← Back to scan
File as GitHub Issue repo: violettoolssite/CFspider

Push this scan report to violettoolssite/CFspider

Click the green button below to open GitHub’s new-issue form, pre-filled with the report title, summary table, top findings, and an embedded score-card image. No authentication needed — you review on GitHub before submitting. Repobility is credited as the scanner.

Embedded score card image

This image will render at the top of the issue body. Hosted on Repobility, refreshes automatically after re-scans.

Repobility score card

Issue title

JS: new RegExp() with non-literal

Curate findings to include

Pick exactly which findings appear in the issue body. By default the top 5 are included. Uncheck noise, check what matters.

Top 5 (default)
Severity Rule Title File:line
CRIT MINED007 [MINED007] Sql String Concat: cursor.execute(f"... {user_input} ...") — SQL injection. cfspider/export.py:324
CRIT MINED107 Missing import: `html` used but not imported x27cn/x27cn/minify.py:270
CRIT generic-api-key Detected a Generic API Key, potentially exposing access to various services and sensitive… cfspider_obfuscate.js:14
HIGH SEC085 [SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived in… x27cn/x27cn/obfuscate.py:43
HIGH SEC083 [SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) — variable input can c… obfuscate.js:267
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). x27cn/x27cn/__init__.py:66
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). workers/破皮版workers_超明文.js:21
HIGH MINED004 [MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums). cfspider/workers/破皮版workers_超明文.js:21
HIGH MINED006 [MINED006] Overcatch Baseexception: except BaseException: ... — prevents Ctrl+C and Syste… cfspider/proxy_server.py:223
HIGH MINED001 [MINED001] Bare Except Pass: except: pass or except Exception: pass — silently swallows e… cfspider/proxy_server.py:258
HIGH SEC128 [SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call … cfspider/export.py:240
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cfspider/workers/破皮版workers_超明文.js:68
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cfspider/data/io.py:69
HIGH SEC029 [SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTT… cfspider-browser/src/services/rules.ts:30
HIGH SEC100 [SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` orig… workers/破皮版workers_超明文.js:167
HIGH SEC100 [SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` orig… cfspider/workers/破皮版workers_超明文.js:167
HIGH SEC100 [SEC100] CORS permissive Access-Control-Allow-Origin: *: Permissive CORS policy (`*` orig… add_encryption.js:30
HIGH MINED108 `self.close` used but never assigned in __init__ cfspider/stealth.py:490
HIGH MINED108 `self._make_request` used but never assigned in __init__ cfspider/stealth.py:453
HIGH MINED108 `self._make_request` used but never assigned in __init__ cfspider/stealth.py:450
HIGH MINED108 `self._make_request` used but never assigned in __init__ cfspider/stealth.py:447
HIGH MINED108 `self._make_request` used but never assigned in __init__ cfspider/stealth.py:444
HIGH MINED108 `self._make_request` used but never assigned in __init__ cfspider/stealth.py:441
HIGH MINED108 `self._apply_delay` used but never assigned in __init__ cfspider/stealth.py:397
HIGH MINED108 `self._ensure_browser` used but never assigned in __init__ cfspider/stealth.py:396
HIGH MINED108 `self._resolve_proxy` used but never assigned in __init__ cfspider/stealth.py:370
HIGH MINED108 `self.status_code` used but never assigned in __init__ cfspider/stealth.py:129
HIGH MINED108 `self.url` used but never assigned in __init__ cfspider/stealth.py:126
HIGH MINED108 `self.status_code` used but never assigned in __init__ cfspider/stealth.py:126
HIGH MINED108 `self.text` used but never assigned in __init__ cfspider/stealth.py:122
