← Legacy view v2 (rp.*)

nvidia/personaplex

https://github.com/NVIDIA/personaplex · lang: typescript · LOC: · source: user_submitted

Quality
58.2
Grade C
Security
93.5
Findings
70
0 critical · 30 high
Status
completed
May 24, 2026 01:24
high: 30 medium: 18 info: 16 low: 6
Top rules by occurrence
RuleSeverityCount
MINED108 self.attribute used but never assigned in __init__ high 25
MINED109 Mutable default argument medium 11
MINED044 Js Console Log Prod info 4
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… low 4
MINED050 Stub Only Function info 3
DKR001 Docker final stage has no non-root USER medium 2
MINED052 Ts Any Typed info 2
SEC087 JS: weak Math.random for crypto medium 1
DKR008 .dockerignore misses sensitive defaults low 1
CORE_NO_CI No CI/CD configuration found medium 1
First 70 findings (severity-sorted)
high COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
moshi/moshi/client_utils.py:144 · conf 0.95 
[COMP001] High cognitive complexity: Function `print_token` has cognitive complexity 26 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested …
high CORE_NO_TESTS No test files found 
No test files found
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/client_utils.py:82 · conf 1.00 
[MINED108] `self._add` used but never assigned in __init__: Method `add` of class `Line` reads `self._add`, but no assignment to it exists in __init__ (and no class-level fallback). This raises Attri…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/client_utils.py:86 · conf 1.00 
[MINED108] `self.erase` used but never assigned in __init__: Method `_add` of class `Line` reads `self.erase`, but no assignment to it exists in __init__ (and no class-level fallback). This raises At…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/client_utils.py:145 · conf 1.00 
[MINED108] `self._remove_pending` used but never assigned in __init__: Method `print_token` of class `Printer` reads `self._remove_pending`, but no assignment to it exists in __init__ (and no class-l…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/client_utils.py:190 · conf 1.00 
[MINED108] `self._remove_pending` used but never assigned in __init__: Method `log` of class `Printer` reads `self._remove_pending`, but no assignment to it exists in __init__ (and no class-level fal…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/client_utils.py:198 · conf 1.00 
[MINED108] `self.print_token` used but never assigned in __init__: Method `print_lag` of class `Printer` reads `self.print_token`, but no assignment to it exists in __init__ (and no class-level fallb…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/client_utils.py:205 · conf 1.00 
[MINED108] `self._remove_pending` used but never assigned in __init__: Method `print_pending` of class `Printer` reads `self._remove_pending`, but no assignment to it exists in __init__ (and no class…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:313 · conf 1.00 
[MINED108] `self.named_children` used but never assigned in __init__: Method `_apply_named_streaming` of class `StreamingModule` reads `self.named_children`, but no assignment to it exists in __init_…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:320 · conf 1.00 
[MINED108] `self._apply_named_streaming` used but never assigned in __init__: Method `_start_streaming` of class `StreamingModule` reads `self._apply_named_streaming`, but no assignment to it exists …
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:326 · conf 1.00 
[MINED108] `self._apply_named_streaming` used but never assigned in __init__: Method `_stop_streaming` of class `StreamingModule` reads `self._apply_named_streaming`, but no assignment to it exists i…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:332 · conf 1.00 
[MINED108] `self._start_streaming` used but never assigned in __init__: Method `streaming_forever` of class `StreamingModule` reads `self._start_streaming`, but no assignment to it exists in __init__…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:338 · conf 1.00 
[MINED108] `self._start_streaming` used but never assigned in __init__: Method `streaming` of class `StreamingModule` reads `self._start_streaming`, but no assignment to it exists in __init__ (and no…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:342 · conf 1.00 
[MINED108] `self._stop_streaming` used but never assigned in __init__: Method `streaming` of class `StreamingModule` reads `self._stop_streaming`, but no assignment to it exists in __init__ (and no c…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:355 · conf 1.00 
