← Back to scan
File as GitHub Issue repo: NixOS/nixpkgs

Push this scan report to NixOS/nixpkgs

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

Missing import: `xml` used but not imported

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
CRIT MINED107 [MINED107] Missing import: `sys` used but not imported: The file uses `sys.something(...)… nixos/modules/system/boot/loader/refind…:341
CRIT MINED107 [MINED107] Missing import: `string` used but not imported: The file uses `string.somethin… maintainers/scripts/remove-old-aliases.…:75
CRIT MINED107 [MINED107] Missing import: `uuid` used but not imported: The file uses `uuid.something(..… pkgs/desktops/gnome/extensions/update-e…:58
CRIT MINED107 [MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(..… pkgs/desktops/gnome/find-latest-version…:25
CRIT MINED107 [MINED107] Missing import: `xml` used but not imported: The file uses `xml.something(...)… pkgs/development/tools/build-managers/g…:74
CRIT MINED107 [MINED107] Missing import: `string` used but not imported: The file uses `string.somethin… pkgs/by-name/an/anyk/patch_paths.py:7
CRIT MINED107 [MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(… pkgs/by-name/ni/nix-required-mounts/nix…:153
CRIT MINED116 [MINED116] Workflow uses `secrets.NIXPKGS_MANUAL_EDIT_CHECK_APP_PRIVATE_KEY` on a `pull_r… .github/workflows/test.yml:121
CRIT MINED116 [MINED116] Workflow uses `secrets.NIXPKGS_COMMIT_CHECK_APP_PRIVATE_KEY` on a `pull_reques… .github/workflows/test.yml:120
CRIT MINED116 [MINED116] Workflow uses `secrets.NIXPKGS_BRANCH_CHECK_APP_PRIVATE_KEY` on a `pull_reques… .github/workflows/test.yml:119
CRIT MINED116 [MINED116] Workflow uses `secrets.NIXPKGS_CI_APP_PRIVATE_KEY` on a `pull_request` trigger… .github/workflows/test.yml:118
HIGH MINED110 [MINED110] Blocking call `input` inside async function `main`: `input` is a synchronous (… maintainers/scripts/update.py:548
HIGH MINED108 [MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `fence` of … pkgs/by-name/ni/nixos-render-docs/src/n…:112
HIGH MINED108 [MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `bullet_lis… pkgs/by-name/ni/nixos-render-docs/src/n…:96
HIGH MINED108 [MINED108] `self._leave_block` used but never assigned in __init__: Method `list_item_clo… pkgs/by-name/ni/nixos-render-docs/src/n…:92
HIGH MINED108 [MINED108] `self._break` used but never assigned in __init__: Method `list_item_open` of … pkgs/by-name/ni/nixos-render-docs/src/n…:83
HIGH MINED108 [MINED108] `self._enter_block` used but never assigned in __init__: Method `list_item_ope… pkgs/by-name/ni/nixos-render-docs/src/n…:89
HIGH MINED108 [MINED108] `self.fence` used but never assigned in __init__: Method `code_block` of class… pkgs/by-name/ni/nixos-render-docs/src/n…:74
HIGH MINED108 [MINED108] `self._break` used but never assigned in __init__: Method `softbreak` of class… pkgs/by-name/ni/nixos-render-docs/src/n…:69
HIGH MINED108 [MINED108] `self._break` used but never assigned in __init__: Method `hardbreak` of class… pkgs/by-name/ni/nixos-render-docs/src/n…:67
HIGH MINED108 [MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `paragraph_… pkgs/by-name/ni/nixos-render-docs/src/n…:63
HIGH MINED108 [MINED108] `self._indent_raw` used but never assigned in __init__: Method `text` of class… pkgs/by-name/ni/nixos-render-docs/src/n…:61
HIGH MINED108 [MINED108] `self._leave_block` used but never assigned in __init__: Method `_admonition_c… pkgs/by-name/ni/nixos-render-docs/src/n…:51
HIGH MINED108 [MINED108] `self._enter_block` used but never assigned in __init__: Method `_admonition_o… pkgs/by-name/ni/nixos-render-docs/src/n…:48
HIGH MINED108 [MINED108] `self._maybe_parbreak` used but never assigned in __init__: Method `_admonitio… pkgs/by-name/ni/nixos-render-docs/src/n…:47
HIGH MINED108 [MINED108] `self.versions_to_json` used but never assigned in __init__: Method `write_ver… pkgs/games/papermc/update.py:109
HIGH MINED108 [MINED108] `self.download_and_generate_sha256_hash` used but never assigned in __init__: … pkgs/games/papermc/update.py:90
HIGH SEC032 [SEC032] Unrestricted File Upload — no extension/MIME validation: File upload accepts the… pkgs/servers/web-apps/lemmy/update.py:41
HIGH MINED040 [MINED040] Python Yaml Load Unsafe: yaml.load(stream) without SafeLoader can deserialize … pkgs/development/python-modules/maubot/…:31
HIGH SEC080 [SEC080] Python: tarfile.extractall without filter: tarfile.extract*() without filter='da… pkgs/development/libraries/libxcrypt/ch…:45
HIGH MINED002 [MINED002] Dart Null Bang: value! throws on null. Use ?. or null check. pkgs/development/julia-modules/resolve_…:29
HIGH MINED002 [MINED002] Dart Null Bang: value! throws on null. Use ?. or null check. pkgs/development/julia-modules/extract_…:48
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… pkgs/by-name/ni/nixos-rebuild-ng/src/ni…:190
HIGH MINED036 [MINED036] Python Os System Call: os.system() invokes shell with no escaping. pkgs/by-name/mi/microsoft-edge/update.py:42
HIGH MINED041 [MINED041] Rust Unimplemented Macro: unimplemented!() panics. Same as todo!() but convent… pkgs/build-support/node/prefetch-npm-de…:49
HIGH SEC113 [SEC113] SSH host-key verification disabled (MITM): Accepting any SSH host key on first c… pkgs/build-support/fetchcvs/builder.sh:2
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… pkgs/by-name/dp/dprint/plugins/update-p…:55
HIGH MINED034 [MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command inje… pkgs/build-support/binary-cache/make-bi…:21
HIGH MINED021 [MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can co… pkgs/applications/networking/instant-me…:21
HIGH SEC021 [SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling… pkgs/applications/networking/cluster/li…:4
