Skip to content
You're viewing a demo project. Sign up free to analyse your own codebase.
acme/web-platform
62

Needs attention

59 → 62, +3

A 45k line TypeScript codebase with security and testing gaps that need attention. Testing is the weakest domain at 48, followed by security at 54.

Fix the top issue to gain +8 points and reach 70

Analysed 10d ago a1b2c3d · High confidence · Steadily improving · 4 languages, 380 files

Changes since last scan

Security score improved by 3 points Fixed the express open redirect vulnerability and removed one eval() call.
Test coverage increased to 34% Added integration tests for the billing service.

Testing

48
Needs attention

Security

54
Needs attention

Accessibility

55
Needs attention

Documentation

58
Needs attention

Dependencies

65
Room to improve

Architecture

68
Room to improve

Performance

71
Room to improve

Score trend

02040608010014 Mar21 Mar28 Mar5 Apr12 Apr
Hover over the chart to see scores

Cross-domain concerns

Issues that span multiple quality domains.

Authentication flow lacks both tests and security hardening

critical

The auth module (src/auth/) has no test coverage and contains a hardcoded JWT secret. This is the highest-risk area of the codebase.

securitytesting

API handlers are complex, untested and use dangerous patterns

warning

src/api/handlers/users.ts has cyclomatic complexity of 28, no tests and builds SQL queries with string concatenation.

securitytestingarchitecture

Environment configuration is inconsistent across deployment targets

warning

README documents 8 environment variables but .env.example only contains 5. The missing variables cause silent failures in production.

documentationsecurity

Why this score?

2 potential secrets detected in source code

Hardcoded credentials found in config files. These should be moved to environment variables and the commits containing them should be rotated.

3 dangerous API patterns detected

Found usage of eval(), innerHTML assignment and SQL string concatenation. These patterns can lead to injection vulnerabilities.

Test-to-source ratio is 0.12 (target: 0.5+)

Only 24 test files for 196 source files. Critical paths like authentication and billing have no test coverage.

3 circular dependency chains detected

Circular imports between src/services/auth.ts, src/services/user.ts and src/api/middleware.ts create tight coupling.

Line coverage is 34%

Coverage reports show 34% line coverage. Focus on testing business logic in src/services/ and src/api/ first.

14 TODO/FIXME comments across the codebase

Unresolved TODO and FIXME markers indicate incomplete work. Review these to decide which are still relevant.

5 files exceed 400 lines

Large files are harder to maintain and review. Consider splitting Dashboard.tsx (842 lines) and users.ts (634 lines).

8 functions with cyclomatic complexity > 10

High-complexity functions in src/api/handlers/ are harder to test and more likely to contain bugs.

Recent analyses

62 Needs attention feat: add user dashboard redesign a1b2c3d
59 Needs attention fix: patch express vulnerability e4f5g6h
55 Needs attention refactor: split billing module i7j8k9l
48 At risk feat: add payment integration m1n2o3p
41 At risk chore: initial project setup q4r5s6t