nuxt/nuxt

Component	Sub-score	Weight	Contribution
`structure_score`	60.0	0.15	9.00
`security_score`	89.2	0.25	22.30
`testing_score`	100.0	0.20	20.00
`documentation_score`	79.8	0.15	11.97
`practices_score`	94.0	0.15	14.10
`code_quality`	73.2	0.10	7.32
Overall		1.00	84.7

low Security checks cicd CI/CD security conf 0.35 ✓ Repobility 7 occurrences Workflow references repository secrets in a pull_request workflow

Fork pull_request runs do not receive normal repository secrets on GitHub Actions. Review this as a reliability/intent signal, not as direct fork-secret exfiltration. Raise severity only for pull_request_target or another trusted-context path that runs untrusted PR code with secrets.

3 files, 7 locations

.github/workflows/team-triage.yml:24, 25, 110, 115 (4 hits)

.github/workflows/ci.yml:321, 382 (2 hits)

.github/workflows/notify-nuxt-bridge.yml:21

CI/CD securityworkflow secretsGitHub Actions

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/basic.test.ts:1726)

`test/basic.test.ts:1726` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/hmr.test.ts:100)

`test/e2e/hmr.test.ts:100` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/hmr.test.ts:116)

`test/e2e/hmr.test.ts:116` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/hmr.test.ts:125)

`test/e2e/hmr.test.ts:125` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/ssr-streaming.test.ts:143)

`test/e2e/ssr-streaming.test.ts:143` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/ssr-streaming.test.ts:155)

`test/e2e/ssr-streaming.test.ts:155` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/ssr-streaming.test.ts:28)

`test/e2e/ssr-streaming.test.ts:28` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/ssr-streaming.test.ts:34)

`test/e2e/ssr-streaming.test.ts:34` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET / (test/e2e/ssr-streaming.test.ts:50)

`test/e2e/ssr-streaming.test.ts:50` calls `GET /` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /?abort (test/basic.test.ts:1495)

`test/basic.test.ts:1495` calls `GET /?abort` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /?no-stream (test/e2e/ssr-streaming.test.ts:160)

`test/e2e/ssr-streaming.test.ts:160` calls `GET /?no-stream` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /__nuxt_error (test/basic.test.ts:1317)

`test/basic.test.ts:1317` calls `GET /__nuxt_error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/__nuxt_error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /__nuxt_island/${key}.json (packages/nuxt/src/app/plugins/revive-payload.client.ts:32)

`packages/nuxt/src/app/plugins/revive-payload.client.ts:32` calls `GET /__nuxt_island/${key}.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/__nuxt_island/<p>.json` If this points at an external API, prefix it …

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /_payload.json (test/basic.test.ts:2435)

`test/basic.test.ts:2435` calls `GET /_payload.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/_payload.json` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api (packages/nuxt/test/extract-async-data-handlers.test.ts:283)

`packages/nuxt/test/extract-async-data-handlers.test.ts:283` calls `GET /api` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api (packages/nuxt/test/extract-async-data-handlers.test.ts:296)

`packages/nuxt/test/extract-async-data-handlers.test.ts:296` calls `GET /api` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/auto-imports (test/basic.test.ts:51)

`test/basic.test.ts:51` calls `GET /api/auto-imports` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auto-imports` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/counter (test/basic.test.ts:44)

`test/basic.test.ts:44` calls `GET /api/counter` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/counter` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/counter (test/basic.test.ts:45)

`test/basic.test.ts:45` calls `GET /api/counter` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/counter` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/counter (test/basic.test.ts:46)

`test/basic.test.ts:46` calls `GET /api/counter` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/counter` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/counter (test/basic.test.ts:47)

`test/basic.test.ts:47` calls `GET /api/counter` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/counter` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:123)

`packages/nuxt/test/extract-async-data-handlers.test.ts:123` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:137)

`packages/nuxt/test/extract-async-data-handlers.test.ts:137` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:147)

`packages/nuxt/test/extract-async-data-handlers.test.ts:147` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:158)

`packages/nuxt/test/extract-async-data-handlers.test.ts:158` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:168)

`packages/nuxt/test/extract-async-data-handlers.test.ts:168` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:175)

