{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any (and 33 more): Same pattern found in 33 additional files. Review if needed.", "shortDescription": {"text": "[MINED054] Ts As Any (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 25 more): Same pattern found in 25 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n ALLOWED = {'images.example.com', 'cdn.example.com'}\n host = urlparse(url).hostname\n if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 51 more): Same pattern found in 51 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 51 more): Same pattern found in 51 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp() \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp() \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI bu"}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED122", "name": "package.json dep `openai` pulled from URL/Git", "shortDescription": {"text": "package.json dep `openai` pulled from URL/Git"}, "fullDescription": {"text": "`dependencies.openai` = `file:..` bypasses the npm registry. No integrity hash, no version locking, no registry-side scanning. If the URL or git host is compromised, every `npm install` pulls the new payload."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED113", "name": "Express POST / has no auth", "shortDescription": {"text": "Express POST / has no auth"}, "fullDescription": {"text": "Express route POST / declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.OPENAI_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/181"}, "properties": {"repository": "openai/openai-node", "repoUrl": "https://github.com/openai/openai-node", "branch": "master"}, "results": [{"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 40393, "scanner": "repobility-threat-engine", "fingerprint": "01aea81d29c14e6b16860addd04101fa1dfcb0de9515a978ad0c99da63c90830", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/internal/utils/path.ts|56|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/utils/path.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 40392, "scanner": "repobility-threat-engine", "fingerprint": "bdabb5039fe313a70ba83ba75a0a275db1562dee1c7ab269eea772c92f2351ac", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|143|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/detect-platform.ts"}, "region": {"startLine": 143}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 5243, "scanner": "repobility-threat-engine", "fingerprint": "5e4defc3ed28a4b7c82a67477fd296d2308cbf2ef233f1ff1a98269105a5cb5a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5e4defc3ed28a4b7c82a67477fd296d2308cbf2ef233f1ff1a98269105a5cb5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_vendor/partial-json-parser/parser.ts"}, "region": {"startLine": 209}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 5242, "scanner": "repobility-threat-engine", "fingerprint": "d2a775ffa7bc8bb466cc0d9aee7bb59b5d2a99b37613b24044ca6126d3dc0077", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch (err) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d2a775ffa7bc8bb466cc0d9aee7bb59b5d2a99b37613b24044ca6126d3dc0077"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/cli.ts"}, "region": {"startLine": 562}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40360, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4328f6b7816b436e260ffbe3681fbb812286f4cfe160f3e268c7187fc1bc999", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resources/admin/organization/groups/index.ts", "duplicate_line": 11, "correlation_key": "fp|f4328f6b7816b436e260ffbe3681fbb812286f4cfe160f3e268c7187fc1bc999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/admin/organization/projects/users/index.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40359, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e7fde831704fff8a99681b1eeac71196c967575cde2d64efa16d5093c61ac060", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resources/admin/organization/groups/roles.ts", "duplicate_line": 40, "correlation_key": "fp|e7fde831704fff8a99681b1eeac71196c967575cde2d64efa16d5093c61ac060"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/admin/organization/projects/groups/roles.ts"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40358, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a1c2b94db7155bd286448c271c401aef3091ceff85fccd95f51d34d4751b618", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resources/admin/organization/groups/index.ts", "duplicate_line": 10, "correlation_key": "fp|3a1c2b94db7155bd286448c271c401aef3091ceff85fccd95f51d34d4751b618"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/admin/organization/projects/groups/index.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40357, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d46227c48b34f73e7c6f4554bc83fa196ababe9e5d233aa2f397f41d801a6ed4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resources/admin/organization/groups/groups.ts", "duplicate_line": 2, "correlation_key": "fp|d46227c48b34f73e7c6f4554bc83fa196ababe9e5d233aa2f397f41d801a6ed4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/admin/organization/projects/groups/groups.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40356, "scanner": "repobility-ai-code-hygiene", "fingerprint": "506520f7ba01b68a402acca1562aa04ab26f441d50c4f247d431ea7d0b7c874e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resources/admin/organization/certificates.ts", "duplicate_line": 122, "correlation_key": "fp|506520f7ba01b68a402acca1562aa04ab26f441d50c4f247d431ea7d0b7c874e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/admin/organization/projects/certificates.