Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
132 of your 225 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.
Upstream (GitHub) caused delay on this scan — not Repobility.
  • GitHub API rate-limited (HTTP 403) — preflight skipped, fell back to direct git clone.
  • Clone from GitHub took 88.86s for a 74.4 MB repo slow.
  • Repobility's analysis ran in 3.93s after the clone landed.

fineanmol/Hacktoberfest2025

https://github.com/fineanmol/Hacktoberfest2025 · scanned 2026-06-05 14:12 UTC (5 days, 4 hours ago) · 10 languages

558 raw signals (202 security + 356 graph) 11/13 scanners ran 0th percentile · Cpp · medium (20-100K LoC) System graph score 56 (higher by 2)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 4 hours ago · v2 · 234 actionable findings from 2 signal sources. 146 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
60.8
/100
Security checks
66
84 findings
System graph
56
88.9% cov · 150 findings
Critical
7
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 40.0 0.15 6.00
security_score 100.0 0.25 25.00
testing_score 15.0 0.20 3.00
documentation_score 60.0 0.15 9.00
practices_score 59.0 0.15 8.85
code_quality 60.0 0.10 6.00
Overall 1.00 57.9
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 7 High 43 Medium 20 Low 129 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 84 System graph 150 Crowd 0 Layer: Quality 65 Security 20 Software 106 Cicd 2 Frontend 26 Data 1 Api 14
Scan summary Quality grade C (58/100). Dimensions: security 100, maintainability 40. 202 findings (42 security). 39,353 lines analyzed.

Showing 199 of 234 actionable findings. 380 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks quality Quality conf 1.00 ✓ Repobility [MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.
Review and fix per the pattern semantics. See CWE-95 / for context.
Program's_Contributed_By_Contributors/JS_calculator/script.js:19
critical Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED030] Python Pickle Loads: pickle.loads() can execute arbitrary code via __reduce__.
Review and fix per the pattern semantics. See CWE-502 / for context.
3 files, 3 locations
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_GUI.py:19
Program's_Contributed_By_Contributors/Library Database Management System/abc.py:16
face recognition.py:40
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes.
Add `import queue` at the top of the file.
breadh.py:26
critical Security checks quality Quality conf 1.00 3 occurrences [SEC081] Python: pickle.loads / marshal.loads on untrusted data: pickle.load(s) and marshal.load(s) execute arbitrary code on untrusted input. Ported from dlint DUO103 / DUO120 (BSD-3).
Use json, msgpack, or protobuf for untrusted data. If pickle is required, sign the payload with HMAC.
3 files, 3 locations
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_GUI.py:19
Program's_Contributed_By_Contributors/Library Database Management System/abc.py:16
face recognition.py:40
critical System graph security Secrets conf 1.00 Possible secret in P22_23_24_25Mar.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
P22_23_24_25Mar.py:9
critical System graph security Secrets conf 1.00 Possible secret in Program's_Contributed_By_Contributors/Library Database Management System/Class.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
Program's_Contributed_By_Contributors/Library Database Management System/Class.py:70
critical System graph security Secrets conf 1.00 Possible secret in Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:70
critical System graph security Secrets conf 1.00 Possible secret in Program's_Contributed_By_Contributors/Python_Programs/pdf_password_remover.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
Program's_Contributed_By_Contributors/Python_Programs/pdf_password_remover.py:15
high Security checks quality Quality conf 1.00 ✓ Repobility [MINED017] C System Call: system() invokes shell. command injection if any arg is dynamic.
Review and fix per the pattern semantics. See CWE-78 / for context.
Program's_Contributed_By_Contributors/C++ Programs/LoginSystem.cpp:39
high Security checks quality Quality conf 1.00 ✓ Repobility 25 occurrences [MINED108] `self.m_h_g_p` used but never assigned in __init__: Method `total` of class `Bill_App` reads `self.m_h_g_p`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
Initialize `self.m_h_g_p = <default>` in __init__, or add a class-level default.