`packages/nuxt/test/extract-async-data-handlers.test.ts:175` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:185)

`packages/nuxt/test/extract-async-data-handlers.test.ts:185` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:195)

`packages/nuxt/test/extract-async-data-handlers.test.ts:195` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:206)

`packages/nuxt/test/extract-async-data-handlers.test.ts:206` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:264)

`packages/nuxt/test/extract-async-data-handlers.test.ts:264` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:333)

`packages/nuxt/test/extract-async-data-handlers.test.ts:333` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:342)

`packages/nuxt/test/extract-async-data-handlers.test.ts:342` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher ski…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:42)

`packages/nuxt/test/extract-async-data-handlers.test.ts:42` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skip…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/extract-async-data-handlers.test.ts:52)

`packages/nuxt/test/extract-async-data-handlers.test.ts:52` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skip…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1005)

`packages/nuxt/test/keyed-functions.test.ts:1005` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1006)

`packages/nuxt/test/keyed-functions.test.ts:1006` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1011)

`packages/nuxt/test/keyed-functions.test.ts:1011` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1012)

`packages/nuxt/test/keyed-functions.test.ts:1012` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1019)

`packages/nuxt/test/keyed-functions.test.ts:1019` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1020)

`packages/nuxt/test/keyed-functions.test.ts:1020` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1022)

`packages/nuxt/test/keyed-functions.test.ts:1022` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/data (packages/nuxt/test/keyed-functions.test.ts:1023)

`packages/nuxt/test/keyed-functions.test.ts:1023` calls `GET /api/data` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/data` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/error (test/fixtures/basic/app/plugins/error.server.ts:3)

`test/fixtures/basic/app/plugins/error.server.ts:3` calls `GET /api/error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/foo (test/fixtures/basic-types/app/app-types.ts:61)

`test/fixtures/basic-types/app/app-types.ts:61` calls `GET /api/foo` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/foo` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/foo (test/fixtures/basic-types/app/app-types.ts:79)

`test/fixtures/basic-types/app/app-types.ts:79` calls `GET /api/foo` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/foo` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hello (test/fixtures/basic-types/app/app-types.ts:109)

`test/fixtures/basic-types/app/app-types.ts:109` calls `GET /api/hello` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hello` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hello (test/fixtures/basic-types/app/app-types.ts:59)

`test/fixtures/basic-types/app/app-types.ts:59` calls `GET /api/hello` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hello` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hello (test/fixtures/basic-types/app/app-types.ts:77)

`test/fixtures/basic-types/app/app-types.ts:77` calls `GET /api/hello` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hello` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hello (test/fixtures/basic-types/app/app-types.ts:94)

`test/fixtures/basic-types/app/app-types.ts:94` calls `GET /api/hello` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hello` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hello (test/nuxt/define-nuxt-component.test.ts:339)

`test/nuxt/define-nuxt-component.test.ts:339` calls `GET /api/hello` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hello` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/basic.test.ts:37)

`test/basic.test.ts:37` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:110)

`test/fixtures/basic-types/app/app-types.ts:110` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:111)

`test/fixtures/basic-types/app/app-types.ts:111` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:64)

`test/fixtures/basic-types/app/app-types.ts:64` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:65)

`test/fixtures/basic-types/app/app-types.ts:65` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:68)

`test/fixtures/basic-types/app/app-types.ts:68` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:82)

`test/fixtures/basic-types/app/app-types.ts:82` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:83)

`test/fixtures/basic-types/app/app-types.ts:83` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:86)

`test/fixtures/basic-types/app/app-types.ts:86` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:95)

`test/fixtures/basic-types/app/app-types.ts:95` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/hey (test/fixtures/basic-types/app/app-types.ts:96)

`test/fixtures/basic-types/app/app-types.ts:96` calls `GET /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/my-page/${route.params.slug} (packages/schema/src/types/schema.ts:1294)

`packages/schema/src/types/schema.ts:1294` calls `GET /api/my-page/${route.params.slug}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/my-page/<p>` If this points at an external API, prefix it with `https://` so th…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/my-page/${route.params.slug} (packages/schema/src/types/schema.ts:1298)