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40355, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd25ac5ecf134b5b3109daca16bd1676498c895405c014062031a02b23fe17e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/resources/admin/organization/certificates.ts", "duplicate_line": 164, "correlation_key": "fp|bd25ac5ecf134b5b3109daca16bd1676498c895405c014062031a02b23fe17e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/admin/organization/organization.ts"}, "region": {"startLine": 234}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40354, "scanner": "repobility-ai-code-hygiene", "fingerprint": "86cad5073400e625277d549ae1612f619ac82ee578abc162f00ecb08a2e2d05d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/beta/realtime/websocket.ts", "duplicate_line": 61, "correlation_key": "fp|86cad5073400e625277d549ae1612f619ac82ee578abc162f00ecb08a2e2d05d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/realtime/ws.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40353, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16622e04fe86d39e0f479891a4f73d85ef49b224de74c2d19cfc392129c2f510", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/beta/realtime/ws.ts", "duplicate_line": 4, "correlation_key": "fp|16622e04fe86d39e0f479891a4f73d85ef49b224de74c2d19cfc392129c2f510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/realtime/ws.ts"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40352, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b54296a883dada21c003875ac52292833d5113c52e64ab37f0afa4de3f2b1ed", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/beta/realtime/websocket.ts", "duplicate_line": 6, "correlation_key": "fp|5b54296a883dada21c003875ac52292833d5113c52e64ab37f0afa4de3f2b1ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/realtime/websocket.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40351, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8274141d65a339e21968ccec287696735a7bf0a155ed4038ff00dc157a7ee813", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/beta/realtime/internal-base.ts", "duplicate_line": 9, "correlation_key": "fp|8274141d65a339e21968ccec287696735a7bf0a155ed4038ff00dc157a7ee813"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/realtime/internal-base.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40350, "scanner": "repobility-ai-code-hygiene", "fingerprint": "18880e0d5e21bac91b831a1cd6e82b8f6dc4f75e2f2a5cebd47ee0a279565f0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/AssistantStream.ts", "duplicate_line": 68, "correlation_key": "fp|18880e0d5e21bac91b831a1cd6e82b8f6dc4f75e2f2a5cebd47ee0a279565f0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/responses/ResponseStream.ts"}, "region": {"startLine": 246}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40349, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07527a956b6f031d7962b67388092e8ecacf450bd8ea07035ebfc2d2c850bc64", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/ResponsesParser.ts", "duplicate_line": 151, "correlation_key": "fp|07527a956b6f031d7962b67388092e8ecacf450bd8ea07035ebfc2d2c850bc64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/parser.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40348, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e87294b8fa544a47c9597a82b4319761730f0c46c925d1387581c1d30181b4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/EventEmitter.ts", "duplicate_line": 12, "correlation_key": "fp|6e87294b8fa544a47c9597a82b4319761730f0c46c925d1387581c1d30181b4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/EventStream.ts"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40347, "scanner": "repobility-ai-code-hygiene", "fingerprint": "957383a42b4c5238b02945e3516d5846552252c3de6861872bdbafc2f30f9b07", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/core/EventEmitter.ts", "duplicate_line": 1, "correlation_key": "fp|957383a42b4c5238b02945e3516d5846552252c3de6861872bdbafc2f30f9b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/EventEmitter.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40346, "scanner": "repobility-ai-code-hygiene", "fingerprint": "38968cae1d4d4616e5e37579eae6ea1db77364778c3e0673a5da8869f2ed5b70", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/lib/AssistantStream.ts", "duplicate_line": 77, "correlation_key": "fp|38968cae1d4d4616e5e37579eae6ea1db77364778c3e0673a5da8869f2ed5b70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/lib/ChatCompletionStream.ts"}, "region": {"startLine": 447}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40345, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7379437faa9859aa7ff796940211f17e4acd7d79e8450e6a19419d00f04418c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/internal/ws-adapter-browser.ts", "duplicate_line": 27, "correlation_key": "fp|7379437faa9859aa7ff796940211f17e4acd7d79e8450e6a19419d00f04418c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/ws-adapter-node.