@reidbuilds/slop 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +11 -0
- package/.firebaserc +5 -0
- package/README.md +73 -0
- package/cli/analyzer.js +150 -0
- package/cli/index.js +182 -0
- package/cli/learner.js +156 -0
- package/cli/reporter.js +126 -0
- package/cli/scanner.js +45 -0
- package/ff-slop.md +27 -0
- package/firebase.json +16 -0
- package/functions/index.js +30 -0
- package/functions/package-lock.json +2755 -0
- package/functions/package.json +12 -0
- package/hardcoresyn-slop.md +1887 -0
- package/package.json +17 -0
- package/slop-index/catches.jsonl +590 -0
- package/slop-index/patterns/001-hallucinated-imports.md +39 -0
- package/slop-index/patterns/002-comment-restatement.md +53 -0
- package/slop-index/patterns/003-unnecessary-abstraction.md +56 -0
- package/slop-index/patterns/004-unused-imports.md +41 -0
- package/slop-index/patterns/005-hardcoded-config.md +49 -0
- package/slop-index/patterns/006-deprecated-api-confidence.md +52 -0
- package/slop-index/patterns/007-try-catch-everything.md +63 -0
- package/slop-index/patterns/008-generic-variable-names.md +49 -0
- package/slop-index/patterns/009-stub-with-shell.md +61 -0
- package/slop-index/patterns/010-async-misuse.md +64 -0
- package/slop-index/patterns/011-console-log-left-in.md +53 -0
- package/slop-index/patterns/012-over-engineered-simple.md +64 -0
- package/slop-index/patterns/013-emoji-debugging.md +44 -0
- package/slop-index/patterns/014-fake-async-simulation.md +71 -0
- package/slop-index/patterns/015-credential-fallbacks.md +51 -0
- package/slop-index/patterns/016-mock-data-pollution.md +75 -0
- package/slop-index/proposed/.gitkeep +0 -0
- package/slop-index/proposed/017-emoji-progress-logging.md +44 -0
- package/slop-index/proposed/018-test-credentials-in-fallbacks.md +54 -0
- package/slop-index/proposed/019-fake-loading-simulation.md +75 -0
- package/slop-index/proposed/020-configuration-debugging-left-in.md +53 -0
- package/slop-index/proposed/021-emoji-production-logging.md +42 -0
- package/slop-index/proposed/022-fake-delay-simulation.md +70 -0
- package/slop-index/proposed/023-credential-hardcoding-with-fallbacks.md +57 -0
- package/slop-index/proposed/024-repetitive-error-pattern.md +76 -0
- package/slop-index/proposed/025-environment-specific-fallbacks.md +55 -0
- package/slop-index/proposed/026-emoji-production-logs.md +46 -0
- package/slop-index/proposed/027-credentials-in-debug-logs.md +48 -0
- package/slop-index/proposed/028-repetitive-service-wrappers.md +59 -0
- package/slop-index/proposed/029-forced-non-null-assertions.md +59 -0
- package/slop-index/proposed/030-production-credential-fallbacks.md +51 -0
- package/slop-index/proposed/031-fake-version-confidence.md +50 -0
- package/slop-index/proposed/032-forced-non-null-assertions.md +53 -0
- package/slop-index/proposed/033-emoji-production-logs.md +44 -0
- package/slop-index/proposed/034-realistic-mock-data-leakage.md +62 -0
- package/slop-index/proposed/035-production-credential-exposure.md +43 -0
- package/slop-index/proposed/036-identical-wrapper-proliferation.md +53 -0
- package/slop-index/proposed/037-forced-null-assertions.md +50 -0
- package/slop-index/proposed/038-emoji-production-logging.md +42 -0
- package/slop-index/proposed/039-fake-delay-operations.md +52 -0
- package/slop-index/proposed/040-forced-null-assertion-chains.md +45 -0
- package/slop-index/proposed/041-production-debug-configuration.md +45 -0
- package/slop-index/proposed/042-repetitive-firebase-wrappers.md +51 -0
- package/slop-index/proposed/043-hardcoded-process-timeouts.md +48 -0
- package/slop-index/proposed/044-fictional-package-versions.md +37 -0
- package/test-sample.js +89 -0
|
@@ -0,0 +1,590 @@
|
|
|
1
|
+
{"filename":"App.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const timer = setTimeout(() => {","explanation":"Variable named 'timer' is generic when 'authTimeoutTimer' or 'stuckDetectionTimer' would better communicate its specific purpose of detecting when auth handler is stuck","timestamp":"2026-05-20T15:25:15.138Z"}
|
|
2
|
+
{"filename":"populateSweatStarterTest.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔍 Finding \"Sweat Starter Test 1\" program...');\nconsole.log('✓ Found program:', (targetProgram as any).id);\nconsole.log('🔍 Fetching exercises from library...');\nconsole.log(`✓ Found ${exercises.length} exercises`);\nconsole.log(`✓ Created ${workouts.length} workouts`);\nconsole.log('✅ Successfully populated \"Sweat Starter Test 1\" program!');\nconsole.log(` - ${totalWeeks} weeks`);\nconsole.log(` - ${workoutsPerWeek} workouts per week`);\nconsole.log(` - ${totalWorkouts} total workouts`);\nconsole.log(` - 2 exercises per workout`);","explanation":"Multiple console.log statements throughout the production function. While this is a script file, these logs would run in production and clutter logs with progress indicators and emoji characters.","timestamp":"2026-05-20T15:25:21.881Z"}
|
|
3
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await getWorkoutPrograms();\n if (response.success && response.data) {\n setPrograms(response.data.programs);\n } else {\n setError(response.error || 'Failed to fetch programs');\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to fetch programs');\n }","explanation":"Generic try-catch that handles both API errors (response.error) and unexpected errors identically, masking different error types that might need distinct handling","timestamp":"2026-05-20T15:25:39.004Z"}
|
|
4
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await getClientWorkouts(currentUser.uid, completed);\n if (response.success && response.data) {\n setWorkouts(response.data.workouts);\n } else {\n setError(response.error || 'Failed to fetch workouts');\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to fetch workouts');\n }","explanation":"Same pattern repeated - generic catch block that treats all errors identically, losing specific error context that could be useful for debugging or user experience","timestamp":"2026-05-20T15:25:39.005Z"}
|
|
5
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await assignWorkoutProgram(currentUser.uid, programId);\n if (response.success) {\n return { success: true, assignmentId: response.data?.assignmentId };\n } else {\n setError(response.error || 'Failed to assign program');\n return { success: false };\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to assign program');\n return { success: false };\n }","explanation":"Generic error handling pattern repeated again - all errors result in the same generic fallback message, masking specific failure reasons","timestamp":"2026-05-20T15:25:39.005Z"}
|
|
6
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await logWorkout(workoutId, log);\n if (response.success) {\n return { success: true, logId: response.data?.logId };\n } else {\n setError(response.error || 'Failed to log workout');\n return { success: false };\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to log workout');\n return { success: false };\n }","explanation":"Fourth repetition of the same generic error handling pattern - all functions have identical catch blocks that provide no specific error context","timestamp":"2026-05-20T15:25:39.005Z"}
|
|
7
|
+
{"filename":"useProgress.ts","pattern_id":"010","pattern_name":"async-misuse","severity":"high","code_snippet":"const stats = {\n currentWeight: latestEntry?.weight,\n startingWeight: firstEntry?.weight,\n weightChange: latestEntry && previousEntry\n ? latestEntry.weight! - previousEntry.weight!\n : 0,\n totalChange: latestEntry && firstEntry\n ? latestEntry.weight! - firstEntry.weight!\n : 0,\n entriesCount: entries.length,\n averageEnergy: entries.length > 0\n ? entries.reduce((sum, e) => sum + (e.energyLevel || 0), 0) / entries.length\n : 0,\n };","explanation":"Force unwrapping with ! operator on weight properties that could be undefined, creating potential runtime errors. The code assumes weight exists after checking latestEntry exists, but weight itself could be null/undefined.","timestamp":"2026-05-20T15:25:44.936Z"}
|
|
8
|
+
{"filename":"NutritionLog.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to log nutrition:', error);","explanation":"Debug console statement left in production code that will log error details to browser console, potentially exposing implementation details","timestamp":"2026-05-20T15:26:03.374Z"}
|
|
9
|
+
{"filename":"NutritionLog.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const logDate = new Date().toISOString().split('T')[0];\n const result = await logNutrition({\n foods: foods.map((food) => ({\n name: food.name,\n calories: food.calories,\n protein: food.protein,\n carbs: food.carbs,\n fat: food.fat,\n })),\n totalMacros: {\n calories: totals.calories,\n protein: totals.protein,\n carbs: totals.carbs,\n fat: totals.fat,\n },\n source: `manual-${selectedMealType}`,\n mealType: selectedMealType,\n date: logDate,\n });\n\n if (!result.success || !result.data?.success) {\n alert(result.error || 'Failed to save meal. Please try again.');\n return;\n }\n\n navigate('/nutrition', { state: { logged: true } });\n } catch (error) {\n console.error('Failed to log nutrition:', error);\n alert('Failed to save meal. Please check your connection and try again.');\n }","explanation":"Blanket try/catch block with generic error handling that treats all errors (network failures, validation errors, API errors) identically with alert() popup","timestamp":"2026-05-20T15:26:03.376Z"}
|
|
10
|
+
{"filename":"App.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const { loading, currentUser, subscriptionTier, userRole } = useAuth();","explanation":"While 'loading' is generic, it's acceptable in this auth context. However, this is a borderline case where more specific naming could help.","timestamp":"2026-05-20T15:38:59.832Z"}
|
|
11
|
+
{"filename":"App.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"const timer = setTimeout(() => {\n setStuckOnAuth(true);\n }, 3000);\n return () => clearTimeout(timer);","explanation":"While not a try-catch block, this timer cleanup pattern could fail silently if timer is undefined, but this is actually correct React cleanup code","timestamp":"2026-05-20T15:38:59.839Z"}
|
|
12
|
+
{"filename":"index.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"odiserId: string;","explanation":"The field name 'odiserId' appears to be a typo or generic placeholder for what should likely be 'userId' or another domain-specific identifier in the ClientProfile interface","timestamp":"2026-05-20T15:39:05.386Z"}
|
|
13
|
+
{"filename":"populateSweatStarterTest.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔍 Finding \"Sweat Starter Test 1\" program...');\n console.error('❌ Program \"Sweat Starter Test 1\" not found');\n console.log('✓ Found program:', (targetProgram as any).id);\n console.log('🔍 Fetching exercises from library...');\n console.error('❌ Need at least 2 exercises in the library');\n console.log(`✓ Found ${exercises.length} exercises`);\n console.log(`✓ Created ${workouts.length} workouts`);\n console.log('✅ Successfully populated \"Sweat Starter Test 1\" program!');\n console.log(` - ${totalWeeks} weeks`);\n console.log(` - ${workoutsPerWeek} workouts per week`);\n console.log(` - ${totalWorkouts} total workouts`);\n console.log(` - 2 exercises per workout`);\n console.error('❌ Error populating program:', error);","explanation":"Multiple console.log statements throughout the function that appear to be debug/development logging rather than proper production logging. These include progress indicators, success messages, and detailed output that would clutter production logs.","timestamp":"2026-05-20T15:39:14.255Z"}
|
|
14
|
+
{"filename":"stripe.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const fallbackKey = 'pk_test_51SrKL12EWDoWzTlbooO1c6Y3k1oMpjc2JAk266LPVK6TGgRPthyf4eeGjhFh6lDGeZEz3YxDxDUhQ4wBcnemfU1v00BKalQrEu';","explanation":"Real Stripe publishable key hardcoded directly in source code. This creates security risk and environment coupling - the same key will be used in all environments.","timestamp":"2026-05-20T15:39:29.340Z"}
|
|
15
|
+
{"filename":"stripe.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔑 Loading Stripe with key:', STRIPE_PUBLISHABLE_KEY.substring(0, 20) + '...');\n console.log('🔑 Key length:', STRIPE_PUBLISHABLE_KEY.length);\n console.log('🔑 Key starts with pk_test_:', STRIPE_PUBLISHABLE_KEY.startsWith('pk_test_'));\n console.log('🔑 Full key (for debugging):', STRIPE_PUBLISHABLE_KEY);","explanation":"Debug console.log statements left in production code, including one that logs the full Stripe publishable key. While publishable keys are meant to be public, logging them creates unnecessary exposure in production logs.","timestamp":"2026-05-20T15:39:29.341Z"}
|
|
16
|
+
{"filename":"stripe.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"'sweat-starter': import.meta.env.VITE_STRIPE_PRICE_SWEAT_STARTER || 'price_1SuKsG2EWDoWzTlbwUA9bdpb',","explanation":"Real Stripe price ID hardcoded as fallback value. This creates the same environment coupling issue - production price IDs embedded in source code.","timestamp":"2026-05-20T15:39:29.341Z"}
|
|
17
|
+
{"filename":"nutritionUtils.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"export function macroDelta(consumed: number, target: number): {\n pct: number;\n over: boolean;\n under: boolean;\n diff: number;\n label: string;\n} {\n if (target <= 0) {\n return { pct: 0, over: false, under: false, diff: 0, label: '' };\n }\n const pct = Math.round((consumed / target) * 100);\n const diff = consumed - target;\n const over = diff > 0;\n const under = diff < 0;\n const abs = Math.abs(diff);\n let label = 'On target';\n if (over) label = `+${abs} over`;\n else if (under) label = `${abs} under`;\n return { pct, over, under, diff, label };\n}\n\nexport function macroDeltaGrams(consumed: number, target: number): {\n pct: number;\n over: boolean;\n under: boolean;\n diff: number;\n label: string;\n} {\n if (target <= 0) {\n return { pct: 0, over: false, under: false, diff: 0, label: '' };\n }\n const pct = Math.round((consumed / target) * 100);\n const diff = Math.round((consumed - target) * 10) / 10;\n const over = diff > 0;\n const under = diff < 0;\n const abs = Math.abs(diff);\n let label = 'On target';\n if (over) label = `+${abs}g over`;\n else if (under) label = `${abs}g under`;\n return { pct, over, under, diff, label };\n}","explanation":"Two nearly identical functions with only minor differences (rounding precision and 'g' suffix in label). The abstraction creates duplicate code instead of using a shared function with parameters for the differences.","timestamp":"2026-05-20T15:39:40.246Z"}
|
|
18
|
+