HIGH SEC021 [SEC021] Shell Trace Around Secret Handling: Shell xtrace is enabled near secret handling… pkgs/applications/networking/cluster/k3…:4
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… pkgs/development/interpreters/python/ru…:8
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… pkgs/by-name/an/antigravity/update.js:24
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… pkgs/applications/networking/browsers/c…:130
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… pkgs/development/python-modules/gradio/…:7
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… pkgs/by-name/mu/music-assistant/update-…:156
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… pkgs/applications/editors/jetbrains/upd…:140
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… pkgs/by-name/ac/acli/update.py:36
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… pkgs/applications/networking/browsers/c…:35
HIGH SEC103 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDA… maintainers/scripts/update-typst-packag…:88
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … pkgs/build-support/dotnet/make-nuget-so…:28
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … pkgs/applications/networking/instant-me…:53
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … maintainers/scripts/kde/generate-source…:123
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … pkgs/applications/networking/browsers/c…:22
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … pkgs/applications/editors/jetbrains/upd…:29
HIGH SEC078 [SEC078] Python: requests without timeout: requests.get/post without a timeout will hang … maintainers/scripts/hydra-eval-failures…:25
HIGH MINED017 [MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic. pkgs/by-name/li/libredirect/test.c:86
HIGH MINED017 [MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic. pkgs/by-name/br/brscan4/preload.c:163
HIGH MINED017 [MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic. maintainers/scripts/copy-tarballs.pl:259
HIGH MINED010 [MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dy… pkgs/development/r-modules/generate-r-p…:64
HIGH MINED010 [MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dy… nixos/modules/programs/command-not-foun…:60
HIGH MINED010 [MINED010] Ruby System Call: system / backtick run shell. Command injection if any arg dy… maintainers/scripts/copy-tarballs.pl:259
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). pkgs/applications/office/libreoffice/ge…:25
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). maintainers/scripts/update-channel-bran…:53
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). maintainers/scripts/copy-tarballs.pl:130
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… pkgs/applications/editors/jetbrains/upd…:109
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… pkgs/applications/editors/emacs/elisp-p…:172
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… maintainers/scripts/copy-tarballs.pl:241
HIGH MINED003 [MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky … pkgs/build-support/node/prefetch-npm-de…:102
HIGH MINED003 [MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky … maintainers/scripts/convert-to-import-c…:51
HIGH MINED003 [MINED003] Rust Unwrap In Prod: .unwrap() panics if None/Err. Acceptable in tests; risky … maintainers/scripts/check-maintainer-us…:7
HIGH SEC033 [SEC033] Prototype Pollution — unfiltered merge of user object: Merging user-controlled o… ci/github-script/get-teams.js:22
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… ci/github-script/merge.js:289
HIGH SEC040 [SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML w… ci/github-script/get-pr-commit-details.…:30
HIGH SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. pkgs/development/skaware-packages/sdnot…:154
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… pkgs/build-support/fetchitchio/fetchitc…:36
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… pkgs/applications/office/libreoffice/ge…:75
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… pkgs/applications/editors/emacs/elisp-p…:172
MED MINED109 [MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` —… nixos/lib/test-driver/src/test_driver/l…:240
MED MINED109 [MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())`… nixos/lib/test-driver/src/test_driver/l…:235
MED MINED109 [MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` — Pytho… nixos/lib/test-driver/src/test_driver/l…:231
MED MINED109 [MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` —… nixos/lib/test-driver/src/test_driver/l…:177
MED MINED109 [MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())`… nixos/lib/test-driver/src/test_driver/l…:170
MED MINED109 [MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` — Pytho… nixos/lib/test-driver/src/test_driver/l…:165
MED MINED109 [MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` —… nixos/lib/test-driver/src/test_driver/l…:106
MED MINED109 [MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())`… nixos/lib/test-driver/src/test_driver/l…:96
MED MINED109 [MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` — Pytho… nixos/lib/test-driver/src/test_driver/l…:92
MED MINED109 [MINED109] Mutable default argument in `nested` (dict): `def nested(... = []/{}/set())` —… nixos/lib/test-driver/src/test_driver/l…:39
MED MINED109 [MINED109] Mutable default argument in `subtest` (dict): `def subtest(... = []/{}/set())`… nixos/lib/test-driver/src/test_driver/l…:34
MED MINED109 [MINED109] Mutable default argument in `log` (dict): `def log(... = []/{}/set())` — Pytho… nixos/lib/test-driver/src/test_driver/l…:29
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… maintainers/scripts/hydra-eval-failures…:111
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… maintainers/scripts/hydra-eval-failures…:49