`packages/schema/src/types/schema.ts:1298` calls `GET /api/my-page/${route.params.slug}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/my-page/<p>` If this points at an external API, prefix it with `https://` so th…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/other (test/fixtures/basic-types/app/app-types.ts:114)

`test/fixtures/basic-types/app/app-types.ts:114` calls `GET /api/other` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/other` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/other (test/fixtures/basic-types/app/app-types.ts:70)

`test/fixtures/basic-types/app/app-types.ts:70` calls `GET /api/other` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/other` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/other (test/fixtures/basic-types/app/app-types.ts:88)

`test/fixtures/basic-types/app/app-types.ts:88` calls `GET /api/other` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/other` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/other (test/fixtures/basic-types/app/app-types.ts:99)

`test/fixtures/basic-types/app/app-types.ts:99` calls `GET /api/other` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/other` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/posts (packages/nuxt/test/extract-async-data-handlers.test.ts:234)

`packages/nuxt/test/extract-async-data-handlers.test.ts:234` calls `GET /api/posts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/posts` If this points at an external API, prefix it with `https://` so the matcher s…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/posts (packages/nuxt/test/extract-async-data-handlers.test.ts:250)

`packages/nuxt/test/extract-async-data-handlers.test.ts:250` calls `GET /api/posts` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/posts` If this points at an external API, prefix it with `https://` so the matcher s…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/union (test/fixtures/basic-types/app/app-types.ts:112)

`test/fixtures/basic-types/app/app-types.ts:112` calls `GET /api/union` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/union` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/union (test/fixtures/basic-types/app/app-types.ts:113)

`test/fixtures/basic-types/app/app-types.ts:113` calls `GET /api/union` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/union` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/union (test/fixtures/basic-types/app/app-types.ts:69)

`test/fixtures/basic-types/app/app-types.ts:69` calls `GET /api/union` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/union` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/union (test/fixtures/basic-types/app/app-types.ts:87)

`test/fixtures/basic-types/app/app-types.ts:87` calls `GET /api/union` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/union` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/union (test/fixtures/basic-types/app/app-types.ts:97)

`test/fixtures/basic-types/app/app-types.ts:97` calls `GET /api/union` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/union` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/union (test/fixtures/basic-types/app/app-types.ts:98)

`test/fixtures/basic-types/app/app-types.ts:98` calls `GET /api/union` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/union` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/users (packages/nuxt/test/extract-async-data-handlers.test.ts:230)

`packages/nuxt/test/extract-async-data-handlers.test.ts:230` calls `GET /api/users` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/users` If this points at an external API, prefix it with `https://` so the matcher s…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /api/users (packages/nuxt/test/extract-async-data-handlers.test.ts:245)

`packages/nuxt/test/extract-async-data-handlers.test.ts:245` calls `GET /api/users` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/users` If this points at an external API, prefix it with `https://` so the matcher s…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /app.config (test/basic.test.ts:2372)

`test/basic.test.ts:2372` calls `GET /app.config` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/app.config` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /async-head (test/e2e/ssr-streaming.test.ts:59)

`test/e2e/ssr-streaming.test.ts:59` calls `GET /async-head` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/async-head` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /auto-registered-module (test/fixtures/basic-types/app/app-types.ts:63)

`test/fixtures/basic-types/app/app-types.ts:63` calls `GET /auto-registered-module` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auto-registered-module` If this points at an external API, prefix it with `https://`…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /auto-registered-module (test/fixtures/basic-types/app/app-types.ts:81)

`test/fixtures/basic-types/app/app-types.ts:81` calls `GET /auto-registered-module` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/auto-registered-module` If this points at an external API, prefix it with `https://`…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /buffered (test/e2e/ssr-streaming.test.ts:134)

`test/e2e/ssr-streaming.test.ts:134` calls `GET /buffered` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/buffered` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /catchall/forbidden (test/basic.test.ts:245)

`test/basic.test.ts:245` calls `GET /catchall/forbidden` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/catchall/forbidden` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /catchall/not-found (test/basic.test.ts:307)

`test/basic.test.ts:307` calls `GET /catchall/not-found` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/catchall/not-found` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /catchall/redirect-infinite (test/basic.test.ts:302)

`test/basic.test.ts:302` calls `GET /catchall/redirect-infinite` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/catchall/redirect-infinite` If this points at an external API, prefix it with `https://` so the matcher…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /client-only-page (test/basic.test.ts:600)