{"filename":"firebase.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"apiKey: import.meta.env.VITE_FIREBASE_API_KEY || 'AIzaSyB0uWItoUyaozcnjntgG9kck6GJx84GQNY',\n authDomain: import.meta.env.VITE_FIREBASE_AUTH_DOMAIN || 'hardcore-synergy.firebaseapp.com',\n projectId: import.meta.env.VITE_FIREBASE_PROJECT_ID || 'hardcore-synergy',\n storageBucket: import.meta.env.VITE_FIREBASE_STORAGE_BUCKET || 'hardcore-synergy.firebasestorage.app',\n messagingSenderId: import.meta.env.VITE_FIREBASE_MESSAGING_SENDER_ID || '277466650255',\n appId: import.meta.env.VITE_FIREBASE_APP_ID || '1:277466650255:web:59e0aeeb3f36c9fde002fa',\n measurementId: import.meta.env.VITE_FIREBASE_MEASUREMENT_ID || 'G-NZ20RHHZR9'","explanation":"Firebase configuration contains hardcoded fallback values including API keys, project IDs, and app IDs. These credentials and environment-specific values are embedded directly in source code, creating security and deployment risks.","timestamp":"2026-05-20T15:39:52.438Z"}
|
|
19
|
+
{"filename":"firebase.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔥 Firebase Config Debug:');\nconsole.log(' - API Key:', firebaseConfig.apiKey ? '✓ Set' : '✗ MISSING');\nconsole.log(' - Auth Domain:', firebaseConfig.authDomain);\nconsole.log(' - Project ID:', firebaseConfig.projectId);\nconsole.log(' - Storage Bucket:', firebaseConfig.storageBucket);\nconsole.log(' - Messaging Sender ID:', firebaseConfig.messagingSenderId ? '✓ Set' : '✗ MISSING');\nconsole.log(' - App ID:', firebaseConfig.appId ? '✓ Set' : '✗ MISSING');\nconsole.log('✓ Firebase app initialized:', app.name);\nconsole.log('✓ Firebase services initialized (auth, db, storage)')","explanation":"Multiple debug console.log statements left in production code that log configuration details including potentially sensitive Firebase configuration values. These create noise in production logs and expose internal implementation details.","timestamp":"2026-05-20T15:39:52.439Z"}
|
|
20
|
+
{"filename":"Button.tsx","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import LoadingSpinner from './LoadingSpinner';","explanation":"Imports a LoadingSpinner component from a relative path that may not exist. This is a common AI pattern where it generates plausible component imports without verifying the file exists or the component has the expected API (size and color props).","timestamp":"2026-05-20T15:40:22.857Z"}
|
|
21
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await getWorkoutPrograms();\n if (response.success && response.data) {\n setPrograms(response.data.programs);\n } else {\n setError(response.error || 'Failed to fetch programs');\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to fetch programs');\n }","explanation":"Generic try-catch wrapping entire async operation with identical error handling for both API errors and exceptions. Both paths set the same generic error message without distinguishing between network failures, API errors, or validation issues.","timestamp":"2026-05-20T15:40:48.012Z"}
|
|
22
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await getClientWorkouts(currentUser.uid, completed);\n if (response.success && response.data) {\n setWorkouts(response.data.workouts);\n } else {\n setError(response.error || 'Failed to fetch workouts');\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to fetch workouts');\n }","explanation":"Identical pattern to above - generic try-catch with the same error handling for both API response errors and exceptions, both resulting in the same generic error message.","timestamp":"2026-05-20T15:40:48.014Z"}
|
|
23
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await assignWorkoutProgram(currentUser.uid, programId);\n if (response.success) {\n return { success: true, assignmentId: response.data?.assignmentId };\n } else {\n setError(response.error || 'Failed to assign program');\n return { success: false };\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to assign program');\n return { success: false };\n }","explanation":"Same pattern repeated - blanket try-catch with identical error handling for API errors and exceptions, both setting generic error messages.","timestamp":"2026-05-20T15:40:48.014Z"}
|
|
24
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await logWorkout(workoutId, log);\n if (response.success) {\n return { success: true, logId: response.data?.logId };\n } else {\n setError(response.error || 'Failed to log workout');\n return { success: false };\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to log workout');\n return { success: false };\n }","explanation":"Fourth instance of the same generic try-catch pattern with identical error handling for different error types.","timestamp":"2026-05-20T15:40:48.014Z"}
|
|
25
|
+
{"filename":"useSweatStarterWorkouts.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to listen to program:', error);","explanation":"Debug console.error statement left in production code that will clutter production logs and expose internal implementation details","timestamp":"2026-05-20T15:40:55.898Z"}
|
|
26
|
+
{"filename":"useSweatStarterWorkouts.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to listen to assignments:', error);","explanation":"Debug console.error statement left in production code that will clutter production logs and expose internal implementation details","timestamp":"2026-05-20T15:40:55.899Z"}
|
|
27
|
+
{"filename":"useSweatStarterWorkouts.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to listen to progress:', error);","explanation":"Debug console.error statement left in production code that will clutter production logs and expose internal implementation details","timestamp":"2026-05-20T15:40:55.899Z"}
|
|
28
|
+
{"filename":"WorkoutDetail.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch sweat starter workout:', error);","explanation":"Console.error statement left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T15:41:08.326Z"}
|
|
29
|
+
{"filename":"WorkoutDetail.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch workout:', error);","explanation":"Console.error statement left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T15:41:08.327Z"}
|
|
30
|
+
{"filename":"WorkoutDetail.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"} catch (error)","explanation":"Generic variable name 'error' used in catch block where a more specific name would improve readability in error handling contexts","timestamp":"2026-05-20T15:41:08.327Z"}
|
|
31
|
+
{"filename":"ProfileNotifications.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n // TODO: Implement notification preferences API call\n await new Promise((r) => setTimeout(r, 1000));\n setSaving(false);\n alert('Notification preferences saved!');\n navigate('/profile');\n };","explanation":"Function has complete UI scaffolding (loading state, success message, navigation) but the core business logic is a TODO comment with a fake delay. This will appear to work but never actually save user preferences.","timestamp":"2026-05-20T15:41:22.035Z"}
|
|
32
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"for (let i = weeks.length; i < newDuration; i++) {\n newWeeks.push(dayNames.map((name, index) => ({\n day: index + 1,\n dayName: name,","explanation":"Loop variable 'i' is generic in a context where 'weekIndex' would be more descriptive. The 'index' variable in the map callback could be 'dayIndex' to clarify it represents day position.","timestamp":"2026-05-20T15:41:38.360Z"}
|
|
33
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const newWeeks = [...weeks];\n for (let i = 0; i < newWeeks.length; i++) {\n if (i !== fromWeek) {\n newWeeks[i] = newWeeks[fromWeek].map(day => ({ ...day }));","explanation":"Loop variable 'i' is generic when 'weekIndex' would communicate intent more clearly in this week-copying function.","timestamp":"2026-05-20T15:41:38.361Z"}
|
|
34
|
+
{"filename":"TrainerIntakes.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const mockIntakes: PendingIntake[] = [\n {\n id: '1',\n clientName: 'Emma Wilson',\n email: 'emma@example.com',\n tier: 'body-blueprint',\n submittedAt: new Date(Date.now() - 2 * 60 * 60 * 1000),\n primaryGoal: 'lose-fat',\n },\n // ... more hardcoded data\n];","explanation":"Mock data with hardcoded email addresses and client information is embedded directly in the source code. While these appear to be example.com emails, this pattern creates a maintenance burden and could accidentally expose real data if copied and modified carelessly.","timestamp":"2026-05-20T15:41:56.309Z"}
|
|
35
|
+
{"filename":"TrainerIntakes.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"await new Promise((r) => setTimeout(r, 500));","explanation":"Hardcoded 500ms delay embedded in the fetch function. This magic number has no explanation and will need to be changed for different environments (testing, production).","timestamp":"2026-05-20T15:41:56.310Z"}
|
|
36
|
+
{"filename":"TrainerClients.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const mockClients: ClientProfile[] = [\n {\n id: '1',\n odiserId: 'user1',\n displayName: 'Sarah Mitchell',\n email: 'sarah@example.com',\n subscriptionTier: 'body-blueprint',\n status: 'active',\n lastActivity: new Date(Date.now() - 2 * 60 * 60 * 1000),\n createdAt: new Date('2024-01-15'),\n updatedAt: new Date(),\n },","explanation":"Hardcoded mock data with realistic-looking email addresses and user data embedded directly in the component. This creates maintenance debt and could accidentally expose real-looking test data patterns.","timestamp":"2026-05-20T15:42:12.010Z"}
|
|
37
|
+
{"filename":"TrainerClients.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"const fetchClients = async () => {\n setLoading(true);\n setLoadError(null);\n\n if (isDemo) {\n await new Promise((r) => setTimeout(r, 300));\n setClients(mockClients);\n setLoading(false);\n return;\n }\n\n if (!currentUser) {\n setClients([]);\n setLoading(false);\n return;\n }\n\n const res = await getTrainerClients(currentUser.uid);\n if (res.success && res.data?.clients) {","explanation":"The async function calls getTrainerClients() without any try-catch, but handles errors through a response object pattern. If getTrainerClients throws an exception (network error, etc.), it will be unhandled and crash the component.","timestamp":"2026-05-20T15:42:12.011Z"}
|
|
38
|
+
{"filename":"NutritionHistory.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch nutrition logs:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially expose internal implementation details","timestamp":"2026-05-20T15:42:22.993Z"}
|
|
39
|
+
{"filename":"AdminWorkoutPrograms.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch programs:', error);","explanation":"Production code contains console.error logging that will appear in browser console and production logs, potentially exposing internal error details","timestamp":"2026-05-20T15:42:37.984Z"}
|
|
40
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn('OrderBy failed, fetching without order:', orderError);","explanation":"Debug console statement left in production code that logs internal Firebase errors","timestamp":"2026-05-20T15:42:56.173Z"}
|
|
41
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch content:', error);","explanation":"Debug console statement left in production code that may log sensitive error details","timestamp":"2026-05-20T15:42:56.174Z"}
|
|
42
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to load content:', error);","explanation":"Debug console statement left in production code that may log sensitive error details","timestamp":"2026-05-20T15:42:56.174Z"}
|
|
43
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Upload error:', error);","explanation":"Debug console statement left in production code that may log sensitive upload error details","timestamp":"2026-05-20T15:42:56.174Z"}
|
|
44
|
+
{"filename":"index.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"odiserId: string;","explanation":"The field name 'odiserId' appears to be a typo or generic placeholder - should likely be 'userId' based on context and other similar fields in the codebase","timestamp":"2026-05-20T16:07:56.073Z"}
|
|
45
|
+
{"filename":"populateSweatStarterTest.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔍 Finding \"Sweat Starter Test 1\" program...');\nconsole.log('✓ Found program:', (targetProgram as any).id);\nconsole.log('🔍 Fetching exercises from library...');\nconsole.log(`✓ Found ${exercises.length} exercises`);\nconsole.log(`✓ Created ${workouts.length} workouts`);\nconsole.log('✅ Successfully populated \"Sweat Starter Test 1\" program!');\nconsole.log(` - ${totalWeeks} weeks`);\nconsole.log(` - ${workoutsPerWeek} workouts per week`);\nconsole.log(` - ${totalWorkouts} total workouts`);\nconsole.log(` - 2 exercises per workout`);","explanation":"Multiple console.log statements throughout the function that appear to be debug/status logging left in production code. While this is a script, these logs clutter output and suggest AI-generated debugging scaffolding.","timestamp":"2026-05-20T16:08:05.707Z"}
|
|
46
|
+
{"filename":"populateSweatStarterTest.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"programsSnapshot.docs.forEach(doc => {\n const data = doc.data() as any;\n if (data.name === 'Sweat Starter Test 1') {","explanation":"Generic variable name 'data' used for what is specifically workout program data. This makes the code less readable and is a common AI pattern.","timestamp":"2026-05-20T16:08:05.707Z"}
|
|
47
|
+
{"filename":"videoThumbnail.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const maxW = options?.maxWidth ?? 1280;","explanation":"Variable abbreviated to 'maxW' instead of a clear descriptive name in non-trivial video processing context","timestamp":"2026-05-20T16:08:13.335Z"}
|
|
48
|
+
{"filename":"videoThumbnail.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const dur = video.duration;","explanation":"Variable abbreviated to 'dur' instead of clear 'duration' in complex video timing logic","timestamp":"2026-05-20T16:08:13.335Z"}
|
|
49
|
+
{"filename":"videoThumbnail.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const vw = video.videoWidth;\n const vh = video.videoHeight;","explanation":"Variables abbreviated to 'vw' and 'vh' instead of descriptive names in dimension calculation logic","timestamp":"2026-05-20T16:08:13.336Z"}
|
|
50
|
+
{"filename":"videoThumbnail.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"let dw = vw;\n let dh = vh;","explanation":"Variables abbreviated to 'dw' and 'dh' instead of descriptive names like 'displayWidth' and 'displayHeight'","timestamp":"2026-05-20T16:08:13.336Z"}
|
|
51
|
+
{"filename":"stripe.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const fallbackKey = 'pk_test_51SrKL12EWDoWzTlbooO1c6Y3k1oMpjc2JAk266LPVK6TGgRPthyf4eeGjhFh6lDGeZEz3YxDxDUhQ4wBcnemfU1v00BKalQrEu';","explanation":"Stripe publishable key hardcoded directly in source code. Even though publishable keys are less sensitive than secret keys, they should still be externalized to avoid version control coupling and environment management issues.","timestamp":"2026-05-20T16:08:25.584Z"}
