← Legacy view v2 (rp.*)

sakisakiel711-ai/remix-of-get-this-app-88

https://github.com/sakisakiel711-ai/remix-of-get-this-app-88.git · lang: typescript · LOC: · source: user_submitted

Quality
45.0
Grade D+
Security
66.7
Findings
60
2 critical · 8 high
Status
completed
May 26, 2026 22:10
info: 25 low: 15 medium: 10 high: 8 critical: 2
Top rules by occurrence
RuleSeverityCount
AIC003 Duplicated implementation block across source files low 11
MINED058 React Dangerously Set Html info 4
MINED045 Ts Non Null Assertion info 4
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… high 4
MINED054 Ts As Any info 4
MINED052 Ts Any Typed info 4
MINED044 Js Console Log Prod info 4
AGT007 localStorage write failures are swallowed silently medium 3
MINED056 React Key As Index info 3
ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors. medium 2
First 60 findings (severity-sorted)
critical CORE_ENV_FILE .env file committed to repository
.env 
.env file committed to repository
critical SEC009 [SEC009] .env File Committed: .env file with secrets committed to repository.
.env · conf 1.00 
[SEC009] .env File Committed: .env file with secrets committed to repository.
high CORE_NO_TESTS No test files found 
No test files found
high JRN009 Secret-like setting is echoed into a password input value
src/routes/admin.cinetpay.tsx:91 · conf 0.83 
Secret-like setting is echoed into a password input value
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/routes/admin.announcements.tsx:165 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/routes/admin.branding.tsx:33 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
src/routes/api/public/seed-test-accounts.ts:149 · conf 1.00 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…
high SEC040 innerHTML XSS — template literal with server-supplied data
src/components/ui/chart.tsx:75 · conf 1.00 
[SEC040] innerHTML XSS — template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflect…
high SEC128 Async function without await — fire-and-forget Promise (AI mistake)
src/components/PremiumWaveform.tsx:99 · conf 1.00 
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…
high SEC128 Async function without await — fire-and-forget Promise (AI mistake)
src/components/RewardOverlay.tsx:76 · conf 1.00 
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…
medium AGT007 localStorage write failures are swallowed silently
src/components/AnnouncementBanner.tsx:64 · conf 0.80 
localStorage write failures are swallowed silently
medium AGT007 localStorage write failures are swallowed silently
src/components/InstallPrompt.tsx:64 · conf 0.80 
localStorage write failures are swallowed silently
medium AGT007 localStorage write failures are swallowed silently
src/routes/interest.tsx:31 · conf 0.80 
localStorage write failures are swallowed silently
medium CORE_NO_CI No CI/CD configuration found 
No CI/CD configuration found
medium CORE_NO_README No README file found 
No README file found
medium ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
src/hooks/use-online-users.tsx:76 · conf 1.00 
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
medium ERR002 [ERR002] Empty Catch Block: Empty catch blocks hide errors.
src/routes/__root.tsx:147 · conf 1.00 
[ERR002] Empty Catch Block: Empty catch blocks hide errors.
medium SEC046 Client-side open redirect — window.location = server-supplied URL
src/components/PaywallModal.tsx:64 · conf 1.00 
[SEC046] Client-side open redirect — window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If t…
medium WEB003 Public web service has no security.txt
.well-known/security.txt · conf 0.78 
Public web service has no security.txt
medium WEB015 Public web app has no Content Security Policy
index.html · conf 0.70 
Public web app has no Content Security Policy
low AIC003 Duplicated implementation block across source files
src/lib/playlist-collab.ts:23 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/admin.copyrights.tsx:36 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/admin.reports.tsx:70 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/admin.reports.tsx:143 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/admin.users.tsx:48 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/admin.withdrawals.tsx:38 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/admin.withdrawals.tsx:78 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/discover.tsx:53 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/my-songs.tsx:112 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/signup.tsx:189 · conf 0.86 