`test/basic.test.ts:600` calls `GET /client-only-page` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/client-only-page` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /cookies (test/basic.test.ts:776)

`test/basic.test.ts:776` calls `GET /cookies` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/cookies` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /cookies-refresh (test/basic.test.ts:832)

`test/basic.test.ts:832` calls `GET /cookies-refresh` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/cookies-refresh` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/basic.test.ts:1293)

`test/basic.test.ts:1293` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/basic.test.ts:1311)

`test/basic.test.ts:1311` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/fixtures/basic-types/app/app-types.ts:102)

`test/fixtures/basic-types/app/app-types.ts:102` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/fixtures/basic-types/app/app-types.ts:103)

`test/fixtures/basic-types/app/app-types.ts:103` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/fixtures/basic-types/app/app-types.ts:105)

`test/fixtures/basic-types/app/app-types.ts:105` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/fixtures/basic-types/app/app-types.ts:106)

`test/fixtures/basic-types/app/app-types.ts:106` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/fixtures/basic-types/app/app-types.ts:117)

`test/fixtures/basic-types/app/app-types.ts:117` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error (test/fixtures/basic-types/app/app-types.ts:118)

`test/fixtures/basic-types/app/app-types.ts:118` calls `GET /error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /error-during (test/e2e/ssr-streaming.test.ts:266)

`test/e2e/ssr-streaming.test.ts:266` calls `GET /error-during` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/error-during` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /experimental/decorators (test/basic.test.ts:2658)

`test/basic.test.ts:2658` calls `GET /experimental/decorators` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/experimental/decorators` If this points at an external API, prefix it with `https://` so the matcher skip…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /foo/islands (test/server-components.test.ts:459)

`test/server-components.test.ts:459` calls `GET /foo/islands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/foo/islands` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /foo/navigate-to/ (test/basic.test.ts:2307)

`test/basic.test.ts:2307` calls `GET /foo/navigate-to/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/foo/navigate-to` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /fouc (test/e2e/ssr-streaming.test.ts:357)

`test/e2e/ssr-streaming.test.ts:357` calls `GET /fouc` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/fouc` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /hooks (test/e2e/ssr-streaming.test.ts:432)

`test/e2e/ssr-streaming.test.ts:432` calls `GET /hooks` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hooks` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /ignore/public-asset (test/basic.test.ts:1624)

`test/basic.test.ts:1624` calls `GET /ignore/public-asset` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/ignore/public-asset` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /ignore/scanned (test/basic.test.ts:1620)

`test/basic.test.ts:1620` calls `GET /ignore/scanned` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/ignore/scanned` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /instance/error (test/basic.test.ts:1278)

`test/basic.test.ts:1278` calls `GET /instance/error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/instance/error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /islands (test/e2e/ssr-streaming.test.ts:451)

`test/e2e/ssr-streaming.test.ts:451` calls `GET /islands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/islands` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /islands (test/e2e/ssr-streaming.test.ts:459)

`test/e2e/ssr-streaming.test.ts:459` calls `GET /islands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/islands` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /islands (test/e2e/ssr-streaming.test.ts:466)

`test/e2e/ssr-streaming.test.ts:466` calls `GET /islands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/islands` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /islands (test/e2e/ssr-streaming.test.ts:511)

`test/e2e/ssr-streaming.test.ts:511` calls `GET /islands` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/islands` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /legacy-async-data-fail (test/basic.test.ts:594)

`test/basic.test.ts:594` calls `GET /legacy-async-data-fail` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/legacy-async-data-fail` If this points at an external API, prefix it with `https://` so the matcher skips i…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /multi-async (test/e2e/ssr-streaming.test.ts:108)

`test/e2e/ssr-streaming.test.ts:108` calls `GET /multi-async` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/multi-async` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-some-path/ (test/basic.test.ts:1213)

`test/basic.test.ts:1213` calls `GET /navigate-some-path/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-some-path` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-api (test/basic.test.ts:1393)

`test/basic.test.ts:1393` calls `GET /navigate-to-api` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-api` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-error (test/basic.test.ts:1227)