HIGH MINED108 `self._recv_ws_frame_safe` used but never assigned in __init__ cfspider/vless_client.py:554
HIGH MINED108 `self._relay_response` used but never assigned in __init__ cfspider/vless_client.py:521
HIGH MINED108 `self._relay_bidirectional` used but never assigned in __init__ cfspider/vless_client.py:443
HIGH MINED108 `self._handle_http` used but never assigned in __init__ cfspider/vless_client.py:390
HIGH MINED108 `self._handle_connect` used but never assigned in __init__ cfspider/vless_client.py:386
HIGH MINED108 `self._handle_client` used but never assigned in __init__ cfspider/vless_client.py:343
HIGH MINED108 `self._serve` used but never assigned in __init__ cfspider/vless_client.py:329
HIGH MINED108 `self._create_vless_header` used but never assigned in __init__ cfspider/vless_client.py:192
HIGH MINED108 `self._websocket_handshake` used but never assigned in __init__ cfspider/vless_client.py:189
HIGH MINED108 `self._handle_client` used but never assigned in __init__ cfspider/proxy_server.py:216
HIGH MINED108 `self.stop` used but never assigned in __init__ cfspider/proxy_server.py:226
HIGH MINED108 `self._ensure_vless_proxy` used but never assigned in __init__ cfspider/proxy_server.py:188
HIGH COMP001 [COMP001] High cognitive complexity: Function `_read_urls` has cognitive complexity 40 (S… cfspider/data/io.py:254
HIGH MINED115 Action `actions/checkout` pinned to mutable ref `@v4` .github/workflows/update-vless-configs.…:15
HIGH MINED115 Action `softprops/action-gh-release` pinned to mutable ref `@v1` .github/workflows/build-browser.yml:150
HIGH MINED115 Action `actions/download-artifact` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:145
HIGH MINED115 Action `actions/upload-artifact` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:129
HIGH MINED115 Action `actions/setup-node` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:108
HIGH MINED115 Action `actions/checkout` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:105
HIGH MINED115 Action `actions/upload-artifact` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:93
HIGH MINED115 Action `actions/setup-node` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:56
HIGH MINED115 Action `actions/checkout` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:53
HIGH MINED115 Action `actions/upload-artifact` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:43
HIGH MINED115 Action `actions/setup-node` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:22
HIGH MINED115 Action `actions/checkout` pinned to mutable ref `@v4` .github/workflows/build-browser.yml:19
HIGH MINED130 Lockfile pulls package from off-canonical host `registry.npmmirror.com` package-lock.json:1
HIGH GHSA-7r86-cg39-jmmj minimatch: GHSA-7r86-cg39-jmmj package-lock.json
HIGH GHSA-3ppc-4f35-3m26 minimatch: GHSA-3ppc-4f35-3m26 package-lock.json
HIGH GHSA-23c5-xmqv-rm74 minimatch: GHSA-23c5-xmqv-rm74 package-lock.json
HIGH GHSA-v39h-62p7-jpjc fast-uri: GHSA-v39h-62p7-jpjc package-lock.json
HIGH GHSA-q3j6-qgpj-74h6 fast-uri: GHSA-q3j6-qgpj-74h6 package-lock.json
HIGH GHSA-5pgg-2g8v-p4x9 xlsx: GHSA-5pgg-2g8v-p4x9 cfspider-browser/package-lock.json
HIGH GHSA-4r6h-8v6p-xvw6 xlsx: GHSA-4r6h-8v6p-xvw6 cfspider-browser/package-lock.json
HIGH GHSA-ph9p-34f9-6g65 tmp: GHSA-ph9p-34f9-6g65 cfspider-browser/package-lock.json
HIGH GHSA-r6q2-hw4h-h46w tar: GHSA-r6q2-hw4h-h46w cfspider-browser/package-lock.json
HIGH GHSA-qffp-2rhf-9h96 tar: GHSA-qffp-2rhf-9h96 cfspider-browser/package-lock.json
HIGH GHSA-9ppj-qmqm-q256 tar: GHSA-9ppj-qmqm-q256 cfspider-browser/package-lock.json
HIGH GHSA-8qq5-rm4j-mr97 tar: GHSA-8qq5-rm4j-mr97 cfspider-browser/package-lock.json
HIGH GHSA-83g3-92jg-28cx tar: GHSA-83g3-92jg-28cx cfspider-browser/package-lock.json
HIGH GHSA-34x7-hfp2-rc4v tar: GHSA-34x7-hfp2-rc4v cfspider-browser/package-lock.json
HIGH GHSA-mw96-cpmx-2vgc rollup: GHSA-mw96-cpmx-2vgc cfspider-browser/package-lock.json
