← Legacy view v2 (rp.*)

versi54/arcanum1

https://github.com/versi54/arcanum1.git · lang: typescript · LOC: · source: user_submitted

Quality
45.6
Grade D+
Security
66.7
Findings
30
2 critical · 3 high
Status
completed
May 26, 2026 22:51
info: 16 low: 5 medium: 4 high: 3 critical: 2
Top rules by occurrence
RuleSeverityCount
MINED044 Js Console Log Prod info 4
MINED056 React Key As Index info 4
MINED054 Ts As Any info 2
MINED047 Emoji In Source info 2
MINED045 Ts Non Null Assertion info 1
MINED058 React Dangerously Set Html info 1
SEC040 innerHTML XSS — template literal with server-supplied data high 1
CORE_NO_CI No CI/CD configuration found medium 1
CORE_NO_README No README file found medium 1
CORE_NO_LICENSE No LICENSE file low 1
First 30 findings (severity-sorted)
critical CORE_ENV_FILE .env file committed to repository
.env 
.env file committed to repository
critical SEC009 [SEC009] .env File Committed: .env file with secrets committed to repository.
.env · conf 1.00 
[SEC009] .env File Committed: .env file with secrets committed to repository.
high CORE_NO_TESTS No test files found 
No test files found
high JRN009 Secret-like setting is echoed into a password input value
src/routes/login.tsx:98 · conf 0.83 
Secret-like setting is echoed into a password input value
high SEC040 innerHTML XSS — template literal with server-supplied data
src/components/ui/chart.tsx:75 · conf 1.00 
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium CORE_NO_README No README file found 
No README file found
medium WEB003 Public web service has no security.txt
.well-known/security.txt · conf 0.78 
Public web service has no security.txt
medium WEB015 Public web app has no Content Security Policy
index.html · conf 0.70 
Public web app has no Content Security Policy
low AIC003 Duplicated implementation block across source files
src/routes/npcs.tsx:68 · conf 0.86 
Duplicated implementation block across source files
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
low WEB001 Public web app has no robots.txt
robots.txt · conf 0.74 
Public web app has no robots.txt
low WEB002 Public web app has no sitemap
sitemap.xml · conf 0.72 
Public web app has no sitemap
low WEB011 Public web app has no humans.txt
humans.txt · conf 0.50 
Public web app has no humans.txt
info MINED043 Http Not Https CWE-319
src/data/ambiance.ts:73 · conf 1.00 
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.
info MINED044 Js Console Log Prod CWE-532
· conf 0.20 
[MINED044] Js Console Log Prod (and 3 more): Same pattern found in 3 additional files. Review if needed.
info MINED044 Js Console Log Prod CWE-532
src/integrations/supabase/auth-middleware.ts:21 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
src/integrations/supabase/client.server.ts:18 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
src/integrations/supabase/client.ts:17 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED045 Ts Non Null Assertion CWE-476
src/routes/npcs.tsx:46 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED047 Emoji In Source
src/components/CityMapView.tsx:77 · conf 1.00 
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.
info MINED047 Emoji In Source
src/data/stories.ts:25 · conf 1.00 
[MINED047] Emoji In Source: Emoji ✅ ❌ 🚀 in code/comments — common AI output unless explicitly requested.
info MINED052 Ts Any Typed CWE-704
src/routes/login.tsx:56 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED054 Ts As Any CWE-704
src/hooks/use-active-party.ts:74 · conf 1.00 
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.
info MINED054 Ts As Any CWE-704
src/routeTree.gen.ts:30 · conf 1.00 
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.
info MINED056 React Key As Index CWE-682
· conf 0.20 
[MINED056] React Key As Index (and 1 more): Same pattern found in 1 additional files. Review if needed.
info MINED056 React Key As Index CWE-682
src/components/DungeonMapView.tsx:53 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED056 React Key As Index CWE-682
src/components/GlobalAmbiance.tsx:103 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED056 React Key As Index CWE-682
src/components/MonsterSummonOverlay.tsx:94 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED058 React Dangerously Set Html CWE-79
src/components/ui/chart.tsx:73 · conf 1.00 
[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/f2a3d585-eca1-4dd1-9166-b1127d3e401a/.