2 files, 25 locations
brick_game.py:31, 32, 39, 42, 77, 78, 103, 105, +12 more (24 hits)
billing_system.py:241
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED113] Express POST / has no auth: Express route POST / declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.
Add an auth middleware: app.post('/', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.
Program's_Contributed_By_Contributors/Newsletter-Signup/app.js:25
high Security checks quality Quality conf 0.80 ✓ Repobility [MINED113] Express POST /failure has no auth: Express route POST /failure declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes are OWASP A01:2021 broken access control.
Add an auth middleware: app.post('/failure', requireAuth, handler) — or mount the router under app.use('/api', authMiddleware) and ensure the path is covered. If truly public, mark with a comment.
Program's_Contributed_By_Contributors/Newsletter-Signup/app.js:71
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `bubble.exe` committed in source repo: `bubble.exe` is a .exe binary (79,869 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
bubble.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `counting.exe` committed in source repo: `counting.exe` is a .exe binary (77,724 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
counting.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Flask/url_shortner/__pycache__/app.cpython-310.pyc` committed in source repo: `Flask/url_shortner/__pycache__/app.cpython-310.pyc` is a .pyc binary (2,118 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Flask/url_shortner/__pycache__/app.cpython-310.pyc:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `HeapMemory.exe` committed in source repo: `HeapMemory.exe` is a .exe binary (52,857 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
HeapMemory.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `insertion.exe` committed in source repo: `insertion.exe` is a .exe binary (79,142 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
insertion.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `merge.exe` committed in source repo: `merge.exe` is a .exe binary (79,705 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
merge.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/C++/BFS.exe` committed in source repo: `Program's_Contributed_By_Contributors/C++/BFS.exe` is a .exe binary (132,758 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/C++/BFS.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/C++/DoubleyLinkedList.exe` committed in source repo: `Program's_Contributed_By_Contributors/C++/DoubleyLinkedList.exe` is a .exe binary (127,671 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/C++/DoubleyLinkedList.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/C++/peak_index_in_a_mountain_array.exe` committed in source repo: `Program's_Contributed_By_Contributors/C++/peak_index_in_a_mountain_array.exe` is a .exe binary (45,341 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/C++/peak_index_in_a_mountain_array.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/Josephus.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/Josephus.class` is a .class binary (860 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/Josephus.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/LinkedListSample.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/LinkedListSample.class` is a .class binary (424 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/LinkedListSample.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/Misc/Math.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/Misc/Math.class` is a .class binary (2,361 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/Misc/Math.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/Misc/Palinedrome.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/Misc/Palinedrome.class` is a .class binary (1,460 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/Misc/Palinedrome.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/NQueens.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/NQueens.class` is a .class binary (1,832 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/NQueens.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/pascals_triangle.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/pascals_triangle.class` is a .class binary (1,237 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/pascals_triangle.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Java_Programs/Prime_Number_In_given.class` committed in source repo: `Program's_Contributed_By_Contributors/Java_Programs/Prime_Number_In_given.class` is a .class binary (500 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Java_Programs/Prime_Number_In_given.class:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMS.cpython-37.pyc` committed in source repo: `Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMS.cpython-37.pyc` is a .pyc binary (6,657 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets exec
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMS.cpython-37.pyc:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMSlibrary_CSV.cpython-37.pyc` committed in source repo: `Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMSlibrary_CSV.cpython-37.pyc` is a .pyc binary (12,838 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMSlibrary_CSV.cpython-37.pyc:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMSlibrary_CSV.cpython-38.pyc` committed in source repo: `Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMSlibrary_CSV.cpython-38.pyc` is a .pyc binary (11,817 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Library Database Management System/__pycache__/DBMSlibrary_CSV.cpython-38.pyc:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.pyc` committed in source repo: `Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.pyc` is a .pyc binary (15,772 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.pyc:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `quick.exe` committed in source repo: `quick.exe` is a .exe binary (80,383 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
quick.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `radix.exe` committed in source repo: `radix.exe` is a .exe binary (47,319 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
radix.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `reverse_array.exe` committed in source repo: `reverse_array.exe` is a .exe binary (49,171 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
reverse_array.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `selection.exe` committed in source repo: `selection.exe` is a .exe binary (79,869 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
selection.exe:1
high Security checks software dependencies conf 0.90 ✓ Repobility [MINED134] Binary file `shell.exe` committed in source repo: `shell.exe` is a .exe binary (80,220 bytes) committed to a repo that otherwise has 473 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts.
Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source.
shell.exe:1
high Security checks security path traversal conf 0.80 3 occurrences [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files.
Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads.
3 files, 3 locations
Program's_Contributed_By_Contributors/C++/Dijkstra Algorithm.cpp:43
Program's_Contributed_By_Contributors/Python_Programs/pdf_password_remover.py:15
Program's_Contributed_By_Contributors/Python_Programs/remove_bg.py:5
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 16 occurrences GitHub Action is tag-pinned rather than SHA-pinned
[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commi…
4 files, 16 locations
.github/workflows/pages.yml:26, 29, 32, 38 (8 hits)
.github/workflows/auto-comment.yml:19, 71 (4 hits)
.github/workflows/pr-automation.yml:17 (2 hits)
.github/workflows/validate-site.yml:16 (2 hits)
CI/CD securitySupply chainGitHub Actions
high System graph api Wiring conf 1.00 Dangling fetch: GET https://meme-api.herokuapp.com/gimme (meme extension/sp.js:4)
`meme extension/sp.js:4` calls `GET https://meme-api.herokuapp.com/gimme` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/meme-api.herokuapp.com/gimme` If this points at an external API, prefix it with `https:…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST http://api.qrserver.com/v1/read-qr-code/ (QR code Scanner/script.js:10)
`QR code Scanner/script.js:10` calls `POST http://api.qrserver.com/v1/read-qr-code/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/api.qrserver.com/v1/read-qr-code` If this points at an external API, prefix i…
Dangling fetchFetch
high System graph security auth conf 1.00 Flask mutation route `add_transaction` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5001.py:176
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5001.py:176 securityAuth flask unauth route
high System graph security auth conf 1.00 Flask mutation route `add_transaction` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5002.py:176
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5002.py:176 securityAuth flask unauth route
high System graph security auth conf 1.00 Flask mutation route `add_transaction` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5003.py:176
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5003.py:176 securityAuth flask unauth route
high System graph security auth conf 1.00 Flask mutation route `connect_node` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5001.py:186
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5001.py:186 securityAuth flask unauth route
high System graph security auth conf 1.00 Flask mutation route `connect_node` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5002.py:186
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5002.py:186 securityAuth flask unauth route
high System graph security auth conf 1.00 Flask mutation route `connect_node` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5003.py:186
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5003.py:186 securityAuth flask unauth route
high System graph security auth conf 1.00 Flask mutation route `connect_node` without `@login_required` — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py:209
Flask route declares POST/PUT/DELETE/PATCH methods without an auth decorator. Add `@login_required` (Flask-Login) or equivalent.
Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py:209 securityAuth flask unauth route
high System graph security security conf 1.00 Insecure pattern 'eval_used' in calculator.py:21
Found a known-risky pattern (eval_used). Review and replace if possible.
calculator.py:21 Eval used
high System graph security security conf 1.00 Insecure pattern 'eval_used' in Program's_Contributed_By_Contributors/JS_calculator/script.js:19
Found a known-risky pattern (eval_used). Review and replace if possible.
Program's_Contributed_By_Contributors/JS_calculator/script.js:19 Eval used
medium Security checks quality Practices conf 1.00 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.
Add a .gitignore appropriate for your language/framework.