HIGH GHSA-c2c7-rcm5-vvqj picomatch: GHSA-c2c7-rcm5-vvqj cfspider-browser/package-lock.json
HIGH GHSA-7r86-cg39-jmmj minimatch: GHSA-7r86-cg39-jmmj cfspider-browser/package-lock.json
HIGH GHSA-3ppc-4f35-3m26 minimatch: GHSA-3ppc-4f35-3m26 cfspider-browser/package-lock.json
HIGH GHSA-23c5-xmqv-rm74 minimatch: GHSA-23c5-xmqv-rm74 cfspider-browser/package-lock.json
HIGH GHSA-r5fr-rjxr-66jc lodash: GHSA-r5fr-rjxr-66jc cfspider-browser/package-lock.json
HIGH GHSA-jjp3-mq3x-295m electron: GHSA-jjp3-mq3x-295m cfspider-browser/package-lock.json
HIGH GHSA-9wfr-w7mm-pc7f electron: GHSA-9wfr-w7mm-pc7f cfspider-browser/package-lock.json
HIGH GHSA-8337-3p73-46f4 electron: GHSA-8337-3p73-46f4 cfspider-browser/package-lock.json
HIGH GHSA-532v-xpq5-8h95 electron: GHSA-532v-xpq5-8h95 cfspider-browser/package-lock.json
HIGH GHSA-q8qp-cvcw-x6jj axios: GHSA-q8qp-cvcw-x6jj cfspider-browser/package-lock.json
HIGH GHSA-pf86-5x62-jrwf axios: GHSA-pf86-5x62-jrwf cfspider-browser/package-lock.json
HIGH GHSA-p92q-9vqr-4j8v axios: GHSA-p92q-9vqr-4j8v cfspider-browser/package-lock.json
HIGH GHSA-j5f8-grm9-p9fc axios: GHSA-j5f8-grm9-p9fc cfspider-browser/package-lock.json
HIGH GHSA-hfxv-24rg-xrqf axios: GHSA-hfxv-24rg-xrqf cfspider-browser/package-lock.json
HIGH GHSA-777c-7fjr-54vf axios: GHSA-777c-7fjr-54vf cfspider-browser/package-lock.json
HIGH GHSA-6chq-wfr3-2hj9 axios: GHSA-6chq-wfr3-2hj9 cfspider-browser/package-lock.json
HIGH GHSA-43fc-jf86-j433 axios: GHSA-43fc-jf86-j433 cfspider-browser/package-lock.json
HIGH GHSA-pjwm-pj3p-43mv axios: GHSA-pjwm-pj3p-43mv cfspider-browser/package-lock.json
HIGH GHSA-3g43-6gmg-66jw axios: GHSA-3g43-6gmg-66jw cfspider-browser/package-lock.json
HIGH GHSA-35jp-ww65-95wh axios: GHSA-35jp-ww65-95wh cfspider-browser/package-lock.json
HIGH GHSA-x6wf-f3px-wcqx @xmldom/xmldom: GHSA-x6wf-f3px-wcqx cfspider-browser/package-lock.json
HIGH GHSA-wh4c-j3r5-mjhp @xmldom/xmldom: GHSA-wh4c-j3r5-mjhp cfspider-browser/package-lock.json
HIGH GHSA-j759-j44w-7fr8 @xmldom/xmldom: GHSA-j759-j44w-7fr8 cfspider-browser/package-lock.json
HIGH GHSA-f6ww-3ggp-fr8h @xmldom/xmldom: GHSA-f6ww-3ggp-fr8h cfspider-browser/package-lock.json
HIGH GHSA-2v35-w6hq-6mfw @xmldom/xmldom: GHSA-2v35-w6hq-6mfw cfspider-browser/package-lock.json
HIGH JRN009 Secret-like setting is echoed into a password input value cfspider-browser/src/components/Setting…:351
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… x27cn/x27cn/obfuscate.py:127
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… x27cn/x27cn/cli.py:137
HIGH SEC013 [SEC013] Path Traversal — User Input in File Path: User-controlled input used in file pat… x27cn/x27cn/advanced.py:411
HIGH SEC004 [SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection. cfspider/export.py:326
MED SEC045 [SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even … x27cn/x27cn/obfuscate.py:71
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … x27cn/x27cn/password.py:208
MED SEC015 [SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. … x27cn/x27cn/core.py:20
MED SEC123 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production … x27cn/x27cn/cli.py:227
MED SEC123 [SEC123] Production stack trace / debug output exposed: Debug mode left on in production … x27cn/x27cn/advanced.py:346
MED ERR001 [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even… cfspider/proxy_server.py:279
MED SEC042 [SEC042] SQL identifier injection via f-string in cursor execute: f-string SQL normalizes… cfspider/export.py:324
MED SEC087 [SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; … cfspider-browser/src/components/Browser…:201
MED MINED111 Bare except continues silently cfspider/mirror.py:399
MED MINED111 Bare except continues silently cfspider/human_browser.py:311
MED MINED111 Bare except continues silently cfspider/batch.py:417
