← Legacy view v2 (rp.*)

yikart/aitoearn

https://github.com/yikart/AiToEarn · lang: typescript · source: both

Quality

46.9

Grade D+

Security

36.9

Findings

1 critical · 0 high

Status

completed

May 15, 2026 23:20

info: 3 critical: 1 medium: 1

Top rules by occurrence

Rule	Severity	Count
`SEC015` Insecure Randomness for Security	medium	4
`SEC022` Database URL With Embedded Credential	critical	1

First 5 findings (severity-sorted)

critical SEC022 Database URL With Embedded Credential

docker-compose.yml:30 · conf 1.00

[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…

medium SEC015 Insecure Randomness for Security

demo/xhs/signature.js:63 · conf 0.45

[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

info SEC015 Insecure Randomness for Security

· conf 0.20

[SEC015] Insecure Randomness for Security (and 7 more): Same pattern found in 7 additional files. Review if needed.

info SEC015 Insecure Randomness for Security

project/aitoearn-web/public/js/xhs_sign_inject.js:221 · conf 0.25

[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

info SEC015 Insecure Randomness for Security

project/aitoearn-web/src/hooks/useMediaUpload.ts:69 · conf 0.25

[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/fff94c6c-f7fb-435e-bc2c-eb71996272d3/.