← Legacy view v2 (rp.*)

ejri/ai-guidelines-in-bc-healthcare

https://github.com/ejri/AI-Guidelines-in-BC-Healthcare · lang: typescript · LOC: · source: user_submitted

Quality

59.6

Grade C

Security

97.0

Findings

0 critical · 1 high

Status

completed

May 18, 2026 14:47

low: 5 medium: 5 info: 4 high: 1

Top rules by occurrence

Rule	Severity	Count
`MINED056` React Key As Index	info	2
`CORE_NO_LICENSE` No LICENSE file	low	1
`SEC136` AI-typical over-broad exception handler swallowing all erro…	medium	1
`CORE_NO_CI` No CI/CD configuration found	medium	1
`MINED044` Js Console Log Prod	info	1
`WEB003` Public web service has no security.txt	medium	1
`MINED043` Http Not Https	info	1
`CORE_NO_TESTS` No test files found	high	1
`WEB015` Public web app has no Content Security Policy	medium	1
`WEB011` Public web app has no humans.txt	low	1

First 15 findings (severity-sorted)

high CORE_NO_TESTS No test files found

No test files found

medium CORE_NO_CI No CI/CD configuration found

No CI/CD configuration found

medium SEC041 Tabnabbing — target="_blank" without rel="noopener noreferrer"

screens.jsx:374 · conf 1.00

[SEC041] Tabnabbing — target="_blank" without rel="noopener noreferrer": <a target="_blank"> without rel="noopener noreferrer" leaks window.opener to the opened page. The opened page can then run win…

medium SEC136 AI-typical over-broad exception handler swallowing all errors

tweaks-panel.jsx:216 · conf 1.00

[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unf…

medium WEB003 Public web service has no security.txt

.well-known/security.txt · conf 0.78

Public web service has no security.txt

medium WEB015 Public web app has no Content Security Policy

index.html · conf 0.70

Public web app has no Content Security Policy

low CORE_NO_LICENSE No LICENSE file

No LICENSE file

low WEB001 Public web app has no robots.txt

robots.txt · conf 0.74

Public web app has no robots.txt

low WEB002 Public web app has no sitemap

sitemap.xml · conf 0.72

Public web app has no sitemap

low WEB008 Public docs site has no llms.txt

llms.txt · conf 0.64

Public docs site has no llms.txt

low WEB011 Public web app has no humans.txt

humans.txt · conf 0.50

Public web app has no humans.txt

info MINED043 Http Not Https CWE-319

tweaks-panel.jsx:89 · conf 1.00

[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.

info MINED044 Js Console Log Prod CWE-532

scripts/build-static.mjs:22 · conf 1.00

[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.

info MINED056 React Key As Index CWE-682

screens.jsx:347 · conf 1.00

[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.

info MINED056 React Key As Index CWE-682

tweaks-panel.jsx:538 · conf 1.00

[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/4c4f08eb-99f0-452e-9b5f-f4c5dff613ff/.