MED MINED111 Bare except continues silently cfspider/batch.py:328
MED MINED111 Bare except continues silently cfspider/batch.py:296
MED MINED111 Bare except continues silently cfspider/vless_client.py:561
MED MINED111 Bare except continues silently cfspider/vless_client.py:544
MED MINED111 Bare except continues silently cfspider/vless_client.py:350
MED MINED111 Bare except continues silently cfspider/vless_client.py:619
MED MINED111 Bare except continues silently cfspider/vless_client.py:523
MED MINED111 Bare except continues silently cfspider/vless_client.py:445
MED MINED111 Bare except continues silently cfspider/proxy_server.py:256
MED MINED111 Bare except continues silently cfspider/proxy_server.py:274
MED AUC001 [AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks…
MED DEPCUR-NPM npm package `wait-on` is 2 major version(s) behind (7.2.0 -> 9.0.10) cfspider-browser/package.json
MED DEPCUR-NPM npm package `cross-env` is 3 major version(s) behind (7.0.3 -> 10.1.0) cfspider-browser/package.json
MED DEPCUR-NPM npm package `concurrently` is 2 major version(s) behind (8.2.2 -> 10.0.3) cfspider-browser/package.json
MED DEPCUR-NPM npm package `@vitejs/plugin-react` is 2 major version(s) behind (4.7.0 -> 6.0.2) cfspider-browser/package.json
MED DEPCUR-NPM npm package `@types/react-dom` is 1 major version(s) behind (18.3.7 -> 19.2.3) cfspider-browser/package.json
MED DEPCUR-NPM npm package `react-markdown` is 1 major version(s) behind (9.0.1 -> 10.1.0) cfspider-browser/package.json
MED GHSA-f886-m6hf-6m8v brace-expansion: GHSA-f886-m6hf-6m8v package-lock.json
MED GHSA-2g4f-4pwh-qvx6 ajv: GHSA-2g4f-4pwh-qvx6 package-lock.json
MED GHSA-4w7w-66w2-5vf9 vite: GHSA-4w7w-66w2-5vf9 cfspider-browser/package-lock.json
MED GHSA-qx2v-qp2m-jg93 postcss: GHSA-qx2v-qp2m-jg93 cfspider-browser/package-lock.json
MED GHSA-3v7f-55p6-f55p picomatch: GHSA-3v7f-55p6-f55p cfspider-browser/package-lock.json
MED GHSA-f23m-r3pf-42rh lodash: GHSA-f23m-r3pf-42rh cfspider-browser/package-lock.json
MED GHSA-r4q5-vmmm-2653 follow-redirects: GHSA-r4q5-vmmm-2653 cfspider-browser/package-lock.json
MED GHSA-67mh-4wv8-2f99 esbuild: GHSA-67mh-4wv8-2f99 cfspider-browser/package-lock.json
MED GHSA-xwr5-m59h-vwqr electron: GHSA-xwr5-m59h-vwqr cfspider-browser/package-lock.json
MED GHSA-xj5x-m3f3-5x3h electron: GHSA-xj5x-m3f3-5x3h cfspider-browser/package-lock.json
MED GHSA-vmqv-hx8q-j7mg electron: GHSA-vmqv-hx8q-j7mg cfspider-browser/package-lock.json
MED GHSA-r5p7-gp4j-qhrx electron: GHSA-r5p7-gp4j-qhrx cfspider-browser/package-lock.json
MED GHSA-mwmh-mq4g-g6gr electron: GHSA-mwmh-mq4g-g6gr cfspider-browser/package-lock.json
MED GHSA-f3pv-wv63-48x8 electron: GHSA-f3pv-wv63-48x8 cfspider-browser/package-lock.json
MED GHSA-9w97-2464-8783 electron: GHSA-9w97-2464-8783 cfspider-browser/package-lock.json
MED GHSA-5rqw-r77c-jp79 electron: GHSA-5rqw-r77c-jp79 cfspider-browser/package-lock.json
MED GHSA-4p4r-m79c-wq3v electron: GHSA-4p4r-m79c-wq3v cfspider-browser/package-lock.json
MED GHSA-3c8v-cfp5-9885 electron: GHSA-3c8v-cfp5-9885 cfspider-browser/package-lock.json
MED GHSA-f886-m6hf-6m8v brace-expansion: GHSA-f886-m6hf-6m8v cfspider-browser/package-lock.json
MED GHSA-xx6v-rp6x-q39c axios: GHSA-xx6v-rp6x-q39c cfspider-browser/package-lock.json
MED GHSA-w9j2-pvgh-6h63 axios: GHSA-w9j2-pvgh-6h63 cfspider-browser/package-lock.json
MED GHSA-vf2m-468p-8v99 axios: GHSA-vf2m-468p-8v99 cfspider-browser/package-lock.json
MED GHSA-m7pr-hjqh-92cm axios: GHSA-m7pr-hjqh-92cm cfspider-browser/package-lock.json
MED GHSA-fvcv-3m26-pcqx axios: GHSA-fvcv-3m26-pcqx cfspider-browser/package-lock.json
MED GHSA-898c-q2cr-xwhg axios: GHSA-898c-q2cr-xwhg cfspider-browser/package-lock.json
MED GHSA-62hf-57xw-28j9 axios: GHSA-62hf-57xw-28j9 cfspider-browser/package-lock.json
MED GHSA-5c9x-8gcm-mpgx axios: GHSA-5c9x-8gcm-mpgx cfspider-browser/package-lock.json