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
Program's_Contributed_By_Contributors/Python_Programs/Resizable_Array.py:127
low Security checks quality Error handling conf 1.00 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_GUI.py:86
low Security checks security Deserialization conf 1.00 3 occurrences [SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data.
3 files, 3 locations
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_GUI.py:19
Program's_Contributed_By_Contributors/Library Database Management System/abc.py:16
face recognition.py:40
medium Security checks quality Quality conf 1.00 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0).
Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser).
Program's_Contributed_By_Contributors/JavaScript_Programs/create-promise.js:1
low Security checks quality Quality conf 1.00 [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.
Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.
scripts/main.js:28
low Security checks quality Error handling conf 0.55 ✓ Repobility 20 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
7 files, 20 locations
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.py:38, 52, 105, 330, 477 (5 hits)
Program's_Contributed_By_Contributors/Library Database Management System/Class.py:320, 418, 470, 606 (4 hits)
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:320, 418, 470, 606 (4 hits)
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary.py:19, 33, 308, 442 (4 hits)
Customized-Movie-Recommendation-System--main/Customized Movie Recommendation System.py:135
Program's_Contributed_By_Contributors/Python_Programs/morse_translator.py:19
face recognition.py:96
Error handlingquality
medium Security checks quality Quality conf 0.76 2 occurrences Compliance or security claim is near a placeholder link
Link trust claims to current evidence, downgrade unverifiable wording, and replace placeholder footer/legal/security links with real destinations.
lines 88, 97
SSK.html:88, 97 (2 hits)
medium Security checks quality Quality conf 0.70 Public web app has no Content Security Policy
Add a Content-Security-Policy header through the web framework or hosting config. For static apps, add a CSP meta tag that restricts default-src, script-src, connect-src, img-src, and frame-ancestors.
index.html
medium Security checks quality Quality conf 0.78 Public web service has no security.txt
Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored.
.well-known/security.txt
medium Security checks quality Quality conf 0.78 Suspicious implementation file appears unreferenced
Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes.
Shallow_Copy.cpp:1
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Program's_Contributed_By_Contributors/Weather-App/script.js:4
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — QR code Scanner/script.js:10
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph cicd CI/CD security conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/pages.yml CI/CD securitySupply chainGithub actions
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5001.py:117
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5002.py:117
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5003.py:117
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py:137
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/iss_tracker.py:11
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/quizapp.py:6
`requests.get(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Program's_Contributed_By_Contributors/Python_Programs/wifipasswordextractor.py:6
`subprocess.check_output(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — wifipasswordextractor.py:5
`subprocess.check_output(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph security Coverage conf 1.00 No auth library detected
The scanner did not find any standard auth library (JWT, OAuth, NextAuth, Auth0, etc.). Either auth lives in custom code, in a separate service, or is missing.
auth
medium System graph data Coverage conf 1.00 ORM models found but no DB engine detected
The repo defines tables/models but no DB connection string was found. Likely lives in env vars or a config file the scanner didn't read.
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
3 test file(s) for 205 source file(s) (ratio 0.01). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks software Race condition conf 1.00 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason.
Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`.
Snake_game-master/Snake_game-master/snakegame.py:85
low Security checks quality Quality conf 0.60 30 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 15 locations
Program's_Contributed_By_Contributors/C++ Programs/linkedlist/removefromend.cpp:1, 15 (2 hits)
Program's_Contributed_By_Contributors/C++ Programs/linkedlist/reverselist.cpp:19, 24 (2 hits)
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.py:26, 46 (2 hits)
Program's_Contributed_By_Contributors/C++ Programs/Array/LinearSearch.cpp:8
Program's_Contributed_By_Contributors/C++ Programs/Income_Cal.cpp:1
Program's_Contributed_By_Contributors/C++ Programs/MiddleLinkedList.cpp:1
Program's_Contributed_By_Contributors/C++ Programs/Sorting/bubblesort.cpp:15
Program's_Contributed_By_Contributors/C++ Programs/linkedlist/intersectlist.cpp:1
duplicationquality
low Security checks quality Quality conf 0.64 Public docs site has no llms.txt
Add llms.txt with the product summary, canonical docs, API endpoints, security guidance, and preferred CLI workflow for AI agents.