`test/basic.test.ts:1227` calls `GET /navigate-to-error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-external (test/basic.test.ts:1220)

`test/basic.test.ts:1220` calls `GET /navigate-to-external` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-external` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-external-encode (test/basic.test.ts:1247)

`test/basic.test.ts:1247` calls `GET /navigate-to-external-encode` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-external-encode` If this points at an external API, prefix it with `https://` so the matc…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-external/ (test/basic.test.ts:1387)

`test/basic.test.ts:1387` calls `GET /navigate-to-external/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-external` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-false (test/basic.test.ts:1234)

`test/basic.test.ts:1234` calls `GET /navigate-to-false` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-false` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to-redirect (test/basic.test.ts:1533)

`test/basic.test.ts:1533` calls `GET /navigate-to-redirect` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to-redirect` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /navigate-to/ (test/basic.test.ts:1206)

`test/basic.test.ts:1206` calls `GET /navigate-to/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/navigate-to` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /non-ascii/ç (test/basic.test.ts:683)

`test/basic.test.ts:683` calls `GET /non-ascii/ç` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/non-ascii/ç` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /nonce (test/e2e/ssr-streaming.test.ts:313)

`test/e2e/ssr-streaming.test.ts:313` calls `GET /nonce` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/nonce` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /page-extend (test/basic.test.ts:224)

`test/basic.test.ts:224` calls `GET /page-extend` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/page-extend` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /prerender/loop-bare-fetch (test/fixtures/basic/app/middleware/prerender-loop.global.ts:12)

`test/fixtures/basic/app/middleware/prerender-loop.global.ts:12` calls `GET /prerender/loop-bare-fetch` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prerender/loop-bare-fetch` If this points at an external API, pr…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /prerender/test (test/basic.test.ts:678)

`test/basic.test.ts:678` calls `GET /prerender/test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prerender/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /prerender/ç (test/basic.test.ts:689)

`test/basic.test.ts:689` calls `GET /prerender/ç` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/prerender/ç` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /random/日本語 (test/basic.test.ts:716)

`test/basic.test.ts:716` calls `GET /random/日本語` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/random/日本語` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /redirect (test/basic.test.ts:214)

`test/basic.test.ts:214` calls `GET /redirect` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/redirect` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /redirect-with-encode (test/basic.test.ts:1240)

`test/basic.test.ts:1240` calls `GET /redirect-with-encode` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/redirect-with-encode` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /route-rules (test/e2e/hmr.test.ts:83)

`test/e2e/hmr.test.ts:83` calls `GET /route-rules` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/route-rules` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /route-rules (test/e2e/hmr.test.ts:91)

`test/e2e/hmr.test.ts:91` calls `GET /route-rules` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/route-rules` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /route-rules/inline (test/basic.test.ts:84)

`test/basic.test.ts:84` calls `GET /route-rules/inline` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/route-rules/inline` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /sibling-layer (test/e2e/hmr.test.ts:382)

`test/e2e/hmr.test.ts:382` calls `GET /sibling-layer` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/sibling-layer` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /some-404 (test/e2e/hmr.test.ts:68)

`test/e2e/hmr.test.ts:68` calls `GET /some-404` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/some-404` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /some-404 (test/e2e/hmr.test.ts:75)

`test/e2e/hmr.test.ts:75` calls `GET /some-404` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/some-404` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /spa (test/e2e/spa-preloader-body.test.ts:40)

`test/e2e/spa-preloader-body.test.ts:40` calls `GET /spa` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/spa` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /ssr (test/e2e/spa-preloader-body.test.ts:61)

`test/e2e/spa-preloader-body.test.ts:61` calls `GET /ssr` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/ssr` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /ssr (test/e2e/spa-preloader-within.test.ts:60)

`test/e2e/spa-preloader-within.test.ts:60` calls `GET /ssr` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/ssr` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /styled (test/e2e/ssr-streaming.test.ts:193)

`test/e2e/ssr-streaming.test.ts:193` calls `GET /styled` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/styled` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /styled (test/e2e/ssr-streaming.test.ts:335)

`test/e2e/ssr-streaming.test.ts:335` calls `GET /styled` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/styled` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /teleport (test/e2e/ssr-streaming.test.ts:405)