MED MINED109 [MINED109] Mutable default argument in `request` (list): `def request(... = []/{}/set())`… pkgs/desktops/gnome/extensions/update-e…:235
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/desktops/gnome/find-latest-version…:280
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/desktops/gnome/find-latest-version…:152
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/desktops/gnome/find-latest-version…:109
MED MINED109 [MINED109] Mutable default argument in `api` (dict): `def api(... = []/{}/set())` — Pytho… pkgs/build-support/fetchitchio/fetchitc…:44
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/applications/gis/qgis/test.py:59
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/applications/editors/jetbrains/upd…:39
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/applications/editors/jetbrains/upd…:93
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/applications/editors/jetbrains/upd…:209
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/data/fonts/maple-font/update.py:59
MED MINED109 [MINED109] Mutable default argument in `process` (dict): `def process(... = []/{}/set())`… pkgs/servers/dict/wiktionary/wiktionary…:216
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/development/python-modules/nixpkgs…:1386
MED MINED109 [MINED109] Mutable default argument in `rewrite_input` (list): `def rewrite_input(... = [… pkgs/development/python-modules/nixpkgs…:1390
MED MINED109 [MINED109] Mutable default argument in `rewrite_input` (dict): `def rewrite_input(... = [… pkgs/development/python-modules/nixpkgs…:1390
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/development/tools/electron/update_…:96
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/development/tools/electron/update_…:67
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/he/helix/generate_grammars…:95
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ac/acli/update.py:84
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ro/roon-server/update.py:125
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ya/yazi/plugins/update.py:714
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ya/yazi/plugins/update.py:610
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ya/yazi/plugins/update.py:483
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ya/yazi/plugins/update.py:614
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ca/calamares-nixos-extensi…:1083
MED MINED109 [MINED109] Mutable default argument in `directed_graph` (list): `def directed_graph(... =… pkgs/by-name/fl/flatten-references-grap…:234
MED MINED109 [MINED109] Mutable default argument in `auto_patchelf` (list): `def auto_patchelf(... = [… pkgs/by-name/au/auto-patchelf/source/au…:440
MED MINED109 [MINED109] Mutable default argument in `auto_patchelf_file` (list): `def auto_patchelf_fi… pkgs/by-name/au/auto-patchelf/source/au…:313
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/oc/ocis_5-bin/update.py:237
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/oc/ocis_5-bin/update.py:211
MED MINED109 [MINED109] Mutable default argument in `_map_worker_step` (list): `def _map_worker_step(.… pkgs/by-name/ni/nixos-render-docs/src/n…:30
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ni/nixos-render-docs/src/n…:52
MED MINED111 [MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that r… pkgs/by-name/ni/nixos-render-docs-redir…:109
MED SEC014 [SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing ma… pkgs/build-support/fetchpypilegacy/fetc…:81
MED SEC007 [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code. pkgs/development/python-modules/maubot/…:31
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… pkgs/by-name/gc/gclient2nix/gclient2nix…:118
MED SEC127 [SEC127] AI agent stub — TODO: implement / pass placeholder body: Function body left as T… pkgs/applications/networking/browsers/c…:77
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … pkgs/applications/networking/browsers/c…:130
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … pkgs/applications/gis/qgis/test.py:12
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … nixos/modules/programs/command-not-foun…:60
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… pkgs/os-specific/bsd/freebsd/update.py:96
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… pkgs/by-name/mu/music-assistant/update-…:119
MED SEC012 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation all… maintainers/scripts/update-typst-packag…:217
MED COMP001 [COMP001] High cognitive complexity: Function `main` has cognitive complexity 20 (SonarSo… maintainers/scripts/kde/collect-missing…:124
MED COMP001 [COMP001] High cognitive complexity: Function `perform_pairwise_tests` has cognitive comp… ci/eval/compare/cmp-stats.py:228
MED WEB003 Public web service has no security.txt .well-known/security.txt
MED AIC004 Suspicious implementation file appears unreferenced pkgs/by-name/we/wemeet/wemeet-x11-fix.c:1
MED AIC004 Suspicious implementation file appears unreferenced pkgs/by-name/vs/vscode-extension-update…:1
MED AGT015 Remote install command pipes network code directly to a shell nixos/doc/manual/release-notes/rl-1903.…:50
MED AGT015 Remote install command pipes network code directly to a shell nixos/doc/manual/installation/installin…:24
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. pkgs/by-name/dp/dprint/plugins/update-p…:55
MED SEC005 [SEC005] Command Injection Risk: Unsafe shell execution or eval of user input. pkgs/build-support/binary-cache/make-bi…:21
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… pkgs/by-name/pi/picoscope/update.py:34
LOW SEC132 [SEC132] String concat where the language has interpolation (AI style drift): String buil… pkgs/applications/networking/browsers/c…:40
LOW COMP001 [COMP001] High cognitive complexity: Function `flatten_data` has cognitive complexity 12 … ci/eval/compare/cmp-stats.py:14
