← Legacy view v2 (rp.*)

sindresorhus/is-online

https://github.com/sindresorhus/is-online.git · lang: javascript · LOC: · source: user_submitted

Quality

63.3

Grade C+

Security

100.0

Findings

0 critical · 3 high

Status

completed

May 19, 2026 12:46

high: 3 info: 2

Top rules by occurrence

Rule	Severity	Count
`SEC029` Server-Side Request Forgery (SSRF) — outbound HTTP from use…	high	2
`MINED044` Js Console Log Prod	info	1
`MINED043` Http Not Https	info	1
`CORE_NO_TESTS` No test files found	high	1

First 5 findings (severity-sorted)

high CORE_NO_TESTS No test files found

No test files found

high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input

browser.js:6 · conf 1.00

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input

index.js:38 · conf 1.00

[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…

info MINED043 Http Not Https CWE-319

test.js:64 · conf 1.00

[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.

info MINED044 Js Console Log Prod CWE-532

browser-test.manual.js:7 · conf 1.00

[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/6a5d08b2-2318-41e3-bbb7-58c2ec7053ea/.