llms.txt
low Security checks quality Quality conf 0.50 Public web app has no humans.txt
Add humans.txt with team ownership, contact URL, key documentation links, and the last-updated date.
humans.txt
low Security checks quality Quality conf 0.74 Public web app has no robots.txt
Add robots.txt at the web root or a framework-native robots route. Include an explicit Sitemap directive and disallow only private paths.
robots.txt
low Security checks quality Quality conf 0.72 Public web app has no sitemap
Add sitemap.xml, a sitemap index, or a framework-native sitemap route and reference it from robots.txt.
sitemap.xml
high Security checks quality Quality conf 0.62 Source file name looks like an AI patch artifact
Rename it to the domain concept it implements or merge it into the existing module it was meant to change.
Shallow_Copy.cpp:1
low System graph software Dead code candidate conf 1.00 File has no detected symbols: face recognition.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Flask/url_shortner/init_db.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Gpattern.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: number-guessing.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: P22_23_24_25Mar.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day1.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day10.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day11.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day12.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day13.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day14.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day15.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day16.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day17.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day18.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day19.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day2.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day20_1.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day20_2.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day3.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day4.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day5.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day6.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day7.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day8.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: PatternChalange(PYTHON)/day9.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/checkPrime.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/HTML Designs/Blog Template/assets/js/clean-blog.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/HTML Designs/Drag and Drop UI/js/main.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Library Database Management System/abc.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Python_Programs/guess.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Python_Programs/handwritten_character.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Python_Programs/LongestPalindromicSubstring.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Python_Programs/palindrome.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Python_Programs/remove_bg.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Python_Programs/Tables.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/any.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/enums.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/generics.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/interface.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/type_conversion_using_unknown_as.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/types_and_unions.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Typescript/unknown_type.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Program's_Contributed_By_Contributors/Weather-App/script.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: rock_it.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: rockpapergame.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: selection_sort.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: time_conversion.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Web_Automation.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: wifipasswordextractor.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 19 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: brick_game.py:move, brick_game.py:move This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
19 occurrences
repo-level (19 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.py:info, Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.py:info2, Program's_Contributed_By_Contributors/Library Database…
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `img_copy` in Program's_Contributed_By_Contributors/Python_Programs/handwritten_character.py:156
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: addEdgetoGraph
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
breadh.py:12
low System graph software Dead code conf 1.00 Possibly dead Python function: adding
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:265
low System graph software Dead code conf 1.00 Possibly dead Python function: appy
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
music_downloader.py:64
low System graph software Dead code conf 1.00 Possibly dead Python function: authorise
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:40
low System graph software Dead code conf 1.00 Possibly dead Python function: b_h
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
music_downloader.py:35
low System graph software Dead code conf 1.00 Possibly dead Python function: BFSearch
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
breadh.py:16
low System graph software Dead code conf 1.00 Possibly dead Python function: bill_area
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
billing_system.py:288
low System graph software Dead code conf 1.00 Possibly dead Python function: clear_data
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
billing_system.py:371
low System graph software Dead code conf 1.00 Possibly dead Python function: csvtolst
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_CSV.py:11
low System graph software Dead code conf 1.00 Possibly dead Python function: deletingall
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:726
low System graph software Dead code conf 1.00 Possibly dead Python function: en
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
music_downloader.py:50
low System graph software Dead code conf 1.00 Possibly dead Python function: exit_app
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
billing_system.py:413
low System graph software Dead code conf 1.00 3 occurrences Possibly dead Python function: exitout
