Needs attention
59 → 62, +3A 45k line TypeScript codebase with security and testing gaps that need attention. Testing is the weakest domain at 48, followed by security at 54.
Fix the top issue to gain +8 points and reach 70
Changes since last scan
Testing
48Security
54Accessibility
55Documentation
58Dependencies
65Architecture
68Performance
71Score trend
Cross-domain concerns
Issues that span multiple quality domains.
Authentication flow lacks both tests and security hardening
criticalThe auth module (src/auth/) has no test coverage and contains a hardcoded JWT secret. This is the highest-risk area of the codebase.
API handlers are complex, untested and use dangerous patterns
warningsrc/api/handlers/users.ts has cyclomatic complexity of 28, no tests and builds SQL queries with string concatenation.
Environment configuration is inconsistent across deployment targets
warningREADME documents 8 environment variables but .env.example only contains 5. The missing variables cause silent failures in production.
Why this score?
2 potential secrets detected in source code
Hardcoded credentials found in config files. These should be moved to environment variables and the commits containing them should be rotated.
3 dangerous API patterns detected
Found usage of eval(), innerHTML assignment and SQL string concatenation. These patterns can lead to injection vulnerabilities.
Test-to-source ratio is 0.12 (target: 0.5+)
Only 24 test files for 196 source files. Critical paths like authentication and billing have no test coverage.
3 circular dependency chains detected
Circular imports between src/services/auth.ts, src/services/user.ts and src/api/middleware.ts create tight coupling.
Line coverage is 34%
Coverage reports show 34% line coverage. Focus on testing business logic in src/services/ and src/api/ first.
14 TODO/FIXME comments across the codebase
Unresolved TODO and FIXME markers indicate incomplete work. Review these to decide which are still relevant.
5 files exceed 400 lines
Large files are harder to maintain and review. Consider splitting Dashboard.tsx (842 lines) and users.ts (634 lines).
8 functions with cyclomatic complexity > 10
High-complexity functions in src/api/handlers/ are harder to test and more likely to contain bugs.
Recent analyses