|
|
52
|
+
{"filename":"stripe.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔑 Loading Stripe with key:', STRIPE_PUBLISHABLE_KEY.substring(0, 20) + '...');\n console.log('🔑 Key length:', STRIPE_PUBLISHABLE_KEY.length);\n console.log('🔑 Key starts with pk_test_:', STRIPE_PUBLISHABLE_KEY.startsWith('pk_test_'));\n console.log('🔑 Full key (for debugging):', STRIPE_PUBLISHABLE_KEY);","explanation":"Debug console.log statements left in production code, including one that logs the full Stripe key. While publishable keys are less sensitive, this creates log noise and reveals implementation details in production.","timestamp":"2026-05-20T16:08:25.584Z"}
|
|
53
|
+
{"filename":"stripe.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"'sweat-starter': import.meta.env.VITE_STRIPE_PRICE_SWEAT_STARTER || 'price_1SuKsG2EWDoWzTlbwUA9bdpb',","explanation":"Stripe price ID hardcoded as fallback value. Price IDs are environment-specific configuration that should not be embedded in source code.","timestamp":"2026-05-20T16:08:25.585Z"}
|
|
54
|
+
{"filename":"nutritionUtils.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"export function macroDelta(consumed: number, target: number): {\n pct: number;\n over: boolean;\n under: boolean;\n diff: number;\n label: string;\n} {\n if (target <= 0) {\n return { pct: 0, over: false, under: false, diff: 0, label: '' };\n }\n const pct = Math.round((consumed / target) * 100);\n const diff = consumed - target;\n const over = diff > 0;\n const under = diff < 0;\n const abs = Math.abs(diff);\n let label = 'On target';\n if (over) label = `+${abs} over`;\n else if (under) label = `${abs} under`;\n return { pct, over, under, diff, label };\n}\n\nexport function macroDeltaGrams(consumed: number, target: number): {\n pct: number;\n over: boolean;\n under: boolean;\n diff: number;\n label: string;\n} {\n if (target <= 0) {\n return { pct: 0, over: false, under: false, diff: 0, label: '' };\n }\n const pct = Math.round((consumed / target) * 100);\n const diff = Math.round((consumed - target) * 10) / 10;\n const over = diff > 0;\n const under = diff < 0;\n const abs = Math.abs(diff);\n let label = 'On target';\n if (over) label = `+${abs}g over`;\n else if (under) label = `${abs}g under`;\n return { pct, over, under, diff, label };\n}","explanation":"Two nearly identical functions with the same signature and return type, differing only in decimal rounding and adding 'g' to the label. The abstraction creates unnecessary code duplication instead of parameterizing the difference.","timestamp":"2026-05-20T16:08:34.334Z"}
|
|
55
|
+
{"filename":"firebase.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":" apiKey: import.meta.env.VITE_FIREBASE_API_KEY || 'AIzaSyB0uWItoUyaozcnjntgG9kck6GJx84GQNY',\n authDomain: import.meta.env.VITE_FIREBASE_AUTH_DOMAIN || 'hardcore-synergy.firebaseapp.com',\n projectId: import.meta.env.VITE_FIREBASE_PROJECT_ID || 'hardcore-synergy',\n storageBucket: import.meta.env.VITE_FIREBASE_STORAGE_BUCKET || 'hardcore-synergy.firebasestorage.app',\n messagingSenderId: import.meta.env.VITE_FIREBASE_MESSAGING_SENDER_ID || '277466650255',\n appId: import.meta.env.VITE_FIREBASE_APP_ID || '1:277466650255:web:59e0aeeb3f36c9fde002fa',\n measurementId: import.meta.env.VITE_FIREBASE_MEASUREMENT_ID || 'G-NZ20RHHZR9',","explanation":"Real Firebase API keys and configuration values are hardcoded as fallbacks. This exposes production credentials in source code which will leak via git history and any public repositories.","timestamp":"2026-05-20T16:08:48.154Z"}
|
|
56
|
+
{"filename":"firebase.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔥 Firebase Config Debug:');\nconsole.log(' - API Key:', firebaseConfig.apiKey ? '✓ Set' : '✗ MISSING');\nconsole.log(' - Auth Domain:', firebaseConfig.authDomain);\nconsole.log(' - Project ID:', firebaseConfig.projectId);\nconsole.log(' - Storage Bucket:', firebaseConfig.storageBucket);\nconsole.log(' - Messaging Sender ID:', firebaseConfig.messagingSenderId ? '✓ Set' : '✗ MISSING');\nconsole.log(' - App ID:', firebaseConfig.appId ? '✓ Set' : '✗ MISSING');","explanation":"Debug console.log statements left in production code. These will clutter production logs and potentially expose configuration details in browser console or server logs.","timestamp":"2026-05-20T16:08:48.155Z"}
|
|
57
|
+
{"filename":"firebase.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('✓ Firebase app initialized:', app.name);","explanation":"Production console.log statement logging Firebase app initialization details.","timestamp":"2026-05-20T16:08:48.156Z"}
|
|
58
|
+
{"filename":"firebase.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('✓ Firebase services initialized (auth, db, storage)');","explanation":"Production console.log statement logging service initialization details.","timestamp":"2026-05-20T16:08:48.156Z"}
|
|
59
|
+
{"filename":"api.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to get auth token:', error);","explanation":"Console.error statement left in production code that logs authentication errors, potentially exposing sensitive information about auth failures","timestamp":"2026-05-20T16:09:01.248Z"}
|
|
60
|
+
{"filename":"api.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn(`API endpoint ${endpoint} returned non-JSON response (${contentType}). This endpoint may not exist.`);","explanation":"Console.warn statement left in production code that logs API endpoint information and content types, creating noise in production logs","timestamp":"2026-05-20T16:09:01.249Z"}
|
|
61
|
+
{"filename":"api.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error(`API call to ${endpoint} failed:`, error);","explanation":"Console.error statement left in production code that logs API call failures with potentially sensitive endpoint information","timestamp":"2026-05-20T16:09:01.249Z"}
|
|
62
|
+
{"filename":"api.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n // Get auth token for authenticated requests\n const token = await getAuthToken();\n // ... entire apiCall function body\n } catch (error) {\n console.error(`API call to ${endpoint} failed:`, error);\n return {\n success: false,\n error: error instanceof Error ? error.message : 'An error occurred',\n };\n }","explanation":"Blanket try-catch around entire function body with generic error handling, masking different types of errors (network, auth, parsing) that might need distinct handling","timestamp":"2026-05-20T16:09:01.249Z"}
|
|
63
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await getWorkoutPrograms();\n if (response.success && response.data) {\n setPrograms(response.data.programs);\n } else {\n setError(response.error || 'Failed to fetch programs');\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to fetch programs');\n }","explanation":"Generic try/catch with same error handling for both API response errors and network/runtime errors. Both paths set the same generic error message.","timestamp":"2026-05-20T16:09:15.515Z"}
|
|
64
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await getClientWorkouts(currentUser.uid, completed);\n if (response.success && response.data) {\n setWorkouts(response.data.workouts);\n } else {\n setError(response.error || 'Failed to fetch workouts');\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to fetch workouts');\n }","explanation":"Same pattern repeated - generic try/catch that treats all errors the same way with identical error messages for different failure modes.","timestamp":"2026-05-20T16:09:15.516Z"}
|
|
65
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await assignWorkoutProgram(currentUser.uid, programId);\n if (response.success) {\n return { success: true, assignmentId: response.data?.assignmentId };\n } else {\n setError(response.error || 'Failed to assign program');\n return { success: false };\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to assign program');\n return { success: false };\n }","explanation":"Third instance of the same generic error handling pattern - no differentiation between error types that might need different user-facing messages or recovery strategies.","timestamp":"2026-05-20T16:09:15.516Z"}
|
|
66
|
+
{"filename":"useWorkouts.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const response = await logWorkout(workoutId, log);\n if (response.success) {\n return { success: true, logId: response.data?.logId };\n } else {\n setError(response.error || 'Failed to log workout');\n return { success: false };\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to log workout');\n return { success: false };\n }","explanation":"Fourth repetition of identical error handling pattern. All four hooks use the exact same try/catch structure with generic fallback messages.","timestamp":"2026-05-20T16:09:15.516Z"}
|
|
67
|
+
{"filename":"useSweatStarterWorkouts.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to listen to program:', error);","explanation":"Debug console error statements left in production code that will clutter production logs with Firebase listener errors","timestamp":"2026-05-20T16:09:21.932Z"}
|
|
68
|
+
{"filename":"useSweatStarterWorkouts.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to listen to assignments:', error);","explanation":"Debug console error statements left in production code that will clutter production logs with Firebase listener errors","timestamp":"2026-05-20T16:09:21.933Z"}
|
|
69
|
+
{"filename":"useSweatStarterWorkouts.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to listen to progress:', error);","explanation":"Debug console error statements left in production code that will clutter production logs with Firebase listener errors","timestamp":"2026-05-20T16:09:21.933Z"}
|
|
70
|
+
{"filename":"useProgress.ts","pattern_id":"010","pattern_name":"async-misuse","severity":"high","code_snippet":"const stats = {\n currentWeight: latestEntry?.weight,\n startingWeight: firstEntry?.weight,\n weightChange: latestEntry && previousEntry\n ? latestEntry.weight! - previousEntry.weight!\n : 0,\n totalChange: latestEntry && firstEntry\n ? latestEntry.weight! - firstEntry.weight!\n : 0,\n entriesCount: entries.length,\n averageEnergy: entries.length > 0\n ? entries.reduce((sum, e) => sum + (e.energyLevel || 0), 0) / entries.length\n : 0,\n };","explanation":"The code uses non-null assertion operator (!) on optional weight properties without checking if they exist, which could cause runtime errors if weight is undefined","timestamp":"2026-05-20T16:09:27.939Z"}
|
|
71
|
+
{"filename":"DemoDataContext.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const demoExercises: WorkoutExercise[] = [","explanation":"Variable name 'demoExercises' uses generic 'demo' prefix when it specifically contains lower body exercises based on the content (hip thrust, deadlift, squats). This makes it unclear when 'upperExercises' is defined later.","timestamp":"2026-05-20T16:09:41.955Z"}
|
|
72
|
+
{"filename":"DemoDataContext.tsx","pattern_id":"012","pattern_name":"over-engineered-simple","severity":"medium","code_snippet":"interface DemoDataContextType {\n demoClient: DemoClientData;\n updateDemoClient: (updates: Partial<DemoClientData>) => void;\n assignWorkout: (workout: Workout, scheduledDate: Date) => void;\n assignMealPlan: (mealPlan: MealPlan) => void;\n completeWorkout: (workoutId: string, duration: number) => void;\n logProgress: (entry: Omit<ProgressEntry, 'id' | 'clientId' | 'date'>) => void;\n resetDemoData: () => void;\n}","explanation":"Complex context interface with multiple specialized methods for what appears to be demo/mock data. This creates unnecessary abstraction layers for demonstration purposes when simpler mock data objects would suffice.","timestamp":"2026-05-20T16:09:41.957Z"}
|
|
73
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🔄 Initializing Firebase...');\n // ...\n console.log('✓ Firebase initialized successfully');\n console.log(' - Auth:', auth ? '✓' : '✗');\n console.log(' - Firestore:', db ? '✓' : '✗');\n console.log(' - Google Provider:', googleProvider ? '✓' : '✗');","explanation":"Multiple console.log statements left in production code that will clutter production logs with implementation details about Firebase initialization status","timestamp":"2026-05-20T16:09:55.967Z"}
|
|
74
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('❌ Firebase initialization failed:', firebaseError);\n console.error(' Full error:', e);\n console.warn(' Running in demo mode. To fix:');\n console.warn(' 1. Create .env file in project root');\n console.warn(' 2. Add VITE_FIREBASE_API_KEY=your-api-key');\n console.warn(' 3. Restart the dev server');","explanation":"Console statements providing setup instructions that should not appear in production logs, revealing internal configuration details","timestamp":"2026-05-20T16:09:55.968Z"}
|
|
75
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(' 📄 Fetching profile for:', userId);","explanation":"Debug console.log statement logging user IDs in production, which could expose sensitive user data in logs","timestamp":"2026-05-20T16:09:55.969Z"}
|
|
76
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn(' ⚠️ Firestore not available');","explanation":"Console warning left in production code that reveals internal state about database availability","timestamp":"2026-05-20T16:09:55.969Z"}
|
|
77
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(' 👑 Admin email detected, setting role to admin');","explanation":"Console.log revealing role assignment logic and potentially sensitive email information in production logs","timestamp":"2026-05-20T16:09:55.991Z"}
|
|
78
|
+
{"filename":"ProtectedRoute.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const coachedTiers = ['body-blueprint', 'peach-elite'];","explanation":"Business tier configuration is hardcoded in component logic. Adding new tiers or changing tier names requires code changes rather than config updates.","timestamp":"2026-05-20T16:10:03.617Z"}
|
|
79
|
+
{"filename":"PaymentForm.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const FUNCTION_URL = 'https://us-central1-hardcore-synergy.cloudfunctions.net/createSubscription';","explanation":"Cloud function URL is hardcoded with a specific project ID and deployment region, making this code environment-specific and impossible to deploy to staging/dev without code changes","timestamp":"2026-05-20T16:10:14.463Z"}
|
|
80
|
+
{"filename":"PaymentForm.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const card = elements.getElement(CardElement);\n // ... entire payment flow ...\n } catch (err) {\n const message = err instanceof Error ? err.message : 'An error occurred';\n setError(message);\n onError(message);\n }","explanation":"Single try-catch wraps the entire payment flow including authentication, payment method creation, backend API call, and payment confirmation. Different error types need distinct handling - auth errors, network errors, and payment failures should be handled differently","timestamp":"2026-05-20T16:10:14.463Z"}