`test/e2e/ssr-streaming.test.ts:405` calls `GET /teleport` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/teleport` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:100)

`test/fixtures/basic-types/app/app-types.ts:100` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:115)

`test/fixtures/basic-types/app/app-types.ts:115` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:526)

`test/fixtures/basic-types/app/app-types.ts:526` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:528)

`test/fixtures/basic-types/app/app-types.ts:528` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:532)

`test/fixtures/basic-types/app/app-types.ts:532` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:533)

`test/fixtures/basic-types/app/app-types.ts:533` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:538)

`test/fixtures/basic-types/app/app-types.ts:538` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:539)

`test/fixtures/basic-types/app/app-types.ts:539` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:543)

`test/fixtures/basic-types/app/app-types.ts:543` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:544)

`test/fixtures/basic-types/app/app-types.ts:544` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /test (test/fixtures/basic-types/app/app-types.ts:548)

`test/fixtures/basic-types/app/app-types.ts:548` calls `GET /test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/test` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /validate-custom-error (test/basic.test.ts:269)

`test/basic.test.ts:269` calls `GET /validate-custom-error` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/validate-custom-error` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET /virtual-module (test/e2e/hmr.test.ts:407)

`test/e2e/hmr.test.ts:407` calls `GET /virtual-module` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/virtual-module` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/nuxt/nuxt/pulls?head=nuxt:v${newVersion} (scripts/update-changelog.ts:49)

`scripts/update-changelog.ts:49` calls `GET https://api.github.com/repos/nuxt/nuxt/pulls?head=nuxt:v${newVersion}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/nuxt/nuxt/pulls` If this …

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: PATCH https://api.github.com/repos/nuxt/nuxt/pulls/${currentPR.number} (scripts/update-changelog.ts:86)

`scripts/update-changelog.ts:86` calls `PATCH https://api.github.com/repos/nuxt/nuxt/pulls/${currentPR.number}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/nuxt/nuxt/pulls/<p>` If this…

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST /api/hey (test/fixtures/basic-types/app/app-types.ts:66)

`test/fixtures/basic-types/app/app-types.ts:66` calls `POST /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST /api/hey (test/fixtures/basic-types/app/app-types.ts:84)

`test/fixtures/basic-types/app/app-types.ts:84` calls `POST /api/hey` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/hey` If this points at an external API, prefix it with `https://` so the matcher skips it.

Dangling fetchFetch

high System graph api Wiring conf 1.00 Dangling fetch: POST https://api.github.com/repos/nuxt/nuxt/pulls (scripts/update-changelog.ts:70)

`scripts/update-changelog.ts:70` calls `POST https://api.github.com/repos/nuxt/nuxt/pulls` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/nuxt/nuxt/pulls` If this points at an external AP…

Dangling fetchFetch

high System graph cicd CI/CD security conf 1.00 7 occurrences GitHub Action tracks a moving branch

nuxt/.github/.github/workflows/dependency-review.yml@main can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.

6 files, 7 locations

.github/workflows/issue-labelled.yml:61, 68 (2 hits)

.github/workflows/dependency-review.yml:16

.github/workflows/issue-comment-created.yml:13

.github/workflows/issue-edited.yml:14

.github/workflows/issue-opened.yml:13

.github/workflows/possible-bot.yml:15

CI/CD securitySupply chainGithub actions

high System graph security security conf 1.00 Insecure pattern 'exec_used' in scripts/_utils.ts:111

Found a known-risky pattern (exec_used). Review and replace if possible.

scripts/_utils.ts:111 Exec used

medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.

Log the error or rethrow it. Use console.error() at minimum.

3 files, 3 locations

packages/nuxt/src/app/composables/preload.ts:70

packages/nuxt/src/app/plugins/view-transitions.client.ts:97

packages/vite/src/vite-node.ts:313

medium Security checks cicd CI/CD security conf 0.90 Docker build context has no .dockerignore

Without .dockerignore, build context can include source history, local env files, dependencies, and generated artifacts.

.dockerignore CI/CD securitycontainers

high Security checks cicd CI/CD security conf 0.82 Docker final stage has no non-root USER

Docker images run as root unless the image or Dockerfile switches to a non-root user.