[MINED108] `self._apply_named_streaming` used but never assigned in __init__: Method `reset_streaming` of class `StreamingModule` reads `self._apply_named_streaming`, but no assignment to it exists i…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:364 · conf 1.00 
[MINED108] `self._apply_named_streaming` used but never assigned in __init__: Method `get_streaming_state` of class `StreamingModule` reads `self._apply_named_streaming`, but no assignment to it exis…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:387 · conf 1.00 
[MINED108] `self.get_streaming_state` used but never assigned in __init__: Method `save_streaming_state` of class `StreamingModule` reads `self.get_streaming_state`, but no assignment to it exists in…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:398 · conf 1.00 
[MINED108] `self.parameters` used but never assigned in __init__: Method `set_streaming_state_inplace` of class `StreamingModule` reads `self.parameters`, but no assignment to it exists in __init__ (…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:401 · conf 1.00 
[MINED108] `self._apply_named_streaming` used but never assigned in __init__: Method `set_streaming_state_inplace` of class `StreamingModule` reads `self._apply_named_streaming`, but no assignment to…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:416 · conf 1.00 
[MINED108] `self._apply_named_streaming` used but never assigned in __init__: Method `set_streaming_state` of class `StreamingModule` reads `self._apply_named_streaming`, but no assignment to it exis…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:449 · conf 1.00 
[MINED108] `self._streaming_state` used but never assigned in __init__: Method `forward` of class `StreamingAdd` reads `self._streaming_state`, but no assignment to it exists in __init__ (and no clas…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:452 · conf 1.00 
[MINED108] `self._streaming_state` used but never assigned in __init__: Method `forward` of class `StreamingAdd` reads `self._streaming_state`, but no assignment to it exists in __init__ (and no clas…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:453 · conf 1.00 
[MINED108] `self._streaming_state` used but never assigned in __init__: Method `forward` of class `StreamingAdd` reads `self._streaming_state`, but no assignment to it exists in __init__ (and no clas…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:459 · conf 1.00 
[MINED108] `self._streaming_state` used but never assigned in __init__: Method `forward` of class `StreamingAdd` reads `self._streaming_state`, but no assignment to it exists in __init__ (and no clas…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:460 · conf 1.00 
[MINED108] `self._streaming_state` used but never assigned in __init__: Method `forward` of class `StreamingAdd` reads `self._streaming_state`, but no assignment to it exists in __init__ (and no clas…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:484 · conf 1.00 
[MINED108] `self.stride` used but never assigned in __init__: Method `forward` of class `RawStreamingConv1d` reads `self.stride`, but no assignment to it exists in __init__ (and no class-level fallba…
high MINED108 self.attribute used but never assigned in __init__ CWE-476
moshi/moshi/modules/streaming.py:487 · conf 1.00 
[MINED108] `self._streaming_state` used but never assigned in __init__: Method `forward` of class `RawStreamingConv1d` reads `self._streaming_state`, but no assignment to it exists in __init__ (and n…
high MINED118 Dockerfile FROM not pinned by sha256 digest CWE-829
client/Dockerfile:1 · conf 0.90 
[MINED118] Dockerfile FROM `node:20` not pinned by digest: `FROM node:20` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially di…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
client/src/pages/Conversation/Conversation.tsx:148 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC128 Async function without await — fire-and-forget Promise (AI mistake)
client/src/pages/Queue/Queue.tsx:146 · conf 1.00 
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…
medium COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
moshi/moshi/utils/compile.py:255 · conf 0.95 
[COMP001] High cognitive complexity: Function `_match_values_copy_tensors` has cognitive complexity 17 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to under…
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium DKR001 Docker final stage has no non-root USER
client/Dockerfile:1 · conf 0.82 
Docker final stage has no non-root USER
medium DKR001 Docker final stage has no non-root USER
Dockerfile:4 · conf 0.82 
Docker final stage has no non-root USER
medium DKR014 Dockerfile copies the entire context without .dockerignore
client/Dockerfile:5 · conf 0.76 
Dockerfile copies broad context with incomplete .dockerignore