|
|
81
|
+
{"filename":"NutritionChatWidget.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('estimateMacrosClientSide called with:', description, '-> lowercase:', lowerDesc);","explanation":"Debug console.log statement left in production code that logs internal state and function parameters","timestamp":"2026-05-20T16:10:22.835Z"}
|
|
82
|
+
{"filename":"NutritionChatWidget.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to load chat history:', error);","explanation":"Console.error statement in production code - should use proper error logging","timestamp":"2026-05-20T16:10:22.836Z"}
|
|
83
|
+
{"filename":"ExercisePicker.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch exercises:', error);","explanation":"Debug console.error statement left in production code that will log full error objects to browser console, potentially exposing internal Firebase configuration or sensitive error details","timestamp":"2026-05-20T16:10:35.312Z"}
|
|
84
|
+
{"filename":"Button.tsx","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import LoadingSpinner from './LoadingSpinner';","explanation":"Imports a component './LoadingSpinner' that is used in the code but may not exist. This is a common AI pattern of importing plausible-sounding components without verifying they exist in the project structure.","timestamp":"2026-05-20T16:10:48.201Z"}
|
|
85
|
+
{"filename":"WorkoutHistory.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch workout history:', error);","explanation":"Debug console.error statement left in production code that will clutter production logs and potentially leak internal error details","timestamp":"2026-05-20T16:11:01.740Z"}
|
|
86
|
+
{"filename":"WorkoutDetail.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch sweat starter workout:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially leak implementation details about sweat starter workout fetching","timestamp":"2026-05-20T16:11:07.480Z"}
|
|
87
|
+
{"filename":"WorkoutDetail.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch workout:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially leak implementation details about workout fetching","timestamp":"2026-05-20T16:11:07.480Z"}
|
|
88
|
+
{"filename":"WorkoutBrowser.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch workouts:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T16:11:11.808Z"}
|
|
89
|
+
{"filename":"TrainerWorkoutTemplates.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const fetchTemplates = async () => {\n setLoading(true);\n await new Promise((r) => setTimeout(r, 500));\n setTemplates(mockTemplates);\n setLoading(false);\n };","explanation":"Function simulates async data fetching with a hardcoded delay and mock data, but the rest of the component treats it as if it's making real API calls. This will break when integrated with a real backend.","timestamp":"2026-05-20T16:11:17.764Z"}
|
|
90
|
+
{"filename":"TrainerWorkoutTemplateNew.tsx","pattern_id":"012","pattern_name":"over-engineered-simple","severity":"medium","code_snippet":"const mockTemplateData: Record<string, {\n title: string;\n description: string;\n category: string;\n focusAreas: string[];\n difficulty: string;\n duration: number;\n equipment: string[];\n warmUps: WarmUpItem[];\n exercises: ExerciseItem[];\n finishers: FinisherItem[];\n}> = {","explanation":"Complex Record type definition for what is essentially a simple lookup object with 2 items. The verbose type annotation provides no value since TypeScript can infer the structure from the object literal.","timestamp":"2026-05-20T16:11:26.360Z"}
|
|
91
|
+
{"filename":"TrainerWorkoutTemplateNew.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const [duration, setDuration] = useState(35);","explanation":"Default workout duration of 35 minutes is hardcoded. This configuration value should be externalized to allow different defaults per user type or configurable by admins.","timestamp":"2026-05-20T16:11:26.361Z"}
|
|
92
|
+
{"filename":"TrainerWorkoutPrograms.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch programs:', error);","explanation":"Console.error statement left in production code that will clutter production logs and potentially leak implementation details","timestamp":"2026-05-20T16:11:31.890Z"}
|
|
93
|
+
{"filename":"TrainerWorkoutPrograms.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to delete program:', error);","explanation":"Console.error statement left in production code that will clutter production logs and potentially leak implementation details","timestamp":"2026-05-20T16:11:31.891Z"}
|
|
94
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"for (let i = weeks.length; i < newDuration; i++) {","explanation":"Generic loop variable 'i' used in context where 'weekIndex' would be more descriptive","timestamp":"2026-05-20T16:11:41.069Z"}
|
|
95
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"for (let i = 0; i < newWeeks.length; i++) {","explanation":"Generic loop variable 'i' used in context where 'weekIndex' would be more descriptive","timestamp":"2026-05-20T16:11:41.069Z"}
|
|
96
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"if (i !== fromWeek) {","explanation":"Generic variable 'i' used where 'weekIndex' would be clearer","timestamp":"2026-05-20T16:11:41.069Z"}
|
|
97
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"newWeeks[i] = newWeeks[fromWeek].map(day => ({ ...day }));","explanation":"Generic variable 'i' used where 'weekIndex' would be clearer","timestamp":"2026-05-20T16:11:41.069Z"}
|
|
98
|
+
{"filename":"TrainerWorkoutProgramNew.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"exercises: currentWorkout.exercises.filter((_, i) => i !== index),","explanation":"Generic parameter 'i' in filter callback where 'exerciseIndex' would be more descriptive","timestamp":"2026-05-20T16:11:41.069Z"}
|
|
99
|
+
{"filename":"TrainerWorkoutProgramDetail.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const mockPrograms: Record<string, WorkoutProgram & { weeks: { day: number; workout: DetailedWorkout | null }[][] }> = {\n '4': {\n id: '4',\n name: 'Basic Muscle-Building (At Home)',\n description: 'Build lean muscle and strength...',\n // ... entire hardcoded workout program structure","explanation":"Large hardcoded workout program data structure embedded directly in component code with specific exercise names, reps, durations, and program details that should be externalized","timestamp":"2026-05-20T16:11:50.646Z"}
|
|
100
|
+
{"filename":"TrainerWorkoutProgramDetail.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const mockPrograms: Record<string, WorkoutProgram & { weeks: { day: number; workout: DetailedWorkout | null }[][] }>","explanation":"Variable named 'mockPrograms' uses generic 'mock' prefix when it contains specific workout program data that could have a more descriptive domain name","timestamp":"2026-05-20T16:11:50.647Z"}
|
|
101
|
+
{"filename":"TrainerProfile.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const [phone, setPhone] = useState('555-0123');","explanation":"Hardcoded phone number '555-0123' is a placeholder value that should come from user profile data or be empty initially","timestamp":"2026-05-20T16:12:01.293Z"}
|
|
102
|
+
{"filename":"TrainerProfile.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const [bio, setBio] = useState('Certified personal trainer with 5+ years of experience specializing in body recomposition and strength training.');","explanation":"Hardcoded bio text as default value should come from user profile data or be empty for user input","timestamp":"2026-05-20T16:12:01.294Z"}
|
|
103
|
+
{"filename":"TrainerProfile.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n await new Promise((r) => setTimeout(r, 1000));\n // TODO: API call to save profile\n setSaving(false);\n };","explanation":"Function has complete error handling structure but core business logic (saving profile) is a TODO stub with fake delay","timestamp":"2026-05-20T16:12:01.294Z"}
|
|
104
|
+
{"filename":"TrainerMessages.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"await new Promise((r) => setTimeout(r, 500));","explanation":"Promise resolver callback parameter is named 'r' instead of a descriptive name like 'resolve'","timestamp":"2026-05-20T16:12:08.090Z"}
|
|
105
|
+
{"filename":"TrainerMessages.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const filteredConversations = conversations.filter((c) =>\n c.clientName.toLowerCase().includes(searchQuery.toLowerCase())\n );","explanation":"Loop variable named 'c' when iterating over conversations - should be more descriptive","timestamp":"2026-05-20T16:12:08.091Z"}
|
|
106
|
+
{"filename":"TrainerMessages.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const selectedClient = conversations.find((c) => c.id === selectedConversation);","explanation":"Loop variable named 'c' when iterating over conversations - should be more descriptive","timestamp":"2026-05-20T16:12:08.091Z"}
|
|
107
|
+
{"filename":"TrainerMealTemplates.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const filteredPlans = mealPlans.filter((p) =>","explanation":"Loop variable 'p' is generic when iterating over a typed collection of meal plans. 'plan' would be more descriptive.","timestamp":"2026-05-20T16:12:14.130Z"}
|
|
108
|
+
{"filename":"TrainerMealTemplates.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const res = await getMealPlanTemplates();","explanation":"Variable 'res' is a generic name for what is specifically a meal plan templates API response.","timestamp":"2026-05-20T16:12:14.130Z"}
|
|
109
|
+
{"filename":"TrainerMealPlanNew.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"targetCalories: '2000',\n targetProtein: '150',\n targetCarbs: '200',\n targetFat: '65',","explanation":"Default macro values are hardcoded in the component state. These nutritional targets should come from configuration or business logic rather than being embedded in the UI component.","timestamp":"2026-05-20T16:12:22.528Z"}
|
|
110
|
+
{"filename":"TrainerMealPlanNew.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"targetCalories: Number(form.targetCalories) || 2000,\n targetProtein: Number(form.targetProtein) || 150,\n targetCarbs: Number(form.targetCarbs) || 200,\n targetFat: Number(form.targetFat) || 65,","explanation":"Fallback macro values are duplicated and hardcoded in the submission logic. These magic numbers should be constants or come from configuration to ensure consistency and maintainability.","timestamp":"2026-05-20T16:12:22.529Z"}
|
|
111
|
+
{"filename":"TrainerIntakes.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const mockIntakes: PendingIntake[] = [\n {\n id: '1',\n clientName: 'Emma Wilson',\n email: 'emma@example.com',\n tier: 'body-blueprint',\n submittedAt: new Date(Date.now() - 2 * 60 * 60 * 1000),\n primaryGoal: 'lose-fat',\n },\n // ... more mock data","explanation":"Mock data with hardcoded emails and configuration values embedded directly in the component. This creates coupling between test data and production code.","timestamp":"2026-05-20T16:12:31.849Z"}
|
|
112
|
+
{"filename":"TrainerIntakes.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const fetchIntakes = async () => {\n setLoading(true);\n await new Promise((r) => setTimeout(r, 500));\n setIntakes(mockIntakes);\n setLoading(false);\n};","explanation":"Function has complete async structure with loading states but core logic is just a setTimeout delay returning mock data. This will appear to work but provides no real data fetching.","timestamp":"2026-05-20T16:12:31.850Z"}
|
|
113
|
+
{"filename":"TrainerIntakeReview.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const fetchData = async () => {\n setLoading(true);\n await new Promise((r) => setTimeout(r, 500));\n setIntakeData(mockIntakeData);\n setLoading(false);\n };","explanation":"The fetchData function has the structure of a real API call (async, loading states, error handling pattern) but only contains a setTimeout and uses mock data. This creates the illusion of working functionality while being a stub.","timestamp":"2026-05-20T16:12:42.298Z"}
|
|
114
|
+
{"filename":"TrainerIntakeReview.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"setSubmitting(true);\n await new Promise((r) => setTimeout(r, 1000));\n // TODO: API call to approve intake\n navigate('/trainer/intakes');","explanation":"The handleApprove function has complete error handling and loading states but contains only a setTimeout and TODO comment instead of the actual approval logic. This will appear to work in testing but do nothing in production.","timestamp":"2026-05-20T16:12:42.299Z"}
|
|
115
|
+
{"filename":"TrainerDemoClientDetail.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"demoClient.assignedWorkouts.filter(w => w.id !== workoutId)","explanation":"Loop variable 'w' is generic when iterating over a typed collection of workouts. 'workout' would be more descriptive.","timestamp":"2026-05-20T16:12:46.856Z"}
|
|
116
|
+
{"filename":"TrainerDashboard.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const fetchData = async () => {\n setLoading(true);\n // TODO: Replace with actual API calls\n await new Promise((r) => setTimeout(r, 500));\n \n setStats({\n activeClients: 12,\n pendingIntakes: 3,\n pendingCheckins: 5,\n unreadMessages: 8,\n });\n\n setRecentActivity([\n {\n id: '1',\n type: 'workout',\n clientName: 'Sarah M.',\n description: 'Completed Lower Body Power',\n timestamp: new Date(Date.now() - 30 * 60 * 1000),\n },\n // ... more hardcoded activity items\n ]);","explanation":"Function has complete structure and error handling but core business logic (API calls) is stubbed with hardcoded mock data and a TODO comment. The dashboard will display fake data instead of real trainer statistics.","timestamp":"2026-05-20T16:12:54.087Z"}
|
|
117
|
+
{"filename":"TrainerClients.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const res = await getTrainerClients(currentUser.uid);","explanation":"Variable 'res' is a generic name that doesn't communicate what type of response or data it contains","timestamp":"2026-05-20T16:12:59.795Z"}
|
|
118
|
+
{"filename":"TrainerClients.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"res.data.clients.map((c) => ({","explanation":"Parameter 'c' in the map function is generic when iterating over a typed collection of clients","timestamp":"2026-05-20T16:12:59.795Z"}
|
|
119
|
+
{"filename":"TrainerClientDetail.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const res = await getTrainerClient(currentUser.uid, id);","explanation":"Variable 'res' is a generic name that doesn't communicate what kind of response this is - it's specifically a trainer client fetch response","timestamp":"2026-05-20T16:13:07.170Z"}