MED GHSA-445q-vr5w-6q77 axios: GHSA-445q-vr5w-6q77 cfspider-browser/package-lock.json
MED GHSA-3w6x-2g7m-8v23 axios: GHSA-3w6x-2g7m-8v23 cfspider-browser/package-lock.json
MED GHSA-2g4f-4pwh-qvx6 ajv: GHSA-2g4f-4pwh-qvx6 cfspider-browser/package-lock.json
MED AGT007 localStorage write failures are swallowed silently cfspider-browser/src/store/index.ts:688
MED CORE_LARGE_FILES Average file size is 552 lines (recommend <300)
LOW COMP001 [COMP001] High cognitive complexity: Function `stream` has cognitive complexity 9 (SonarS… cfspider/async_session.py:209
LOW COMP001 [COMP001] High cognitive complexity: Function `request` has cognitive complexity 12 (Sona… cfspider/async_session.py:117
LOW DEPCUR-NPM npm package `esbuild` is minor version(s) behind (0.19.12 -> 0.28.0) cfspider-browser/package.json
LOW DEPCUR-NPM npm package `autoprefixer` is minor version(s) behind (10.4.24 -> 10.5.0) cfspider-browser/package.json
LOW DEPCUR-NPM npm package `terser` is minor version(s) behind (5.46.0 -> 5.48.0) package.json
LOW DEPCUR-NPM npm package `javascript-obfuscator` is minor version(s) behind (5.1.0 -> 5.4.3) package.json
LOW DEPCUR-NPM npm package `@neondatabase/serverless` is minor version(s) behind (1.0.2 -> 1.1.0) package.json
LOW GHSA-jfqx-fxh3-c62j electron: GHSA-jfqx-fxh3-c62j cfspider-browser/package-lock.json
LOW GHSA-f37v-82c4-4x64 electron: GHSA-f37v-82c4-4x64 cfspider-browser/package-lock.json
LOW GHSA-9899-m83m-qhpj electron: GHSA-9899-m83m-qhpj cfspider-browser/package-lock.json
LOW GHSA-xhjh-pmcv-23jw axios: GHSA-xhjh-pmcv-23jw cfspider-browser/package-lock.json
LOW GHSA-vpq2-c234-7xj6 @tootallnate/once: GHSA-vpq2-c234-7xj6 cfspider-browser/package-lock.json
LOW AIC003 Duplicated implementation block across source files workers/破皮版workers_超明文.js:2
LOW AIC003 Duplicated implementation block across source files workers/破皮版workers_超明文.js:1
LOW AIC003 Duplicated implementation block across source files workers/破皮版workers_明文.js:1
LOW AIC003 Duplicated implementation block across source files workers/爬楼梯workers.js:1
LOW AIC003 Duplicated implementation block across source files cfspider/workers/破皮版workers_超明文.js:2
LOW AIC003 Duplicated implementation block across source files cfspider/impersonate.py:34
LOW AIC003 Duplicated implementation block across source files cfspider/extract.py:278
LOW AIC003 Duplicated implementation block across source files cfspider/browser.py:92
LOW AIC003 Duplicated implementation block across source files cfspider/async_api.py:88
LOW AUC005 [AUC005] No authorization-focused tests detected: No test files with common authorization…
LOW WEB005 robots.txt does not advertise a sitemap cfspider/cli.py
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… cfspider/proxy_server.py:259
INFO MINED050 [MINED050] Stub Only Function: Function declared but body is just pass, return None, rais… cfspider/__init__.py:227
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cfspider/data/io.py:55
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cfspider/async_session.py:34
INFO MINED043 [MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle cr… cfspider/__init__.py:161
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … cfspider-browser/src/services/extractor…:32
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … build_encrypted.js:213
INFO MINED044 [MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger … add_encryption.js:36
INFO DEPCUR-NPM npm package `postcss` is patch version(s) behind (8.5.6 -> 8.5.15) cfspider-browser/package.json
INFO DEPCUR-NPM npm package `zustand` is patch version(s) behind (5.0.10 -> 5.0.14) cfspider-browser/package.json
INFO DEPCUR-NPM npm package `react-syntax-highlighter` is patch version(s) behind (16.1.0 -> 16.1.1) cfspider-browser/package.json
Reset to top 5 195 findings available (after auto-suppression of test files + won't-fix)