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40344, "scanner": "repobility-ai-code-hygiene", "fingerprint": "533f7a0828142f9faf4675f83bd833558c77b94ffcfcc737f26a94769f2612af", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/internal/shims.ts", "duplicate_line": 39, "correlation_key": "fp|533f7a0828142f9faf4675f83bd833558c77b94ffcfcc737f26a94769f2612af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/stream-utils.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 40343, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1dfd78b1e8540e12d59f41b15745b74d687b45730140c91e95a881194877423", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/beta/realtime/websocket.ts", "duplicate_line": 61, "correlation_key": "fp|f1dfd78b1e8540e12d59f41b15745b74d687b45730140c91e95a881194877423"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/beta/realtime/ws.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5238, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e6bbc1111720c8f22107bf377e1b519ab65e976e075ed0a0a82d346b5d96cb0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/_vendor/zod-to-json-schema/parsers/bigint.ts", "duplicate_line": 22, "correlation_key": "fp|5e6bbc1111720c8f22107bf377e1b519ab65e976e075ed0a0a82d346b5d96cb0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/_vendor/zod-to-json-schema/parsers/number.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5237, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4b8d9b1a700dbcab69dcfb2522cda6f4de859ce54f6248fae88eec1e8b319ddd", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/browser-direct-import/public/index.js", "duplicate_line": 94, "correlation_key": "fp|4b8d9b1a700dbcab69dcfb2522cda6f4de859ce54f6248fae88eec1e8b319ddd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/uploadWebApiTestCases.ts"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5236, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f75e25c484dbff6f18c2cefb8ac7e1cd01e340d4d56562fcd5dbdf819e3b60a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/cloudflare-worker/src/uploadWebApiTestCases.ts", "duplicate_line": 25, "correlation_key": "fp|1f75e25c484dbff6f18c2cefb8ac7e1cd01e340d4d56562fcd5dbdf819e3b60a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/uploadWebApiTestCases.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5235, "scanner": "repobility-ai-code-hygiene", "fingerprint": "21339a0c80bbd22d267dd876a4fa042e087d4d61f87bdf7fd33766c4508aa86a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/cloudflare-worker/src/worker.ts", "duplicate_line": 19, "correlation_key": "fp|21339a0c80bbd22d267dd876a4fa042e087d4d61f87bdf7fd33766c4508aa86a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/pages/api/node-test.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5234, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0021136b5214b7da302efd3f357b34a2baedbff721de075f6645397d33144e53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/vercel-edge/src/pages/api/edge-test.ts", "duplicate_line": 11, "correlation_key": "fp|0021136b5214b7da302efd3f357b34a2baedbff721de075f6645397d33144e53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/pages/api/node-test.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5233, "scanner": "repobility-ai-code-hygiene", "fingerprint": "193c61dbd04e481f8ca289c92334f73979a08886068e5134b0e78cc341475ab6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/cloudflare-worker/src/worker.ts", "duplicate_line": 19, "correlation_key": "fp|193c61dbd04e481f8ca289c92334f73979a08886068e5134b0e78cc341475ab6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/pages/api/edge-test.ts"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5232, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58870974c9e7c8cdffa16868236c5f84c79354a57a58a0d73d59540aa970ea67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/browser-direct-import/src/test.ts", "duplicate_line": 1, "correlation_key": "fp|58870974c9e7c8cdffa16868236c5f84c79354a57a58a0d73d59540aa970ea67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/ts-browser-webpack/src/test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5231, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9b41015b72499c269d032833317fd849d93ba82201a90714694c0afe97a4a410", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/cloudflare-worker/src/uploadWebApiTestCases.ts", "duplicate_line": 24, "correlation_key": "fp|9b41015b72499c269d032833317fd849d93ba82201a90714694c0afe97a4a410"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/ts-browser-webpack/src/index.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5230, "scanner": "repobility-ai-code-hygiene", "fingerprint": "972011ca43dc235305937e24dc3fcdb16356257b339ffa66ac7b11a24c030263", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/browser-direct-import/public/index.js", "duplicate_line": 6, "correlation_key": "fp|972011ca43dc235305937e24dc3fcdb16356257b339ffa66ac7b11a24c030263"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/ts-browser-webpack/src/index.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5229, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37921645bbda6e3c5aec4ba5fa96ee22d440ca97fa4f60adc9f0460d8dde1a5f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/browser-direct-import/public/index.js", "duplicate_line": 94, "correlation_key": "fp|37921645bbda6e3c5aec4ba5fa96ee22d440ca97fa4f60adc9f0460d8dde1a5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/deno/main_test.ts"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5228, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ceb6ab0b08ff4c7ce707a3aead9e36a1ebe336b469820268f1627614c076bd6b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/cloudflare-worker/src/uploadWebApiTestCases.ts", "duplicate_line": 26, "correlation_key": "fp|ceb6ab0b08ff4c7ce707a3aead9e36a1ebe336b469820268f1627614c076bd6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/deno/main_test.