https://github.com/carbon-design-system/carbon-components-svelte ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
SEC128 Async function without await — fire-and-forget Promise (AI … |
high | 3 |
MINED044 Js Console Log Prod |
info | 3 |
MINED126 GHA workflow container/services image unpinned |
high | 1 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 1 |
WEB015 Public web app has no Content Security Policy |
medium | 1 |
SEC040 innerHTML XSS — template literal with server-supplied data |
high | 1 |
WEB011 Public web app has no humans.txt |
low | 1 |
MINED045 Ts Non Null Assertion |
info | 1 |
WEB003 Public web service has no security.txt |
medium | 1 |
MINED126
GHA workflow container/services image unpinned
CWE-829
.github/workflows/checks.yml:115
· conf 0.90
[MINED126] Workflow container/services image `mcr.microsoft.com/playwright:v1.59.0-noble` unpinned: `container/services image: mcr.microsoft.com/playwright:v1.59.0-noble` without `@sha256:...` pulls …SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
scripts/release-changelog.ts:26
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…SEC040
innerHTML XSS — template literal with server-supplied data
scripts/release-changelog.ts:95
· conf 1.00
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
src/DataTable/data-table-utils.js:176
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
src/Modal/modalStore.js:27
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
src/RadioButton/RadioButtonRegistry.js:64
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…WEB003
Public web service has no security.txt
.well-known/security.txt
· conf 0.78
Public web service has no security.txtWEB015
Public web app has no Content Security Policy
index.html
· conf 0.70
Public web app has no Content Security PolicyAIC003
Duplicated implementation block across source files
src/ContextMenu/ContextMenuOption.svelte:231
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Dropdown/Dropdown.svelte:93
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Grid/Row.svelte:16
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/ArrowsVertical.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/ArrowUp.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/Calendar.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/CaretDown.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/CaretLeft.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/CaretRight.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/CheckmarkFilled.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/CheckmarkOutline.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/Checkmark.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/ChevronDown.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/ChevronRight.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/icons/CircleDash.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Modal/Modal.svelte:94
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Modal/Modal.svelte:248
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/MultiSelect/MultiSelect.svelte:315
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/MultiSelect/MultiSelect.svelte:376
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/RadioButtonGroup/RadioButtonGroup.svelte:69
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Select/SelectSkeleton.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/SessionStorage/SessionStorage.svelte:34
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Slider/RangeSliderSkeleton.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Slider/SliderSkeleton.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Slider/Slider.svelte:3
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/Tag/Tag.svelte:36
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/TextArea/TextAreaSkeleton.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/TextInput/TextInputSkeleton.svelte:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/TimePicker/TimePicker.svelte:26
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/TreeView/TreeViewNodeList.svelte:91
· conf 0.86
Duplicated implementation block across source filesWEB011
Public web app has no humans.txt
humans.txt
· conf 0.50
Public web app has no humans.txtMINED044
Js Console Log Prod
CWE-532
docs/scripts/generate-sitemap.ts:44
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
scripts/build-css.ts:20
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
scripts/release-changelog.ts:180
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED045
Ts Non Null Assertion
CWE-476
docs/scripts/format-component-api.ts:91
· conf 1.00
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/64634730-a028-4945-825a-0ae00da4f842/.