Issue body (markdown)

## Code-quality scan: `violettoolssite/CFspider`

**Score: 59/100 (D+)**  ·  207 findings  ·  scanned 2026-06-06 01:12 UTC  ·  45,798 LOC

| Severity | Count |
|---|---|
| CRITICAL | 3 |
| HIGH | 98 |
| MEDIUM | 60 |
| LOW | 23 |

📊 [Full filterable report](https://repobility.com/scan/f3288468-7c64-43df-aa0e-0cdd9f87b514/)  ·  ![scorecard](https://repobility.com/scan/f3288468-7c64-43df-aa0e-0cdd9f87b514/report.png?v=1780708322-s2)

### Top findings

1. **CRITICAL** `MINED007` — Sql String Concat
   `cfspider/export.py:324` · CWE-89 · ✓ Repobility
2. **CRITICAL** `MINED107` — Missing import: `html` used but not imported
   `x27cn/x27cn/minify.py:270` · ✓ Repobility
3. **CRITICAL** `generic-api-key` — Detected a Generic API Key, potentially exposing access to various services and sensitive 
   `cfspider_obfuscate.js:14`
4. **HIGH** `SEC085` — JS: child_process.exec with non-literal
   `x27cn/x27cn/obfuscate.py:43`
5. **HIGH** `SEC083` — JS: new RegExp() with non-literal
   `obfuscate.js:267`

---

**Security note**: this issue is public. If any flagged finding is a real, exploitable vulnerability, please redirect to your `SECURITY.md` policy or open a [private security advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) instead. We're happy to close this and re-submit privately.

---

_Filed automatically. Close this issue if not useful — we won't refile. Full report: https://repobility.com/scan/f3288468-7c64-43df-aa0e-0cdd9f87b514/_
Megaproject â high spam risk
Could not determine 'violettoolssite/CFspider' star count (GitHub API rate-limited or unreachable). When in doubt about repo size, prefer opening a focused PR or a discussion rather than an issue.
Open in GitHub to file this issue Cancel

The button opens GitHubâs new-issue page in a new tab. You will see the title + body pre-filled â review, edit if you want, then click GitHubâs "Submit new issue" button. Repobility never posts anything on your behalf.

For real security findings on big repos: use the project's SECURITY.md or private advisory flow instead of a public issue.