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
3 files, 3 locations
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:112
Program's_Contributed_By_Contributors/Library Database Management System/GUI_Lib.py:22
Program's_Contributed_By_Contributors/Library Database Management System/GUI_Main.py:21
low System graph software Dead code conf 1.00 Possibly dead Python function: find_bill
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
billing_system.py:358
low System graph software Dead code conf 1.00 Possibly dead Python function: give
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/DBMSlibrary_GUI.py:95
low System graph software Dead code conf 1.00 Possibly dead Python function: hide
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:52
low System graph software Dead code conf 1.00 Possibly dead Python function: logout
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:188
low System graph software Dead code conf 1.00 Possibly dead Python function: opencsv
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:121
low System graph software Dead code conf 1.00 Possibly dead Python function: party
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
music_downloader.py:71
low System graph software Dead code conf 1.00 Possibly dead Python function: printt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/GUI_Lib.py:29
low System graph software Dead code conf 1.00 Possibly dead Python function: printt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:332
low System graph software Dead code conf 1.00 Possibly dead Python function: solveQueries
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
queries on matrix.py:2
low System graph software Dead code conf 1.00 Possibly dead Python function: total
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
billing_system.py:240
low System graph software Dead code conf 1.00 Possibly dead Python function: travel
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
music_downloader.py:27
low System graph software Dead code conf 1.00 Possibly dead Python function: updateahead
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:446
low System graph software Dead code conf 1.00 Possibly dead Python function: updating
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:428
low System graph software Dead code conf 1.00 Possibly dead Python function: updatt
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Program's_Contributed_By_Contributors/Library Database Management System/Class_for_Windows.py:597
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — meme extension/sp.js:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/AvatarGeneratorGame/avatar.js:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/checkPalindrome.js:33
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/checkPrime.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/connect_four/script.js:4
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Implementation_of_DS/Javascript/BinaryHeap.js:144
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Implementation_of_DS/Javascript/DoubleLinkedList.js:144
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Implementation_of_DS/Javascript/SinglyLinkedList.js:124
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/JavaScript_Programs/FizzBuzz.js:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/JavaScript_Programs/iceCreamApp/app.js:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/JavaScript_Programs/iceCreamApp/utils/stall.js:30
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/JavaScript_Programs/oddeven.js:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/JavaScript_Programs/singly-linked-list.js:78
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Newsletter-Signup/app.js:29
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/any.ts:2
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/classes.ts:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/enums.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/function.ts:5
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/generics.ts:30
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/interface.ts:22
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/never_type.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/unknown_type.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Typescript/void_type.ts:2
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Program's_Contributed_By_Contributors/Weather-App/script.js:27
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — TTT hacktberfest/web.js:135
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph api Wiring conf 1.00 Unused endpoint: ANY /
`Flask/url_shortner/app.py` declares `ANY /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /<id>
`Flask/url_shortner/app.py` declares `ANY /<id>` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /add_transaction
`Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_5002.py` declares `ANY /add_transaction` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /connect_node
`Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py` declares `ANY /connect_node` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /get_chain
`Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py` declares `ANY /get_chain` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — c…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /is_valid
`Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py` declares `ANY /is_valid` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — co…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /mine_block
`Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py` declares `ANY /mine_block` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /replace_chain
`Program's_Contributed_By_Contributors/Python_Programs/Blockchain implementation/blockchain_main.py` declares `ANY /replace_chain` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: ANY /stats
`Flask/url_shortner/app.py` declares `ANY /stats` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /
`Program's_Contributed_By_Contributors/Newsletter-Signup/app.js` declares `GET /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes …
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /
`Program's_Contributed_By_Contributors/Newsletter-Signup/app.js` declares `POST /` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: POST /failure
`Program's_Contributed_By_Contributors/Newsletter-Signup/app.js` declares `POST /failure` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who c…
Unused endpoint
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/ed72e4d9-9637-4141-b743-4e459789d6e9/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/ed72e4d9-9637-4141-b743-4e459789d6e9/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.