LOW AIC003 Duplicated implementation block across source files pkgs/development/python-modules/spacy/a…:31
LOW AIC003 Duplicated implementation block across source files pkgs/by-name/so/sonarr/update.py:4
LOW AIC003 Duplicated implementation block across source files pkgs/by-name/ra/radarr/update.py:4
LOW AIC003 Duplicated implementation block across source files pkgs/by-name/pr/prowlarr/update.py:4
LOW AIC003 Duplicated implementation block across source files pkgs/by-name/nd/ndi/update.py:17
LOW AIC003 Duplicated implementation block across source files pkgs/by-name/li/libfprint-2-tod1-broadc…:2
LOW AIC003 Duplicated implementation block across source files pkgs/by-name/gc/gclient2nix/gclient2nix…:44
LOW AIC003 Duplicated implementation block across source files pkgs/build-support/rust/fetch-cargo-ven…:12
LOW AIC003 Duplicated implementation block across source files pkgs/build-support/node/fetch-yarn-deps…:155
LOW AIC003 Duplicated implementation block across source files nixos/modules/system/boot/loader/refind…:20
LOW AIC003 Duplicated implementation block across source files maintainers/scripts/kde/generate-source…:47
LOW AIC003 Duplicated implementation block across source files ci/github-script/manual-file-edits.js:21
LOW AIC002 Source file name looks like an AI patch artifact pkgs/by-name/we/wemeet/wemeet-x11-fix.c:1
LOW AIC002 Source file name looks like an AI patch artifact pkgs/by-name/vs/vscode-extension-update…:1
LOW CORE_NO_LICENSE No LICENSE file
INFO MINED064 [MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services. pkgs/tools/typesetting/tex/nix/find-inc…:23
INFO MINED046 [MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger. pkgs/development/julia-modules/extract_…:13
INFO MINED046 [MINED046] Dart Print: print() in Flutter goes to console. Use debugPrint / logger. pkgs/development/julia-modules/extract_…:14
INFO MINED071 [MINED071] Go Panic Call: panic() crashes the process. Should return error in most cases. pkgs/by-name/si/sing-geoip/main.go:9
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. pkgs/development/python-modules/pytest-…:4
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. pkgs/development/python-modules/gradio/…:7
INFO MINED072 [MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in. pkgs/by-name/mu/music-assistant/update-…:156
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… pkgs/by-name/xk/xkbvalidate/xkbvalidate…:22
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… pkgs/by-name/li/libfprint-2-tod1-broadc…:13
INFO MINED075 [MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking fo… pkgs/by-name/li/libfprint-2-tod1-broadc…:13
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… pkgs/pkgs-lib/formats/hocon/src/src/mai…:53
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… pkgs/build-support/node/prefetch-npm-de…:33
INFO MINED066 [MINED066] Rust Panic Macro: panic!() unwinds the stack. Use Result for recoverable error… pkgs/build-support/node/prefetch-npm-de…:133
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… pkgs/by-name/co/collabora-online/update…:32
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… pkgs/by-name/co/collabora-desktop/updat…:28
INFO MINED055 [MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versi… pkgs/build-support/node/fetch-yarn-deps…:55
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. pkgs/servers/dict/wordnet_structures.py:311
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. pkgs/development/python-modules/recursi…:31
INFO MINED077 [MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles. pkgs/build-support/fetchpypilegacy/fetc…:91
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … pkgs/development/julia-modules/resolve_…:29
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … pkgs/development/julia-modules/extract_…:48
INFO MINED045 [MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError … pkgs/build-support/buildenv/builder.pl:149
INFO MINED063 [MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) — file can be replaced/de… pkgs/applications/networking/instant-me…:34
INFO MINED085 [MINED085] Java Systemexit: System.exit() inside a library kills the whole JVM. nixos/modules/services/amqp/activemq/Ac…:15
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… pkgs/applications/editors/vim/plugins/u…:110
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… pkgs/applications/editors/jetbrains/upd…:29
INFO MINED067 [MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang f… maintainers/scripts/hydra-eval-failures…:25
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. pkgs/build-support/node/prefetch-npm-de…:73
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. maintainers/scripts/convert-to-import-c…:114
INFO MINED059 [MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message. maintainers/scripts/check-maintainer-us…:12
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… maintainers/scripts/doc/replace-xrefs-b…:13
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… maintainers/scripts/doc/escape-code-mar…:29
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… maintainers/scripts/bootstrap-files/ref…:270
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … ci/supportedBranches.js:51
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … ci/github-script/prepare.js:32
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … ci/github-script/get-teams.js:83
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… pkgs/applications/networking/browsers/c…:78
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… pkgs/applications/editors/jetbrains/upd…:141
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… ci/eval/compare/cmp-stats.py:26
Reset to top 5 200 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `NixOS/nixpkgs`