|
|
120
|
+
{"filename":"TrainerClientDetail.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const c = res.data;","explanation":"Variable 'c' is a single-letter generic name that doesn't communicate it represents client data","timestamp":"2026-05-20T16:13:07.172Z"}
|
|
121
|
+
{"filename":"TrainerClientDetail.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"await new Promise((r) => setTimeout(r, 300));","explanation":"Parameter 'r' is a generic name in the Promise resolve callback - while common in this pattern, 'resolve' would be clearer","timestamp":"2026-05-20T16:13:07.172Z"}
|
|
122
|
+
{"filename":"TrainerCheckins.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"{[...Array(5)].map((_, i) => (","explanation":"Using generic variable name 'i' for array index in loading skeleton generation where 'skeletonIndex' would be more descriptive","timestamp":"2026-05-20T16:13:15.480Z"}
|
|
123
|
+
{"filename":"TrainerCheckins.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"await new Promise((r) => setTimeout(r, 500));","explanation":"Hardcoded 500ms delay for simulating API loading time should be configurable or removed in production","timestamp":"2026-05-20T16:13:15.482Z"}
|
|
124
|
+
{"filename":"TrainerCheckins.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"{[...Array(5)].map((_, i) => (","explanation":"Hardcoded number of skeleton loading items (5) should match expected data size or be configurable","timestamp":"2026-05-20T16:13:15.482Z"}
|
|
125
|
+
{"filename":"TrainerCheckinReview.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"// TODO: API call to submit review","explanation":"The handleSubmit function appears complete with error handling and loading states, but the core functionality (submitting the review) is just a TODO comment. This will silently fail to save review data in production.","timestamp":"2026-05-20T16:13:24.096Z"}
|
|
126
|
+
{"filename":"TrainerCheckinReview.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"progressPhotos: {\n front: 'https://placehold.co/400x600/e0e7ff/6366f1?text=Front',\n side: 'https://placehold.co/400x600/e0e7ff/6366f1?text=Side',\n }","explanation":"Hardcoded placeholder URLs in mock data that could accidentally make it to production, creating broken image links.","timestamp":"2026-05-20T16:13:24.097Z"}
|
|
127
|
+
{"filename":"ProgressTracking.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Setting entries:', limitedEntries.length, 'entries for user', userId);","explanation":"Debug logging statement left in production code that logs user ID and entry count details","timestamp":"2026-05-20T16:13:31.151Z"}
|
|
128
|
+
{"filename":"ProgressTracking.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Setting up real-time listener for progress entries (fetching all, filtering client-side), userId:', userId);","explanation":"Debug logging statement left in production code that logs user ID and implementation details","timestamp":"2026-05-20T16:13:31.152Z"}
|
|
129
|
+
{"filename":"ProgressTracking.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Progress entries updated from Firestore:', snapshot.docs.length, 'total entries');","explanation":"Debug logging statement left in production code that logs database query details","timestamp":"2026-05-20T16:13:31.152Z"}
|
|
130
|
+
{"filename":"Measurements.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch measurements:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T16:13:41.652Z"}
|
|
131
|
+
{"filename":"Measurements.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n // Try to get latest measurements from Firestore\n if (db) {\n const entriesRef = collection(db, 'progressEntries');\n const q = query(\n entriesRef,\n where('clientId', '==', currentUser.uid)\n );\n \n const snapshot = await getDocs(q);\n // Sort by date descending client-side\n const sortedDocs = snapshot.docs.sort((a, b) => {\n const dateA = a.data().date?.toDate() || new Date(0);\n const dateB = b.data().date?.toDate() || new Date(0);\n return dateB.getTime() - dateA.getTime();\n });\n // Find the first entry with measurements\n for (const docSnap of sortedDocs.slice(0, 30)) {\n const data = docSnap.data();\n const measurements = data.measurements;\n if (measurements && (measurements.chest || measurements.waist || measurements.hips)) {\n setLatestMeasurements(measurements);\n setFormData({\n chest: measurements.chest?.toString() || '',\n waist: measurements.waist?.toString() || '',\n hips: measurements.hips?.toString() || '',\n glutes: measurements.glutes?.toString() || '',\n leftBicep: measurements.leftBicep?.toString() || '',\n rightBicep: measurements.rightBicep?.toString() || '',\n leftThigh: measurements.leftThigh?.toString() || '',\n rightThigh: measurements.rightThigh?.toString() || '',\n });\n break;\n }\n }\n }\n } catch (error) {\n console.error('Failed to fetch measurements:', error);\n }","explanation":"Blanket try/catch around entire Firestore operation with generic error handling that only logs and continues. Different Firebase errors (network, permissions, quota) should be handled differently","timestamp":"2026-05-20T16:13:41.653Z"}
|
|
132
|
+
{"filename":"ProfileSupport.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"description: 'support@hardcoresynergy.com'","explanation":"Email address is hardcoded in source code, making it difficult to change for different environments or configurations","timestamp":"2026-05-20T16:13:53.325Z"}
|
|
133
|
+
{"filename":"ProfileSupport.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"action: () => window.location.href = 'mailto:support@hardcoresynergy.com'","explanation":"Support email address is hardcoded again, duplicating the configuration value","timestamp":"2026-05-20T16:13:53.326Z"}
|
|
134
|
+
{"filename":"ProfileSupport.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"onClick={() => window.location.href = 'mailto:support@hardcoresynergy.com'}","explanation":"Support email hardcoded a third time, creating maintenance burden when email needs to change","timestamp":"2026-05-20T16:13:53.327Z"}
|
|
135
|
+
{"filename":"ProfileSupport.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"action: () => alert('Support chat coming soon!')","explanation":"Function presents as working support contact but is just a placeholder alert that provides no actual functionality","timestamp":"2026-05-20T16:13:53.327Z"}
|
|
136
|
+
{"filename":"ProfileSupport.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"action: () => alert('FAQs coming soon!')","explanation":"FAQs option appears functional but only shows a placeholder alert, misleading users who need help","timestamp":"2026-05-20T16:13:53.327Z"}
|
|
137
|
+
{"filename":"ProfileSettings.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n // TODO: Implement app settings API call (language, sound effects, haptic feedback)\n await new Promise((r) => setTimeout(r, 500));\n setSaving(false);\n alert('Settings saved!');\n navigate('/profile');\n };","explanation":"Function has complete error handling, loading states, and success flow but the core business logic is a TODO comment with a fake delay. This will appear to work but won't actually save settings.","timestamp":"2026-05-20T16:14:09.194Z"}
|
|
138
|
+
{"filename":"ProfileSettings.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// Sync darkMode from theme context\n useEffect(() => {\n // Settings state is now managed by theme context\n }, [darkMode]);","explanation":"The comment simply restates what the useEffect dependency array already indicates - that it syncs with darkMode. The inner comment adds no meaningful information since the effect body is empty.","timestamp":"2026-05-20T16:14:09.195Z"}
|
|
139
|
+
{"filename":"ProfileSettings.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"const handleDarkModeToggle = (enabled: boolean) => {\n setDarkMode(enabled);\n // Save immediately without needing to click \"Save Settings\"\n };","explanation":"Comment merely describes the mechanical difference from other settings rather than explaining the business reason or user experience rationale for this behavior.","timestamp":"2026-05-20T16:14:09.195Z"}
|
|
140
|
+
{"filename":"ProfileNotifications.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n // TODO: Implement notification preferences API call\n await new Promise((r) => setTimeout(r, 1000));\n setSaving(false);\n alert('Notification preferences saved!');\n navigate('/profile');\n };","explanation":"Function has complete structure with loading state management and navigation flow, but the core business logic (saving preferences to backend) is a TODO comment with a fake timeout. The UI shows success feedback even though no actual save operation occurred.","timestamp":"2026-05-20T16:14:15.233Z"}
|
|
141
|
+
{"filename":"ProfileEdit.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n // TODO: Implement profile update API call\n await new Promise((r) => setTimeout(r, 1000));\n setSaving(false);\n alert('Profile updated successfully!');\n navigate('/profile');\n };","explanation":"Function has complete error handling structure and UI feedback but the core business logic (saving profile data) is just a TODO comment with a fake delay. The function claims success without actually persisting any data.","timestamp":"2026-05-20T16:14:21.236Z"}
|
|
142
|
+
{"filename":"Profile.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to sign out:', error);","explanation":"Debug console statement left in production code within error handling. While this is console.error rather than console.log, it still exposes internal error details that should use proper logging.","timestamp":"2026-05-20T16:14:26.225Z"}
|
|
143
|
+
{"filename":"NutritionLog.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to log nutrition:', error);","explanation":"Debug console.error statement left in production code that logs internal error details","timestamp":"2026-05-20T16:14:30.604Z"}
|
|
144
|
+
{"filename":"NutritionHistory.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch nutrition logs:', error);","explanation":"Debug console.error statement left in production code that will clutter production logs and potentially leak implementation details","timestamp":"2026-05-20T16:14:34.735Z"}
|
|
145
|
+
{"filename":"MealPlan.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch nutrition data:', error);","explanation":"Console.error statement left in production code that will log error details to browser console, potentially exposing internal error information","timestamp":"2026-05-20T16:14:39.144Z"}
|
|
146
|
+
{"filename":"MacroCalculator.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('No results to update');","explanation":"Debug console statements left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:47.654Z"}
|
|
147
|
+
{"filename":"MacroCalculator.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('No user logged in');","explanation":"Debug console statements left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:47.654Z"}
|
|
148
|
+
{"filename":"MacroCalculator.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Updating macros:', {\n targetCalories: results.targetCalories,\n targetProtein: results.protein,\n targetCarbs: results.carbs,\n targetFat: results.fat,\n });","explanation":"Debug console.log statement left in production code that logs internal application state","timestamp":"2026-05-20T16:14:47.655Z"}
|
|
149
|
+
{"filename":"MacroCalculator.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Macros updated successfully');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:47.655Z"}
|
|
150
|
+
{"filename":"MacroCalculator.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to update macros:', error);","explanation":"Debug console statements left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:47.655Z"}
|
|
151
|
+
{"filename":"IntakeForm.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Draft loaded from Firestore');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:55.996Z"}
|
|
152
|
+
{"filename":"IntakeForm.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Draft saved to Firestore');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:55.997Z"}
|
|
153
|
+
{"filename":"IntakeForm.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Submitting intake form...');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:55.997Z"}
|
|
154
|
+
{"filename":"IntakeForm.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Client profile saved to Firestore');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:55.997Z"}
|
|
155
|
+
{"filename":"IntakeForm.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Intake marked as completed');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T16:14:55.998Z"}
|
|
156
|
+
{"filename":"Home.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('📹 Loaded motivational content:', content);","explanation":"Debug console.log statement left in production code that logs internal application state and data structures","timestamp":"2026-05-20T16:15:05.585Z"}
|
|
157
|
+
{"filename":"Home.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('📹 Loaded video from all content (fallback):', videos[0]);","explanation":"Debug console.log statement left in production code that logs fallback data loading behavior","timestamp":"2026-05-20T16:15:05.587Z"}
|
|
158
|
+
{"filename":"Home.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('⚠️ No video content found');","explanation":"Debug console.log statement left in production code that logs application flow information","timestamp":"2026-05-20T16:15:05.587Z"}
|
|
159
|
+
{"filename":"Home.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn('Preferred query failed, trying fallback:', error);","explanation":"Debug console.warn statement left in production code that logs error details and fallback behavior","timestamp":"2026-05-20T16:15:05.587Z"}
|
|
160
|
+
{"filename":"Home.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch workouts:', error);","explanation":"Debug console.error statement left in production code that logs error information","timestamp":"2026-05-20T16:15:05.587Z"}
|
|
161
|
+
{"filename":"SignIn.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n await signIn(email, password);\n // Redirect based on subscription status\n if (!subscriptionTier) {\n navigate('/pricing');\n } else {\n navigate(from, { replace: true });\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to sign in');\n }","explanation":"Generic catch block that handles all errors the same way, whether they're network failures, authentication failures, or validation errors. Different error types should be handled distinctly for better UX.","timestamp":"2026-05-20T16:15:17.178Z"}
|
|
162
|
+