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5227, "scanner": "repobility-ai-code-hygiene", "fingerprint": "73f983c45d2962ae1f5ea2a6fa8bc9688180d508ae66fcf18519ed5526486605", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ecosystem-tests/browser-direct-import/public/index.js", "duplicate_line": 78, "correlation_key": "fp|73f983c45d2962ae1f5ea2a6fa8bc9688180d508ae66fcf18519ed5526486605"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/cloudflare-worker/src/uploadWebApiTestCases.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 40401, "scanner": "repobility-threat-engine", "fingerprint": "25093ccaec21b0e99f2846289c2943fac88f39dbc65d02aa1f9db2781390e90d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25093ccaec21b0e99f2846289c2943fac88f39dbc65d02aa1f9db2781390e90d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/index.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 40400, "scanner": "repobility-threat-engine", "fingerprint": "67ebc2f579f7381eeb053f3e7235e26320b13398b575f58467efe3b692248e4f", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|src/internal/utils/uuid.ts|9|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/utils/uuid.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 40391, "scanner": "repobility-threat-engine", "fingerprint": "bb4a3851b020977f2b6c1f7d3b42fb5ae178b3cb08786446e22f56d92133a46b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb4a3851b020977f2b6c1f7d3b42fb5ae178b3cb08786446e22f56d92133a46b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/auth/subject-token-providers.ts"}, "region": {"startLine": 146}}}]}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal: require() loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 40389, "scanner": "repobility-threat-engine", "fingerprint": "d73265843c3d39af3f3e91a25f45d83059efb345380120a8230d69c56034724e", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern '\\.json' detected on same line", "evidence": {"match": "require(process", "reason": "Safe pattern '\\.json' detected on same line", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "fp|d73265843c3d39af3f3e91a25f45d83059efb345380120a8230d69c56034724e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/utils/make-dist-package-json.cjs"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 40386, "scanner": "repobility-threat-engine", "fingerprint": "8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8202b9d89d9f38588861653fbb90fdfb2511633a4d08aa3cb2465b1174e7afd6", "aggregated_count": 10}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 40385, "scanner": "repobility-threat-engine", "fingerprint": "bbecaaeac3341b59875e0b01617508af1fa0e7bfc6ec8c3a86150a9a67d3f250", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bbecaaeac3341b59875e0b01617508af1fa0e7bfc6ec8c3a86150a9a67d3f250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/function-call-diy.ts"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 40384, "scanner": "repobility-threat-engine", "fingerprint": "f175b1f07bac718140593a0715be54300bacea95277f09cdc973924358100809", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f175b1f07bac718140593a0715be54300bacea95277f09cdc973924358100809"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "examples/azure/chat.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 40383, "scanner": "repobility-threat-engine", "fingerprint": "8850b0b859ad9657993ae0488e9c70cf36b10f1c5560ce842c566535858dd027", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8850b0b859ad9657993ae0488e9c70cf36b10f1c5560ce842c566535858dd027"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/proxy.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 33 more): Same pattern found in 33 additional files. Review if needed."}, "properties": {"repobilityId": 40382, "scanner": "repobility-threat-engine", "fingerprint": "0588ac171fb6a33b02e5368a947167460b0cd85739fe16d01c4f585320ac183f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 33 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0588ac171fb6a33b02e5368a947167460b0cd85739fe16d01c4f585320ac183f", "aggregated_count": 33}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 40381, "scanner": "repobility-threat-engine", "fingerprint": "9f1739d84bbdc0f0eee4eaf1ef07bcd326e688815d1466dafe7194e6a77eef73", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9f1739d84bbdc0f0eee4eaf1ef07bcd326e688815d1466dafe7194e6a77eef73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/pages/api/node-test.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 40380, "scanner": "repobility-threat-engine", "fingerprint": "f6cb8001cb2fae234c6e74edc1b7b45fa49cbef122edf3c87ed0e19cd0e3d550", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f6cb8001cb2fae234c6e74edc1b7b45fa49cbef122edf3c87ed0e19cd0e3d550"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/pages/api/edge-test.ts"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 40379, "scanner": "repobility-threat-engine", "fingerprint": "60941136854dfbb7fcdcabf4ccbfad305fb1068dc22622cd40487e98520fbc1a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|60941136854dfbb7fcdcabf4ccbfad305fb1068dc22622cd40487e98520fbc1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/cloudflare-worker/src/worker.ts"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 25 more): Same pattern found in 25 additional files. Review if needed."