerlegacy
low Legacy cicd docker conf 0.74 Dockerfile leaves apt package indexes in the image layer
Package indexes increase image size and can expose stale metadata in the final image layer.
Dockerfile:8 dockerlegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_zip_converter.py:45 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_youtube_converter.py:42 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_youtube_converter.py:41 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_xlsx_converter.py:46 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_wikipedia_converter.py:29 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_pptx_converter.py:41 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_pptx_converter.py:30 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_pptx_converter.py:26 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_plain_text_converter.py:35 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_pdf_converter.py:354 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_pdf_converter.py:350 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_pdf_converter.py:342 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_outlook_msg_converter.py:21 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_llm_caption.py:13 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_image_converter.py:23 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_image_converter.py:15 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_html_converter.py:18 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_html_converter.py:4 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_epub_converter.py:26 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_epub_converter.py:22 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_docx_converter.py:37 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_docx_converter.py:26 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_csv_converter.py:18 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown/src/markitdown/converters/_audio_converter.py:21 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown-ocr/src/markitdown_ocr/_xlsx_converter_with_ocr.py:25 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown-ocr/src/markitdown_ocr/_pptx_converter_with_ocr.py:38 qualitylegacy
high Legacy quality quality conf 0.86 Duplicated implementation block across source files
Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations.
packages/markitdown-ocr/src/markitdown_ocr/_pdf_converter_with_ocr.py:105 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.
Review and fix per the pattern semantics.
packages/markitdown/src/markitdown/_stream_info.py:5 qualitylegacy
low Legacy quality quality conf 1.00 ✓ Repobility [MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.
Review and fix per the pattern semantics.
packages/markitdown-ocr/src/markitdown_ocr/_ocr_service.py:13 qualitylegacy
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/dbdaf599-dde3-40fb-aea4-0a5672c27966/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/dbdaf599-dde3-40fb-aea4-0a5672c27966/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.