← Legacy view v2 (rp.*)

esengine/deepseek-reasonix

https://github.com/esengine/DeepSeek-Reasonix · lang: typescript · LOC: · source: user_submitted

Quality
78.7
Grade B+
Security
73.0
Findings
13
1 critical · 0 high
Status
completed
May 15, 2026 17:14
info: 6 low: 3 medium: 3 critical: 1
Top rules by occurrence
RuleSeverityCount
SEC006 XSS Risk high 4
SEC015 Insecure Randomness for Security medium 4
SEC005 Command Injection Risk high 3
SEC020 Secret Printed to Logs high 1
SEC002 Hardcoded API Key critical 1
First 13 findings (severity-sorted)
critical SEC002 Hardcoded API Key
src/config.ts:213 · conf 0.90 
[SEC002] Hardcoded API Key: Hardcoded API key found in source code.
medium SEC005 Command Injection Risk
dashboard/src/panels/chat.ts:458 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
medium SEC005 Command Injection Risk
src/at-mentions.ts:364 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
medium SEC005 Command Injection Risk
src/cli/ui/slash/commands.ts:426 · conf 0.50 
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.
low SEC006 XSS Risk
docs/arch-i18n.js:255 · conf 0.40 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
low SEC006 XSS Risk
docs/cli-ref-i18n.js:131 · conf 0.40 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
low SEC006 XSS Risk
docs/i18n.js:470 · conf 0.40 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
info SEC006 XSS Risk
· conf 0.20 
[SEC006] XSS Risk (and 2 more): Same pattern found in 2 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
· conf 0.20 
[SEC015] Insecure Randomness for Security (and 4 more): Same pattern found in 4 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
desktop/src/App.tsx:1336 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
docs/src/hero.jsx:57 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
src/code/checkpoints.ts:113 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC020 Secret Printed to Logs
benchmarks/spike-mcp-reconnect/runner.ts:128 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/a77898c5-f7a8-450e-b012-1fe5a360795f/.