← Legacy view v2 (rp.*)

lrrok/are-you-ok

https://github.com/lrrok/are-you-ok.git · lang: javascript · LOC: · source: user_submitted

Quality

42.6

Grade D

Security

97.0

Findings

0 critical · 3 high

Status

completed

May 26, 2026 22:41

low: 5 medium: 5 high: 3

Top rules by occurrence

Rule	Severity	Count
`CORE_NO_LICENSE` No LICENSE file	low	1
`SEC040` innerHTML XSS — template literal with server-supplied data	high	1
`ERR002` [ERR002] Empty Catch Block: Empty catch blocks hide errors.	medium	1
`CFG006` [CFG006] Missing .gitignore: No .gitignore file. Risk of co…	medium	1
`MINED027` React State Array Mutation	high	1
`SEC006` XSS Risk	high	1
`CORE_NO_CI` No CI/CD configuration found	medium	1
`WEB003` Public web service has no security.txt	medium	1
`CORE_NO_TESTS` No test files found	high	1
`WEB015` Public web app has no Content Security Policy	medium	1

First 13 findings (severity-sorted)

high CORE_NO_TESTS No test files found

No test files found

high MINED027 React State Array Mutation CWE-682

app.js:163 · conf 1.00

[MINED027] React State Array Mutation: state.X.push/splice/sort followed by setState — React skips re-render on mutated reference.

high SEC040 innerHTML XSS — template literal with server-supplied data

app.js:67 · conf 1.00

[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…

medium CFG006 [CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

· conf 1.00

[CFG006] Missing .gitignore: No .gitignore file. Risk of committing secrets and build artifacts.

medium CORE_NO_CI No CI/CD configuration found

No CI/CD configuration found

medium ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors.

app.js:215 · conf 1.00

[ERR002] Empty Catch Block: Empty catch blocks hide errors.

medium WEB003 Public web service has no security.txt

.well-known/security.txt · conf 0.78

Public web service has no security.txt

medium WEB015 Public web app has no Content Security Policy

index.html · conf 0.70

Public web app has no Content Security Policy

low CORE_NO_LICENSE No LICENSE file

No LICENSE file

low SEC006 XSS Risk

app.js:67 · conf 0.40

[SEC006] XSS Risk: Direct HTML injection without sanitization.

low WEB001 Public web app has no robots.txt

robots.txt · conf 0.74

Public web app has no robots.txt

low WEB002 Public web app has no sitemap

sitemap.xml · conf 0.72

Public web app has no sitemap

low WEB011 Public web app has no humans.txt

humans.txt · conf 0.50

Public web app has no humans.txt

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/0cbd5404-c9ad-4b41-94f4-59a5cb0e9c40/.