{"filename":"SignIn.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n await signInWithGoogle();\n // Note: If using redirect, navigation won't happen here\n // The redirect result handler will navigate after successful auth\n if (!subscriptionTier) {\n navigate('/pricing');\n } else {\n navigate(from, { replace: true });\n }\n } catch (err) {\n setError(err instanceof Error ? err.message : 'Failed to sign in with Google');\n }","explanation":"Another generic catch block that treats all Google sign-in errors the same. Popup blocked, user cancelled, network errors, and OAuth errors should be handled differently.","timestamp":"2026-05-20T16:15:17.178Z"}
|
|
163
|
+
{"filename":"Pricing.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to update subscription:', error);","explanation":"Console.error statement left in production code that will clutter production logs and expose internal implementation details","timestamp":"2026-05-20T16:15:23.299Z"}
|
|
164
|
+
{"filename":"Pricing.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Payment error:', error);","explanation":"Console.error statement left in production code in the payment error handler","timestamp":"2026-05-20T16:15:23.299Z"}
|
|
165
|
+
{"filename":"AdminWorkoutPrograms.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch programs:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially leak internal implementation details","timestamp":"2026-05-20T16:15:28.497Z"}
|
|
166
|
+
{"filename":"AdminWorkoutPrograms.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to delete program:', error);","explanation":"Debug console statement left in production code that will clutter production logs and potentially leak internal implementation details","timestamp":"2026-05-20T16:15:28.498Z"}
|
|
167
|
+
{"filename":"AdminUsers.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const res = await getAdminUsers({ limit: 500 });","explanation":"Variable 'res' is a generic name that doesn't communicate what the response contains - it's an admin users API response","timestamp":"2026-05-20T16:15:34.835Z"}
|
|
168
|
+
{"filename":"AdminUsers.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"setUsers(res.data.users.map((u) => normalizeAdminUser(u as unknown as Record<string, unknown>)));","explanation":"Variable 'u' in the map function is generic when 'user' or 'rawUser' would be more descriptive for the user data being normalized","timestamp":"2026-05-20T16:15:34.835Z"}
|
|
169
|
+
{"filename":"AdminTrainers.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const openEdit = (t: TrainerProfile) => {","explanation":"Parameter named 't' instead of a descriptive name like 'trainer' makes the function less readable, especially given the complex logic that follows","timestamp":"2026-05-20T16:15:41.165Z"}
|
|
170
|
+
{"filename":"AdminTrainers.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"setTrainers(\n res.data.trainers.map((t) => mapUserDocToTrainer(t as unknown as Record<string, unknown>))\n );","explanation":"Loop variable 't' in map function should be named 'trainer' or 'trainerData' to clarify what's being transformed","timestamp":"2026-05-20T16:15:41.165Z"}
|
|
171
|
+
{"filename":"AdminSweatStarterWorkouts.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch data:', error);","explanation":"Debug console statement left in production code that will log error details to browser console","timestamp":"2026-05-20T16:15:48.823Z"}
|
|
172
|
+
{"filename":"AdminSweatStarterWorkouts.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn('Workout missing ID:', workout);","explanation":"Debug console statement left in production code that logs workout data to browser console","timestamp":"2026-05-20T16:15:48.825Z"}
|
|
173
|
+
{"filename":"AdminSweatStarterWorkouts.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(` Added workout ${workout.id} (week ${weekNumber}, day ${dayIndex}) to week ${weekNumber}`);","explanation":"Debug console statement left in production code that logs detailed workout assignment information","timestamp":"2026-05-20T16:15:48.825Z"}
|
|
174
|
+
{"filename":"AdminSettings.tsx","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"appName: 'Hardcore Synergy',\nsupportEmail: 'support@hardcoresynergy.com',\ncontactInfo: '1-800-HARD-CORE',\ntermsUrl: 'https://hardcoresynergy.com/terms',\nprivacyUrl: 'https://hardcoresynergy.com/privacy'","explanation":"Company-specific configuration values are hardcoded directly in the React component. These values should be configurable without code changes, especially URLs and contact information that may need to be updated by administrators.","timestamp":"2026-05-20T16:16:01.514Z"}
|
|
175
|
+
{"filename":"AdminSettings.tsx","pattern_id":"010","pattern_name":"async-misuse","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n await new Promise((r) => setTimeout(r, 1000));\n setSaving(false);\n};","explanation":"Function is marked async and uses await, but only to create a fake delay with setTimeout. This simulates async behavior without actually performing any real async operation like saving data to a server.","timestamp":"2026-05-20T16:16:01.515Z"}
|
|
176
|
+
{"filename":"AdminSettings.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSave = async () => {\n setSaving(true);\n await new Promise((r) => setTimeout(r, 1000));\n setSaving(false);\n};","explanation":"The save function has all the UI scaffolding (loading state, async signature) but contains only a fake delay instead of actual save logic. This will appear to work but won't persist any settings changes.","timestamp":"2026-05-20T16:16:01.515Z"}
|
|
177
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('🎭 Demo mode: Using empty exercise list');","explanation":"Debug console.log statement left in production code that logs internal application state","timestamp":"2026-05-20T16:16:16.954Z"}
|
|
178
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Firestore database not initialized');","explanation":"Console.error used for application error handling instead of proper error logging","timestamp":"2026-05-20T16:16:16.956Z"}
|
|
179
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn('No current user, cannot fetch exercises');","explanation":"Console.warn used for application warning instead of proper logging","timestamp":"2026-05-20T16:16:16.956Z"}
|
|
180
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Fetching exercises...', { userId: currentUser.uid, email: currentUser.email });","explanation":"Debug console.log statement left in production code that logs user identification data including email","timestamp":"2026-05-20T16:16:16.956Z"}
|
|
181
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Fetching exercises from Firestore...');","explanation":"Debug console.log statement left in production code","timestamp":"2026-05-20T16:16:16.957Z"}
|
|
182
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Query successful, got', snapshot.docs.length, 'exercises');","explanation":"Debug console.log statement left in production code","timestamp":"2026-05-20T16:16:16.957Z"}
|
|
183
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Successfully loaded', exercisesData.length, 'exercises');","explanation":"Debug console.log statement left in production code","timestamp":"2026-05-20T16:16:16.957Z"}
|
|
184
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch exercises:', error);","explanation":"Console.error used for application error handling instead of proper error logging","timestamp":"2026-05-20T16:16:16.957Z"}
|
|
185
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"high","code_snippet":"console.error('Error details:', {\n code: error?.code,\n message: error?.message,\n stack: error?.stack,\n userId: currentUser?.uid,\n email: currentUser?.email,\n });","explanation":"Console.error logging sensitive user data including email address and user ID in production code","timestamp":"2026-05-20T16:16:16.957Z"}
|
|
186
|
+
{"filename":"AdminExercises.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Cannot edit: exercise is null or undefined');","explanation":"Console.error used for application error handling instead of proper error logging","timestamp":"2026-05-20T16:16:16.957Z"}
|
|
187
|
+
{"filename":"AdminExerciseUpload.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn('Auto cover from video failed:', e);","explanation":"Debug console statement left in production code that will log errors to browser console in production, potentially exposing implementation details","timestamp":"2026-05-20T16:16:21.636Z"}
|
|
188
|
+
{"filename":"AdminDashboard.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const res = await getPlatformAnalytics();","explanation":"Variable 'res' is a generic name that doesn't communicate what the response contains - analytics data in this case","timestamp":"2026-05-20T16:16:29.887Z"}
|
|
189
|
+
{"filename":"AdminDashboard.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"if (res.success && res.data) {","explanation":"Using generic 'res' variable makes the conditional logic less clear about what's being checked","timestamp":"2026-05-20T16:16:29.888Z"}
|
|
190
|
+
{"filename":"AdminDashboard.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"setAnalytics(res.data);","explanation":"Generic 'res' variable continues to obscure the intent - this is setting analytics data","timestamp":"2026-05-20T16:16:29.888Z"}
|
|
191
|
+
{"filename":"AdminDashboard.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"res.error ||","explanation":"Generic 'res' variable used in error handling where a more descriptive name would clarify this is an analytics API error","timestamp":"2026-05-20T16:16:29.888Z"}
|
|
192
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.warn('OrderBy failed, fetching without order:', orderError);","explanation":"Debug console statement left in production code that exposes internal error handling logic and Firebase implementation details","timestamp":"2026-05-20T16:16:38.216Z"}
|
|
193
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to fetch content:', error);","explanation":"Debug console statement left in production code in error handler","timestamp":"2026-05-20T16:16:38.217Z"}
|
|
194
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to load content:', error);","explanation":"Debug console statement left in production code in error handler for content loading","timestamp":"2026-05-20T16:16:38.217Z"}
|
|
195
|
+
{"filename":"AdminContent.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Upload error:', error);","explanation":"Debug console statement left in production code in file upload error handler","timestamp":"2026-05-20T16:16:38.217Z"}
|
|
196
|
+
{"filename":"AdminCommunity.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"{/* Reported Posts Alert */}","explanation":"Comment simply restates what's obvious from the JSX structure - the alert component for reported posts is self-evident from the content","timestamp":"2026-05-20T16:16:47.130Z"}
|
|
197
|
+
{"filename":"AdminCommunity.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"{/* Search & Filters */}","explanation":"Comment translates the JSX into English without adding any information about purpose or behavior","timestamp":"2026-05-20T16:16:47.131Z"}
|
|
198
|
+
{"filename":"AdminCommunity.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"{/* Posts List */}","explanation":"Comment simply describes what the following JSX does without providing context about data structure or behavior","timestamp":"2026-05-20T16:16:47.131Z"}
|
|
199
|
+
{"filename":"AdminCommunity.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"{/* Header */}","explanation":"Comment restates the obvious structure of the post header section","timestamp":"2026-05-20T16:16:47.131Z"}
|
|
200
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const res = await getPlatformAnalytics();\n if (cancelled) return;\n if (res.success && res.data) {","explanation":"Variable 'res' is a generic name that doesn't communicate what kind of response this is. In a function dealing with analytics data, a more descriptive name would improve readability.","timestamp":"2026-05-20T16:17:01.452Z"}
|
|
201
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"? analytics.revenueByTier.map((r) => ({ month: r.tier, mrr: r.amount }))","explanation":"Loop variable 'r' is generic when iterating over revenue data. A more descriptive name would clarify what each item represents.","timestamp":"2026-05-20T16:17:01.454Z"}
|
|
202
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"? analytics.signupsByMonth.map((s) => ({","explanation":"Loop variable 's' is generic when iterating over signup data. A more descriptive name would improve code clarity.","timestamp":"2026-05-20T16:17:01.454Z"}
|
|
203
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"return analytics.activeUsersByDay.map((d) => ({","explanation":"Loop variable 'd' is generic when iterating over daily user data. A more descriptive name would clarify the data structure.","timestamp":"2026-05-20T16:17:01.454Z"}
|
|
204
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const total = entries.reduce((s, [, v]) => s + Number(v), 0) || 1;","explanation":"Variables 's' and 'v' in the reduce function are generic. More descriptive names would clarify this is summing user counts.","timestamp":"2026-05-20T16:17:01.454Z"}
|
|
205
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"return entries.map(([name, v]) => ({","explanation":"Variable 'v' is generic when destructuring tier data. A more descriptive name would improve readability.","timestamp":"2026-05-20T16:17:01.454Z"}
|
|
206
|
+
{"filename":"AdminAnalytics.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"value: Math.round((Number(v) / total) * 100),","explanation":"Using generic variable 'v' from destructuring instead of the more descriptive name that should have been used.","timestamp":"2026-05-20T16:17:01.454Z"}
|
|
207
|
+
{"filename":"App.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import reactLogo from './assets/react.svg'\nimport viteLogo from '/vite.svg'","explanation":"Both reactLogo and viteLogo are imported but used only once each in the JSX. While technically used, these could be inlined since they're just static asset references with no reuse.","timestamp":"2026-05-20T16:27:57.642Z"}
|
|
208
|
+
{"filename":"App.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import reactLogo from './assets/react.svg'\nimport viteLogo from '/vite.svg'","explanation":"Both reactLogo and viteLogo are imported but used in the JSX, so this is not actually an unused import issue","timestamp":"2026-05-20T20:28:36.147Z"}
|
|
209
|
+
{"filename":"eslint.config.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { defineConfig, globalIgnores } from 'eslint/config'","explanation":"The eslint/config module does not exist. ESLint's actual configuration is handled through the main 'eslint' package, but there is no 'eslint/config' submodule that exports defineConfig and globalIgnores.","timestamp":"2026-05-20T20:32:01.848Z"}