medium DKR017 Dockerfile installs dependencies after copying the full source tree
client/Dockerfile:7 · conf 0.90 
Dockerfile installs dependencies after copying the full source tree
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/models/lm.py:242 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/conv.py:137 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/conv.py:161 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/conv.py:194 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/conv.py:291 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/seanet.py:60 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/seanet.py:60 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/seanet.py:149 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/seanet.py:149 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/seanet.py:295 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium MINED109 Mutable default argument CWE-1023
moshi/moshi/modules/seanet.py:295 · conf 1.00 
[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` — Python's default value is constructed ONCE at function definition time and shared across all calls. Mutat…
medium SEC087 JS: weak Math.random for crypto
client/src/pages/Conversation/Conversation.tsx:112 · conf 1.00 
[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes conce…
low COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
moshi/moshi/utils/compile.py:104 · conf 0.95 
[COMP001] High cognitive complexity: Function `backward` has cognitive complexity 11 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested bra…
low DKC006 Compose service does not declare a runtime user
docker-compose.yaml:1 · conf 0.56 
Compose service does not declare a runtime user
low DKC010 Compose service lacks no-new-privileges hardening
docker-compose.yaml:1 · conf 0.62 
Compose service lacks no-new-privileges hardening
low DKR008 .dockerignore misses sensitive defaults
.dockerignore · conf 0.72 
.dockerignore misses sensitive defaults
low DKR010 Dockerfile leaves apt package indexes in the image layer
client/Dockerfile:12 · conf 0.74 
Dockerfile leaves apt package indexes in the image layer
low DKR011 Dockerfile installs recommended OS packages
client/Dockerfile:12 · conf 0.72 
Dockerfile installs recommended OS packages
info COMP001 [COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
· conf 0.20 
[COMP001] High cognitive complexity (and 2 more): Same pattern found in 2 additional files. Review if needed.
info DKR002 Dockerfile base image has no explicit tag
Dockerfile:4 · conf 0.48 
Dockerfile base image is selected through a build variable
info MINED044 Js Console Log Prod CWE-532
· conf 0.20 
[MINED044] Js Console Log Prod (and 14 more): Same pattern found in 14 additional files. Review if needed.
info MINED044 Js Console Log Prod CWE-532
client/src/audio-processor.ts:13 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
client/src/decoder/decoderWorker.ts:47 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
client/src/pages/Conversation/Conversation.tsx:50 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED045 Ts Non Null Assertion CWE-476
client/src/pages/Conversation/Conversation.tsx:104 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED050 Stub Only Function CWE-1188
moshi/moshi/client_utils.py:35 · conf 1.00 
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.
info MINED050 Stub Only Function CWE-1188
moshi/moshi/modules/conv.py:280 · conf 1.00 
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.
info MINED050 Stub Only Function CWE-1188
moshi/moshi/quantization/base.py:45 · conf 1.00 
[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment.
info MINED052 Ts Any Typed CWE-704
client/src/pages/Conversation/hooks/useServerInfo.ts:30 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED052 Ts Any Typed CWE-704
client/src/pages/Conversation/hooks/useUserAudio.ts:45 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED056 React Key As Index CWE-682
client/src/pages/Conversation/components/TextDisplay/TextDisplay.tsx:29 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED062 Python Dataclass No Fields
moshi/moshi/modules/conv.py:278 · conf 1.00 
[MINED062] Python Dataclass No Fields: @dataclass over an empty class — unfinished model.
info MINED064 Python Input Call
moshi/moshi/utils/sampling.py:42 · conf 1.00 
[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.
info MINED072 Python Pass Only Class CWE-1188
moshi/moshi/modules/conv.py:279 · conf 1.00 
[MINED072] Python Pass Only Class: class Foo: pass — stub waiting to be filled in.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/e6096821-706f-4fbe-aea1-5857e8308d8f/.