.devcontainer/Dockerfile:1 CI/CD securitycontainers

high Security checks quality Quality conf 0.80 localStorage write failures are swallowed silently

localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.

packages/nitro-server/src/runtime/utils/dev.ts:114

medium Security checks software dependencies conf 0.90 npm package `c12` is 1 major version(s) behind (3.3.4 -> 4.0.0-beta.5)

`c12` is pinned/resolved at 3.3.4 but the latest stable release on the npm registry is 4.0.0-beta.5 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.

packages/schema/package.json

medium Security checks software dependencies conf 0.90 npm package `c12` is 1 major version(s) behind (^3.3.4 -> 4.0.0-beta.5)

`c12` is pinned/resolved at ^3.3.4 but the latest stable release on the npm registry is 4.0.0-beta.5 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.

packages/kit/package.json

medium Security checks software dependencies conf 0.90 2 occurrences npm package `h3` is 1 major version(s) behind (1.15.11 -> 2.0.1-rc.22)

`h3` is pinned/resolved at 1.15.11 but the latest stable release on the npm registry is 2.0.1-rc.22 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.

2 files, 2 locations

packages/rspack/package.json

packages/webpack/package.json

medium Security checks quality Quality conf 0.78 Public web service has no security.txt

security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt.

.well-known/security.txt

medium Security checks quality Quality conf 0.78 React interval is created without an explicit cleanup

Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close.

packages/nuxt/src/imports/presets.ts:283

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nuxt/src/app/composables/fetch.ts:361

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nuxt/src/app/plugins/revive-payload.client.ts:32

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nuxt/src/core/plugins/import-protection.ts:77

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nuxt/test/extract-async-data-handlers.test.ts:42

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nuxt/test/keyed-functions.test.ts:1005

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/nuxt/test/nitro/render-index.ts:8

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/schema/src/types/schema.ts:1294

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/release.ts:44

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/update-changelog.ts:49

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/basic.test.ts:37

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/e2e/hmr.test.ts:100

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/e2e/spa-preloader-body.test.ts:40

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/e2e/spa-preloader-within.test.ts:60

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/e2e/ssr-streaming.test.ts:28

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/nuxt/define-nuxt-component.test.ts:339

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — test/server-components.test.ts:459

Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.

runtime safetyRobustness

medium System graph hardware Security conf 1.00 Dockerfile runs as root: .devcontainer/Dockerfile

No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.

Container

medium System graph cicd CI/CD security conf 1.00 4 occurrences GitHub Actions workflow grants broad write permissions

CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.

4 files, 4 locations

.github/workflows/changelog.yml

.github/workflows/ci.yml

.github/workflows/release.yml

.github/workflows/scorecards.yml

CI/CD securitySupply chainGithub actions

medium System graph network Security conf 1.00 Privileged port 256 in use

Port 256 is privileged (<1024). Make sure the service runs with the right caps or front it with a non-privileged port via a load balancer.

.devcontainer/Dockerfile Ports

low Security checks cicd CI/CD security conf 0.72 Dockerfile installs recommended OS packages

Installing recommended packages often pulls in unnecessary runtime surface area.

.devcontainer/Dockerfile:3 CI/CD securitycontainers

low Security checks cicd CI/CD security conf 0.74 Dockerfile leaves apt package indexes in the image layer

Package indexes increase image size and can expose stale metadata in the final image layer.

.devcontainer/Dockerfile:3 CI/CD securitycontainers

low Security checks quality Quality conf 0.60 5 occurrences Duplicated implementation block across source files

Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.

5 files, 5 locations

packages/nuxt/src/app/components/client-fallback.server.ts:7

packages/nuxt/src/app/components/nuxt-route-announcer.ts:40

packages/nuxt/src/app/utils.ts:23

packages/vite/src/vite-node.ts:56

packages/webpack/tsdown.config.ts:1

duplicationquality

low Security checks quality Quality conf 0.50 Public web app has no humans.txt

humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links.

humans.txt

low System graph quality Maintenance conf 1.00 161 TODO/FIXME markers

High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.

low System graph hardware Coverage conf 1.00 Containers defined but no K8s/orchestration manifest found

Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.

Deployment

low System graph software Dead code candidate conf 1.00 File has no detected symbols: playground/nuxt.config.ts