|
|
210
|
+
{"filename":"update-sunnies-jobs.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('✅ Sunnies Solar jobs updated');","explanation":"Using emoji (✅) in production script output creates unprofessional logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:32:06.179Z"}
|
|
211
|
+
{"filename":"set-claims.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in the source code. This creates deployment fragility and environment coupling - the same code cannot run against different Firebase projects without modification.","timestamp":"2026-05-20T20:32:11.481Z"}
|
|
212
|
+
{"filename":"seedIntegrationProviders.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"projectId: 'flow-forge-1c74d',","explanation":"Firebase project ID is hardcoded directly in source code, making the application environment-coupled and preventing deployment to different environments without code changes","timestamp":"2026-05-20T20:32:19.988Z"}
|
|
213
|
+
{"filename":"seedIntegrationProviders.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"await db.doc('platform/integrations/buildertrend').set({","explanation":"Firestore document path is hardcoded, coupling the seeding logic to a specific database structure that cannot be changed across environments","timestamp":"2026-05-20T20:32:19.989Z"}
|
|
214
|
+
{"filename":"seedIntegrationProviders.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Integration provider definitions seeded.');","explanation":"Debug console.log statement left in production code that will clutter production logs","timestamp":"2026-05-20T20:32:19.989Z"}
|
|
215
|
+
{"filename":"seed-sunnies-solar.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(\n `Cleaned up ${wrongCrewSnap.size} crew documents from orgs/${ORG_ID}/crew (singular)`\n );","explanation":"Debug console.log statement left in production code that logs internal cleanup operations and exposes system internals","timestamp":"2026-05-20T20:32:25.399Z"}
|
|
216
|
+
{"filename":"seed-schedule-events.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in the source code, creating environment coupling and making it impossible to run this script against different environments without code changes","timestamp":"2026-05-20T20:32:33.181Z"}
|
|
217
|
+
{"filename":"seed-schedule-events.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const ORG_ID = 'org_sunnies_solar_demo_001';","explanation":"Organization ID is hardcoded, making this script tied to a specific organization and requiring code changes to run for different orgs","timestamp":"2026-05-20T20:32:33.182Z"}
|
|
218
|
+
{"filename":"seed-schedule-events.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('✅ Schedule events seeded');","explanation":"Using emoji (✅) in console output creates unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:32:33.182Z"}
|
|
219
|
+
{"filename":"register-master-schedule.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('✅ master-schedule registered in platform/plugins/plugins');","explanation":"Using emoji (✅) in console output creates unprofessional logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:32:37.656Z"}
|
|
220
|
+
{"filename":"register-jobs.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('✅ Jobs plugin registered in platform_plugins');","explanation":"Using emoji characters in production script output creates unprofessional logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:32:44.042Z"}
|
|
221
|
+
{"filename":"register-jobs.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`✅ Jobs installed for org: ${orgId}`);","explanation":"Using emoji characters in production script output creates unprofessional logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:32:44.043Z"}
|
|
222
|
+
{"filename":"register-jobs.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"icon: '🔧',","explanation":"Using emoji character for icon field in production data can cause encoding issues and creates unprofessional system data","timestamp":"2026-05-20T20:32:44.043Z"}
|
|
223
|
+
{"filename":"migrateToRegistry.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const app = initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in the source code instead of being read from environment variables, creating deployment fragility and environment coupling","timestamp":"2026-05-20T20:32:50.861Z"}
|
|
224
|
+
{"filename":"migrateToRegistry.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"bundleUrl: 'https://firebasestorage.googleapis.com/v0/b/flow-forge-1c74d.firebasestorage.app/o/plugins%2Fcustomers%2FremoteEntry.js?alt=media'","explanation":"Production Firebase Storage URLs are hardcoded throughout the registry configuration, making it impossible to use different environments without code changes","timestamp":"2026-05-20T20:32:50.862Z"}
|
|
225
|
+
{"filename":"migrate-plugins-to-hosting.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const serviceAccountPath = path.join(os.homedir(), 'flow-forge-web', 'service-account-key.json');\nadmin.initializeApp({\n credential: admin.credential.cert(require(serviceAccountPath)),\n projectId: 'flow-forge-1c74d'\n});","explanation":"Hardcoded Firebase project ID and hardcoded service account file path make this script environment-specific and non-portable","timestamp":"2026-05-20T20:33:04.000Z"}
|
|
226
|
+
{"filename":"migrate-plugins-to-hosting.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"return `https://flow-forge-1c74d.web.app/plugins/${pluginId}/v${version}/assets/remoteEntry.js`;","explanation":"Hardcoded domain name makes this script tied to a specific Firebase hosting environment","timestamp":"2026-05-20T20:33:04.000Z"}
|
|
227
|
+
{"filename":"migrate-plugins-to-hosting.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(` ✓ platform/${plugin.id}`);","explanation":"Unicode checkmark symbols in console output make logs harder to parse and search","timestamp":"2026-05-20T20:33:04.001Z"}
|
|
228
|
+
{"filename":"migrate-plugins-to-hosting.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(` ✓ orgs/${orgDoc.id}/installed_plugins/${plugin.id}`);","explanation":"Unicode checkmark symbols in console output make logs harder to parse and search","timestamp":"2026-05-20T20:33:04.001Z"}
|
|
229
|
+
{"filename":"migrate-plugins-to-hosting.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('\\n✓ Migration complete — all plugins now on hosting URLs\\n');","explanation":"Unicode checkmark symbols in console output make logs harder to parse and search","timestamp":"2026-05-20T20:33:04.001Z"}
|
|
230
|
+
{"filename":"migrate-plugins-to-hosting.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.error('\\n✗ Migration failed:', err.message);","explanation":"Unicode X symbol in error output makes logs harder to parse and search","timestamp":"2026-05-20T20:33:04.001Z"}
|
|
231
|
+
{"filename":"fix-sunnies-solar.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('✅ Sunnies Solar fixes applied');\n console.log(' Subscription field added');\n console.log(' Installed plugins cleaned — only master-schedule remains');","explanation":"Uses emoji character (✅) in console log output. This creates unprofessional production logs and can cause encoding issues in different environments or monitoring systems.","timestamp":"2026-05-20T20:33:11.995Z"}
|
|
232
|
+
{"filename":"fix-sunnies-solar.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const ORG_ID = 'org_sunnies_solar_demo_001';\nconst KEEP_PLUGIN_ID = 'master-schedule';","explanation":"Organization ID and plugin ID are hardcoded constants. While this is a one-off script, these values should be parameterized to make the script reusable and avoid accidental misuse.","timestamp":"2026-05-20T20:33:11.996Z"}
|
|
233
|
+
{"filename":"fix-reid-builds-membership.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(\"✅ Reid Builds membership created for Reid's uid\");","explanation":"Using emoji character (✅) in console output creates unprofessional logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:16.134Z"}
|
|
234
|
+
{"filename":"fix-memberships.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(`Reid uid: ${uid}`);","explanation":"Debug console.log statement logging user ID information in production admin script","timestamp":"2026-05-20T20:33:30.731Z"}
|
|
235
|
+
{"filename":"fix-memberships.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(`Matching org_memberships docs found: ${matchingDocs.length}`);","explanation":"Debug console.log statement in production admin script","timestamp":"2026-05-20T20:33:30.732Z"}
|
|
236
|
+
{"filename":"fix-memberships.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"for (const d of matchingDocs) {\n console.log(`\\nDoc ID: ${d.id}`);\n console.log(cloneJson(d.data));\n }","explanation":"Debug console.log statements logging full document data which may contain sensitive membership information","timestamp":"2026-05-20T20:33:30.732Z"}
|
|
237
|
+
{"filename":"fix-memberships.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(`\\nSunnies Solar memberships by orgId (${TARGET_ORG_ID}): ${sunniesMembershipSnap.size}`);","explanation":"Debug console.log statement in production admin script","timestamp":"2026-05-20T20:33:30.732Z"}
|
|
238
|
+
{"filename":"fix-memberships.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"for (const m of sunniesMemberships) {\n console.log(`\\nSunnies doc ID: ${m.id}`);\n console.log(cloneJson(m.data));\n }","explanation":"Debug console.log statements logging full membership document data which may contain sensitive information","timestamp":"2026-05-20T20:33:30.732Z"}
|
|
239
|
+
{"filename":"deploy-plugin.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const app = initializeApp({ \n projectId: 'flow-forge-1c74d',\n storageBucket: 'flow-forge-1c74d.firebasestorage.app'\n});","explanation":"Firebase project configuration is hardcoded in source code instead of using environment variables, creating deployment fragility and environment coupling","timestamp":"2026-05-20T20:33:49.673Z"}
|
|
240
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`\\n🔧 Deploying plugin: ${pluginId} v${version}`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
241
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`📦 Uploading bundle to Storage: ${storagePath}`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
242
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`✅ Bundle uploaded: ${publicUrl}\\n`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
243
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`📝 Updating platform_plugins/${pluginId}`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
244
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`✅ platform_plugins/${pluginId} updated\\n`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
245
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('📋 Installing for all orgs (--install-all)...');","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
246
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(` ✅ Installed for org: ${orgDoc.id}`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
247
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`📋 Updating existing installations of ${pluginId}...`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
248
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(` ✅ Updated org: ${orgDoc.id}`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
249
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`✅ Updated ${updatedCount} existing installation(s)`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
250
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log(`\\n🚀 Plugin ${pluginId} v${version} deployed successfully!\\n`);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
251
|
+
{"filename":"deploy-plugin.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.error('\\n❌ Deployment failed:', err.message || err);","explanation":"Emoji characters in console output create unprofessional production logs and can cause encoding issues in different environments","timestamp":"2026-05-20T20:33:49.674Z"}
|
|
252
|
+
{"filename":"create-org.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in source code instead of using environment variables, making the code environment-specific and preventing deployment flexibility","timestamp":"2026-05-20T20:33:58.891Z"}
|
|
253
|
+
{"filename":"create-org.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"amount: 295,","explanation":"Subscription amount is hardcoded without any configuration reference, making it impossible to adjust pricing without code changes","timestamp":"2026-05-20T20:33:58.891Z"}
|
|
254
|
+
{"filename":"create-org.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"enabledTools: ['jobs', 'customers', 'notes'],","explanation":"Default enabled tools are hardcoded in the business logic instead of being configurable","timestamp":"2026-05-20T20:33:58.891Z"}
|
|
255
|
+
{"filename":"create-org.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"timezone: 'America/New_York',\n currency: 'USD',\n dateFormat: 'MM/DD/YYYY',","explanation":"Default timezone, currency, and date format are hardcoded, preventing internationalization and configuration flexibility","timestamp":"2026-05-20T20:33:58.891Z"}
|
|
256
|
+
{"filename":"add-member-sunnies-solar.js","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.log('✅ Reid added to Sunnies Solar with correct membership schema');","explanation":"Uses emoji character (✅) in console.log output, which can cause encoding issues and makes log parsing difficult for monitoring systems","timestamp":"2026-05-20T20:34:03.946Z"}
|
|
257
|
+
{"filename":"main.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import * as ReactDOM from 'react-dom';","explanation":"ReactDOM is imported but never used in the file. The code uses createRoot from 'react-dom/client' instead.","timestamp":"2026-05-20T20:34:18.482Z"}
|
|
258
|
+
{"filename":"main.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import * as jsxRuntime from 'react/jsx-runtime';","explanation":"jsxRuntime is imported and assigned to ffShared but appears to be unused functionality - it's passed to the global object but never actually used in the application logic.","timestamp":"2026-05-20T20:34:18.483Z"}
|
|
259
|
+
{"filename":"App.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import React, { Component, ErrorInfo, ReactNode, useState, useEffect, useMemo } from 'react';","explanation":"Component, ErrorInfo, ReactNode, and useMemo are imported but never used in the visible code. Component and ErrorInfo suggest an error boundary was planned but not implemented.","timestamp":"2026-05-20T20:34:26.508Z"}
|
|
260
|
+
