Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
12 of your 24 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 7.77s · analysis 14.69s · 19.1 MB · GitHub API rate-limit (preflight)

tldr-pages/tldr

https://github.com/tldr-pages/tldr · scanned 2026-06-05 09:26 UTC (5 days, 17 hours ago) · 10 languages

56 raw signals (22 security + 34 graph) 100th percentile · Unknown · System graph score 90 (lower by 11)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 17 hours ago · v2 · 33 actionable findings from 2 signal sources. 6 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
82.4
/100
Security checks
75
18 findings
System graph
90
66.7% cov · 15 findings
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 50.0 0.15 7.50
security_score 95.0 0.25 23.75
testing_score 70.0 0.20 14.00
documentation_score 74.6 0.15 11.19
practices_score 99.0 0.15 14.85
code_quality 77.4 0.10 7.74
Overall 1.00 79.0
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 0 High 3 Medium 3 Low 14 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 18 System graph 15 Crowd 0 Layer: Quality 17 Software 10 Security 1 Api 1 Frontend 2 Cicd 2
Scan summary Quality grade B+ (79/100). Dimensions: security 95, maintainability 50. 22 findings (3 security).

Showing 20 of 33 actionable findings. 39 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Security checks quality Quality conf 1.00 ✓ Repobility `self.value` used but never assigned in __init__
Method `__str__` of class `Colors` reads `self.value`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
scripts/_common.py:23
high Security checks quality Quality conf 1.00 ✓ Repobility Phantom test coverage: test_get_target_paths
Test function `test_get_target_paths` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
scripts/_common.py:216
high Security checks quality Quality conf 1.00 ✓ Repobility Phantom test coverage: test_stage
Test function `test_stage` runs code but contains no assert / expect / should call — it passes regardless of behaviour. Adds line coverage without verifying anything.
scripts/_common.py:436
low Security checks quality Error handling conf 0.55 ✓ Repobility Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
scripts/wrong-filename.py:66 Error handlingquality
medium Security checks software dependencies conf 0.90 ✓ Repobility 2 occurrences requirements.txt: `markdown` has no version pin
Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins.
lines 1, 2
scripts/pdf/requirements.txt:1, 2 (2 hits)
medium System graph cicd CI/CD security conf 1.00 3 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
3 files, 3 locations
.github/workflows/ci.yml
.github/workflows/copy-release-assets.yml
.github/workflows/sync.yml
CI/CD securitySupply chainGithub actions
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
0 test file(s) for 10 source file(s) (ratio 0.00). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks quality Quality conf 0.60 4 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
3 files, 4 locations
scripts/set-see-also.py:36, 117 (2 hits)
scripts/set-more-info-link.py:36
scripts/set-page-title.py:142
duplicationquality
low Security checks quality Quality conf 0.74 robots.txt does not advertise a sitemap
Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly.
pages/common/bing-rewards.md
low System graph cicd CI/CD security conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json CI/CD securitySupply chainNpm
low System graph software Dead code conf 1.00 Possibly dead Python function: test_create_argument_parser
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:400
low System graph software Dead code conf 1.00 Possibly dead Python function: test_create_colored_line
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:342
low System graph software Dead code conf 1.00 Possibly dead Python function: test_get_locale
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:263
low System graph software Dead code conf 1.00 Possibly dead Python function: test_get_pages_dirs
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:156
low System graph software Dead code conf 1.00 Possibly dead Python function: test_get_status
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:300
low System graph software Dead code conf 1.00 Possibly dead Python function: test_get_target_paths
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:216
low System graph software Dead code conf 1.00 Possibly dead Python function: test_get_tldr_root
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:67
low System graph software Dead code conf 1.00 Possibly dead Python function: test_ignore_files
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/set-alias-page.py:110
low System graph software Dead code conf 1.00 Possibly dead Python function: test_ignore_files
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/_common.py:33
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — scripts/build-index.js:72
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/e74770eb-c2a9-42b2-b373-da9a8ca89044/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/e74770eb-c2a9-42b2-b373-da9a8ca89044/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.