}, "properties": {"repobilityId": 40378, "scanner": "repobility-threat-engine", "fingerprint": "ddb605446dfa9c868be0f688b304c0be3e46ba5fd733742cdad1f67f5b18aa6d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 25 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ddb605446dfa9c868be0f688b304c0be3e46ba5fd733742cdad1f67f5b18aa6d", "aggregated_count": 25}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 40377, "scanner": "repobility-threat-engine", "fingerprint": "7e4c2548f601368c29994c3ff65cf1c2afe690c4261ab1377de8272739def64f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7e4c2548f601368c29994c3ff65cf1c2afe690c4261ab1377de8272739def64f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/vercel-edge/src/pages/api/edge-test.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 40376, "scanner": "repobility-threat-engine", "fingerprint": "a5f950645fa80a8d7296d000db854d34f81b9e2363b2189027283b1fe0a6710a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a5f950645fa80a8d7296d000db854d34f81b9e2363b2189027283b1fe0a6710a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/ts-browser-webpack/src/index.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 40375, "scanner": "repobility-threat-engine", "fingerprint": "e788e38adb1061c6b398f1ff96b48aa67c4759775d28a08a25c2aa309ca09af0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e788e38adb1061c6b398f1ff96b48aa67c4759775d28a08a25c2aa309ca09af0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/cloudflare-worker/src/worker.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 40374, "scanner": "repobility-threat-engine", "fingerprint": "ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ca5810ac6a2691831acbb4a51605672ba83c57f5592204a59181f6375036bfee"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 51 more): Same pattern found in 51 additional files. Review if needed."}, "properties": {"repobilityId": 40370, "scanner": "repobility-threat-engine", "fingerprint": "5b4d13599b67520623f53cc8ad0570a4b45afcc8cf10e199db09c6ed37716d2d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 51 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5b4d13599b67520623f53cc8ad0570a4b45afcc8cf10e199db09c6ed37716d2d", "aggregated_count": 51}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 40369, "scanner": "repobility-threat-engine", "fingerprint": "ff9d5e3053ccb17e85f613cd084f511e2787338f143c7db416073e8811df382c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ff9d5e3053ccb17e85f613cd084f511e2787338f143c7db416073e8811df382c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/cloudflare-worker/src/worker.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 40368, "scanner": "repobility-threat-engine", "fingerprint": "011c5be73305ec0dff8b1b10c1239188008d151207ea675039f7d9c83fb4cff3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|011c5be73305ec0dff8b1b10c1239188008d151207ea675039f7d9c83fb4cff3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/browser-direct-import/src/test.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 40367, "scanner": "repobility-threat-engine", "fingerprint": "4b540498f81677731b05ad80a5e76da8590ce2db8fd5b9900cc9403c25301021", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4b540498f81677731b05ad80a5e76da8590ce2db8fd5b9900cc9403c25301021"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecosystem-tests/browser-direct-import/public/index.js"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5241, "scanner": "repobility-threat-engine", "fingerprint": "342825f9b6995cd6ffab26a78852d09533e5309f3a1ff227bcc190ac4a391dd6", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|439|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/responses/ws-base.ts"}, "region": {"startLine": 439}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5240, "scanner": "repobility-threat-engine", "fingerprint": "8efc40bc583aeb9ec57f1f364eccacf5231f557185b74ca77ab61758231267d0", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'crypto' detected on same line", "evidence": {"match": "Math.random()", "reason": "Safe pattern 'crypto' detected on same line", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|src/internal/utils/uuid.ts|13|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/internal/utils/uuid.ts"}, "region": {"startLine": 13}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5239, "scanner": "repobility-threat-engine", "fingerprint": "72e02d5d440b212e8d0cde37916fbc91044d2279802b41b56bfd651dfbd46be3", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/client.ts|723|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/client.ts"}, "region": {"startLine": 723}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 40402, "scanner": "repobility-threat-engine", "fingerprint": "dc9b57b4e3254507b5bc6cd988aaf499679be014e78ce97a81a26d9a103fde06", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc9b57b4e3254507b5bc6cd988aaf499679be014e78ce97a81a26d9a103fde06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/resources/uploads/uploads.ts"}, "region": {"startLine": 198}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any