**Score: 82/100 (B+)**  ·  249 findings  ·  scanned 2026-06-06 00:06 UTC  ·  32,478 LOC

| Severity | Count |
|---|---|
| CRITICAL | 23 |
| HIGH | 67 |
| MEDIUM | 65 |
| LOW | 18 |

📊 [Full filterable report](https://repobility.com/scan/df1ef4a5-237f-47f0-ba66-b6f11e592205/)  ·  ![scorecard](https://repobility.com/scan/df1ef4a5-237f-47f0-ba66-b6f11e592205/report.png?v=1780704400-s2)

### Top findings

1. **CRITICAL** `MINED107` — Missing import: `sys` used but not imported
   `nixos/modules/system/boot/loader/refind/refind-install.py:341` · ✓ Repobility
2. **CRITICAL** `MINED107` — Missing import: `string` used but not imported
   `maintainers/scripts/remove-old-aliases.py:75` · ✓ Repobility
3. **CRITICAL** `MINED107` — Missing import: `uuid` used but not imported
   `pkgs/desktops/gnome/extensions/update-extensions.py:58` · ✓ Repobility
4. **CRITICAL** `MINED107` — Missing import: `enum` used but not imported
   `pkgs/desktops/gnome/find-latest-version.py:25` · ✓ Repobility
5. **CRITICAL** `MINED107` — Missing import: `xml` used but not imported
   `pkgs/development/tools/build-managers/gradle/compress-deps-json.py:74` · ✓ Repobility

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/df1ef4a5-237f-47f0-ba66-b6f11e592205/_
Megaproject â high spam risk
Could not determine 'NixOS/nixpkgs' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.