Duplicated implementation block across source files
low AIC003 Duplicated implementation block across source files
src/routes/top_music.tsx:49 · conf 0.86 
Duplicated implementation block across source files
low CORE_NO_LICENSE No LICENSE file 
No LICENSE file
low WEB001 Public web app has no robots.txt
robots.txt · conf 0.74 
Public web app has no robots.txt
low WEB002 Public web app has no sitemap
sitemap.xml · conf 0.72 
Public web app has no sitemap
low WEB011 Public web app has no humans.txt
humans.txt · conf 0.50 
Public web app has no humans.txt
info MINED043 Http Not Https CWE-319
src/components/AmbientBackdrop.tsx:116 · conf 1.00 
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.
info MINED044 Js Console Log Prod CWE-532
· conf 0.20 
[MINED044] Js Console Log Prod (and 5 more): Same pattern found in 5 additional files. Review if needed.
info MINED044 Js Console Log Prod CWE-532
src/integrations/supabase/auth-middleware.ts:21 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
src/integrations/supabase/client.server.ts:18 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED044 Js Console Log Prod CWE-532
src/integrations/supabase/client.ts:17 · conf 1.00 
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.
info MINED045 Ts Non Null Assertion CWE-476
· conf 0.20 
[MINED045] Ts Non Null Assertion (and 6 more): Same pattern found in 6 additional files. Review if needed.
info MINED045 Ts Non Null Assertion CWE-476
src/hooks/use-is-admin.tsx:14 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED045 Ts Non Null Assertion CWE-476
src/routes/admin.users.tsx:45 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED045 Ts Non Null Assertion CWE-476
src/routes/artist.upgrade.tsx:43 · conf 1.00 
[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.
info MINED052 Ts Any Typed CWE-704
· conf 0.20 
[MINED052] Ts Any Typed (and 3 more): Same pattern found in 3 additional files. Review if needed.
info MINED052 Ts Any Typed CWE-704
src/routes/admin.artist-verification.tsx:116 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED052 Ts Any Typed CWE-704
src/routes/import.tsx:78 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED052 Ts Any Typed CWE-704
src/routes/my_playlists.tsx:45 · conf 1.00 
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.
info MINED054 Ts As Any CWE-704
· conf 0.20 
[MINED054] Ts As Any (and 2 more): Same pattern found in 2 additional files. Review if needed.
info MINED054 Ts As Any CWE-704
src/routes/albums.$slug.tsx:40 · conf 1.00 
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.
info MINED054 Ts As Any CWE-704
src/routes/api/public/flutterwave-webhook.ts:132 · conf 1.00 
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.
info MINED054 Ts As Any CWE-704
src/routes/artist.upgrade.tsx:122 · conf 1.00 
[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.
info MINED056 React Key As Index CWE-682
src/components/Skeleton.tsx:38 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED056 React Key As Index CWE-682
src/components/TrackCard.tsx:89 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED056 React Key As Index CWE-682
src/routes/upload-album.tsx:256 · conf 1.00 
[MINED056] React Key As Index: key={index} in map() — re-renders the wrong elements on re-order.
info MINED058 React Dangerously Set Html CWE-79
· conf 0.20 
[MINED058] React Dangerously Set Html (and 1 more): Same pattern found in 1 additional files. Review if needed.
info MINED058 React Dangerously Set Html CWE-79
src/components/ui/chart.tsx:73 · conf 1.00 
[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data.
info MINED058 React Dangerously Set Html CWE-79
src/routes/faq.tsx:126 · conf 1.00 
[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data.
info MINED058 React Dangerously Set Html CWE-79
src/routes/__root.tsx:154 · conf 1.00 
[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data.
info SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from user input
· conf 0.20 
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input (and 3 more): Same pattern found in 3 additional files. Review if needed.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/fd1aee94-3037-47ed-8281-ef5821ab1d26/.