← Legacy view v2 (rp.*)

jkheadley/instar

https://github.com/JKHeadley/instar · lang: typescript · LOC: · source: corpus_mined

Quality
72.0
Grade B
Security
58.4
Findings
12
0 critical · 1 high
Status
completed
May 15, 2026 20:53
info: 7 medium: 3 high: 1 low: 1
Top rules by occurrence
RuleSeverityCount
SEC020 Secret Printed to Logs high 4
SEC015 Insecure Randomness for Security medium 4
SEC007 Unsafe Deserialization medium 3
SEC006 XSS Risk high 1
First 12 findings (severity-sorted)
high SEC020 Secret Printed to Logs
src/core/PostUpdateMigrator.ts:2638 · conf 0.85 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
medium SEC007 Unsafe Deserialization
src/commands/jobMigrate.ts:110 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
src/scheduler/AgentMdJobLoader.ts:715 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
src/scheduler/InstallBuiltinJobs.ts:151 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
low SEC006 XSS Risk
src/publishing/PrivateViewer.ts:263 · conf 0.40 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
info SEC015 Insecure Randomness for Security
· conf 0.20 
[SEC015] Insecure Randomness for Security (and 29 more): Same pattern found in 29 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
src/cli.ts:89 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
src/core/DispatchManager.ts:626 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
src/core/EvolutionManager.ts:678 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC020 Secret Printed to Logs
· conf 0.20 
[SEC020] Secret Printed to Logs (and 30 more): Same pattern found in 30 additional files. Review if needed.
info SEC020 Secret Printed to Logs
scripts/check-contract-evidence.js:92 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
info SEC020 Secret Printed to Logs
scripts/worktree-precommit-gate.js:105 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/00f3e9b4-a692-4d73-b1d2-2e06abed64cd/.