{"filename":"App.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import { BrowserRouter, Routes, Route, Navigate, useNavigate } from 'react-router-dom';","explanation":"BrowserRouter is imported but not used in the visible code - likely used in a parent component or root file.","timestamp":"2026-05-20T20:34:26.509Z"}
|
|
261
|
+
{"filename":"App.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import { ThemeProvider, createTheme, CssBaseline, Box, CircularProgress, Alert, Typography, Button, useMediaQuery } from '@mui/material';","explanation":"ThemeProvider, CssBaseline, CircularProgress, Alert, Typography, and Button are imported but not used in the visible code.","timestamp":"2026-05-20T20:34:26.510Z"}
|
|
262
|
+
{"filename":"hide-co-nav.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in source code, creating environment coupling and making it impossible to use this script across different environments without code changes","timestamp":"2026-05-20T20:34:38.601Z"}
|
|
263
|
+
{"filename":"hide-co-nav.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const orgs = ['org_restoration_demo_001','org_reid_builds_1770408645439_fzm7fmvup','org_okeefe_built_demo_001','org_residential_gc_demo_001','org_outdoor_living_demo_001','org_newbuild_residential_demo_001','org_solo_gc_demo_001'];","explanation":"Organization IDs are hardcoded in source code, making the script inflexible and requiring code changes to run against different sets of organizations","timestamp":"2026-05-20T20:34:38.602Z"}
|
|
264
|
+
{"filename":"hide-co-nav.js","pattern_id":"014","pattern_name":"fake-async-simulation","severity":"high","code_snippet":"setTimeout(function() { process.exit(0); }, 5000);","explanation":"Using setTimeout with hardcoded delay to exit the process is unreliable - if the Firestore operations take longer than 5 seconds, they will be cut off mid-execution","timestamp":"2026-05-20T20:34:38.602Z"}
|
|
265
|
+
{"filename":"snapshot-agent.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import MockAgent from './mock-agent'","explanation":"TypeScript declaration files should not contain import statements that execute at runtime. Declaration files (.d.ts) are for type definitions only and should use 'declare' statements or type imports.","timestamp":"2026-05-20T20:35:26.237Z"}
|
|
266
|
+
{"filename":"proxy-agent.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import Agent from './agent'\nimport buildConnector from './connector'\nimport Dispatcher from './dispatcher'\nimport { IncomingHttpHeaders } from './header'","explanation":"Multiple imports that likely don't exist - './agent', './connector', './dispatcher', and './header' are not standard Node.js modules and the file paths suggest they should exist as local modules, but this appears to be a standalone TypeScript definition file where these dependencies may be hallucinated","timestamp":"2026-05-20T20:35:41.456Z"}
|
|
267
|
+
{"filename":"mock-errors.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import Errors from './errors'","explanation":"The import assumes an './errors' module exists with a default export containing an 'UndiciError' class. This is a plausible-sounding import that may not match the actual API surface of the errors module.","timestamp":"2026-05-20T20:36:01.157Z"}
|
|
268
|
+
{"filename":"mock-call-history.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import Dispatcher from './dispatcher'","explanation":"The import references a local file './dispatcher' that may not exist. This is a TypeScript declaration file importing from a relative path without verification that the dispatcher module exists or exports the expected interface.","timestamp":"2026-05-20T20:36:10.291Z"}
|
|
269
|
+
{"filename":"header.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { Autocomplete } from './utility'","explanation":"The import assumes an 'Autocomplete' type exists in './utility' module. This is a common AI pattern where it generates plausible-sounding utility type imports without verifying they exist in the actual codebase.","timestamp":"2026-05-20T20:36:23.988Z"}
|
|
270
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n connectTimeout?: number;","explanation":"Documentation comment is a placeholder 'TODO' for a timeout configuration option that would be critical for production use, indicating incomplete API documentation","timestamp":"2026-05-20T20:36:41.033Z"}
|
|
271
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n socketPath?: string;","explanation":"Documentation comment is a placeholder 'TODO' for socket path configuration, leaving developers without guidance on how to use this option","timestamp":"2026-05-20T20:36:41.034Z"}
|
|
272
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n maxCachedSessions?: number;","explanation":"Documentation comment is a placeholder 'TODO' for session caching configuration, providing no useful information about this option's purpose or default value","timestamp":"2026-05-20T20:36:41.034Z"}
|
|
273
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n connect?: Omit<Partial<buildConnector.BuildOptions>, 'allowH2'> | buildConnector.connector;","explanation":"Documentation comment is a placeholder 'TODO' for a complex connector configuration option, leaving the API undocumented despite having a detailed type signature","timestamp":"2026-05-20T20:36:41.034Z"}
|
|
274
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n maxRequestsPerClient?: number;","explanation":"Documentation comment is a placeholder 'TODO' for request limiting configuration, providing no guidance on this potentially important performance tuning option","timestamp":"2026-05-20T20:36:41.034Z"}
|
|
275
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n localAddress?: string;","explanation":"Documentation comment is a placeholder 'TODO' for local address binding configuration, leaving developers without information about this networking option","timestamp":"2026-05-20T20:36:41.035Z"}
|
|
276
|
+
{"filename":"formdata.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { File } from 'buffer'","explanation":"The Node.js 'buffer' module does not export a 'File' named export. File is a web API that may be available globally in some environments but is not part of the buffer module's API.","timestamp":"2026-05-20T20:36:52.464Z"}
|
|
277
|
+
{"filename":"eventsource.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { MessageEvent, ErrorEvent } from './websocket'","explanation":"Importing MessageEvent and ErrorEvent from './websocket' is suspicious - these are standard Web API types that should either come from built-in TypeScript DOM types or a WebSocket-specific module. The module path './websocket' suggests this might be a hallucinated import combining WebSocket and EventSource concepts.","timestamp":"2026-05-20T20:37:01.083Z"}
|
|
278
|
+
{"filename":"diagnostics-channel.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import buildConnector from './connector'","explanation":"Imports buildConnector from './connector' but this appears to be a TypeScript declaration file (.d.ts) that should not have implementation imports. The buildConnector import is used only for type reference (buildConnector.connector) which suggests this should be a type-only import or the connector type should be defined directly.","timestamp":"2026-05-20T20:37:17.386Z"}
|
|
279
|
+
{"filename":"cache.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import type { RequestInfo, Response, Request } from './fetch'","explanation":"The import references a local './fetch' module that appears to be a custom implementation of Web API types. These types (RequestInfo, Response, Request) are built into modern TypeScript and should be imported from the standard library, not a local fetch module.","timestamp":"2026-05-20T20:37:36.182Z"}
|
|
280
|
+
{"filename":"cache-interceptor.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Closes the connection to the database\n */\n close (): void","explanation":"The comment simply translates the method name 'close()' into English without providing any additional context about when to call it, what happens if you don't, or side effects","timestamp":"2026-05-20T20:37:42.258Z"}
|
|
281
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // stack[0] holds this file\n // stack[1] holds where this function was called\n // stack[2] holds the file we're interested in","explanation":"These comments simply restate what the code is doing (accessing array indices) without explaining the WHY or domain context. They translate code mechanics into English without adding meaningful information about the stack trace structure or business logic.","timestamp":"2026-05-20T20:38:42.850Z"}
|
|
282
|
+
{"filename":"firebase-storage.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_getProvider,getApp as e,_registerComponent as t,registerVersion as n,_isFirebaseServerApp as r,SDK_VERSION as o}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"The Firebase SDK version 12.8.0 does not exist. The Firebase JavaScript SDK follows semantic versioning and the current major version is 10.x. Version 12.8.0 is a hallucinated future version that will cause a 404 error when attempting to load from the CDN.","timestamp":"2026-05-20T20:39:46.435Z"}
|
|
283
|
+
{"filename":"firebase-remote-config.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_registerComponent as t,_getProvider,getApp as i,SDK_VERSION as s}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The Firebase SDK version 12.8.0 does not exist. Firebase JavaScript SDK versions follow semantic versioning and at the time of training, the latest major version was v9.x. Version 12.8.0 is a hallucinated future version that will cause a 404 error when the browser attempts to load this resource.","timestamp":"2026-05-20T20:39:56.126Z"}
|
|
284
|
+
{"filename":"firebase-messaging-sw.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_registerComponent as t,_getProvider,getApp as n}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The import references Firebase version 12.8.0, but Firebase has never released a version 12.x. The current Firebase v9+ uses modular imports and v8 was the last of the legacy versions. This version number appears to be hallucinated.","timestamp":"2026-05-20T20:40:19.431Z"}
|
|
285
|
+
{"filename":"firebase-installations.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_getProvider,getApp as t,_registerComponent as n}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"The import is referencing Firebase SDK version 12.8.0 which does not exist. The Firebase SDK follows semantic versioning and currently has versions in the 9.x and 10.x range. Version 12.8.0 is a hallucinated future version that will cause runtime module loading errors.","timestamp":"2026-05-20T20:40:27.765Z"}
|
|
286
|
+
{"filename":"firebase-functions.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_registerComponent as e,registerVersion as t,_getProvider,getApp as n,_isFirebaseServerApp as r}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The import references Firebase version 12.8.0 which does not exist. Firebase JS SDK follows semantic versioning and the highest major version is currently 10.x. Version 12.8.0 is a hallucinated future version.","timestamp":"2026-05-20T20:40:36.509Z"}
|
|
287
|
+
{"filename":"firebase-firestore.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js","explanation":"The code imports from Firebase SDK version 12.8.0, but the latest Firebase v9+ uses a modular SDK with different import patterns and API structure. Version 12.8.0 appears to be a non-existent version as Firebase v9 was released as 9.0.0 and current versions are 9.x or 10.x.","timestamp":"2026-05-20T20:40:49.293Z"}
|
|
288
|
+
{"filename":"firebase-firestore.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_isFirebaseServerApp as e,_getProvider,getApp as r,_removeServiceInstance as i,_registerComponent as s,registerVersion as o,SDK_VERSION as _}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The import references Firebase SDK version 12.8.0 which does not exist. Firebase versions jumped from v8 to v9, and current versions are 9.x or 10.x. Additionally, many of the imported functions like _isFirebaseServerApp appear to be private internal APIs.","timestamp":"2026-05-20T20:40:49.293Z"}
|
|
289
|
+
{"filename":"firebase-firestore-pipelines.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"import{_isFirebaseServerApp as e,_getProvider,getApp as r,_removeServiceInstance as i,_registerComponent as s,registerVersion as o,SDK_VERSION as _}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"This import uses version 12.8.0 of Firebase, but the current stable version is 10.x. Version 12.8.0 does not exist - Firebase uses semantic versioning and has never released a version 12. This will cause a 404 error when trying to load the module.","timestamp":"2026-05-20T20:40:56.375Z"}
|
|
290
|
+
{"filename":"firebase-firestore-lite-pipelines.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"This import uses an invalid version number. Firebase v12.8.0 does not exist - Firebase v9+ uses major versions 9, 10, 11, etc. The version 12.8.0 appears to be hallucinated.","timestamp":"2026-05-20T20:41:06.336Z"}
|
|
291
|
+
{"filename":"firebase-auth.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_getProvider,_isFirebaseServerApp as e,_registerComponent as t,registerVersion as r,getApp as n,SDK_VERSION as i}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The Firebase SDK version 12.8.0 does not exist. Firebase SDK versions follow semantic versioning with the latest versions being in the 9.x or 10.x range. Version 12.8.0 is a hallucinated future version that will cause a 404 error when the browser attempts to load this CDN resource.","timestamp":"2026-05-20T20:41:27.659Z"}
|
|
292
|
+
{"filename":"firebase-auth-cordova.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_getProvider,_isFirebaseServerApp as e,_registerComponent as t,registerVersion as r,SDK_VERSION as n,getApp as i}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The Firebase SDK version 12.8.0 does not exist. Firebase JS SDK versioning follows semantic versioning and the highest major version is 10.x as of 2024. Version 12.8.0 is a hallucinated version number.","timestamp":"2026-05-20T20:41:37.044Z"}
|
|
293
|
+
{"filename":"firebase-app-compat.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error(\"base64Decode failed: \",e)","explanation":"Production code contains a console.error statement that will log error details to the browser console, potentially exposing internal error information to end users","timestamp":"2026-05-20T20:41:51.117Z"}
|
|
294
|
+
{"filename":"firebase-app-compat.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.info(\"Unable to get __FIREBASE_DEFAULTS__ due to: \"+e)","explanation":"Production code contains a console.info statement that logs configuration loading errors, which may expose internal system details","timestamp":"2026-05-20T20:41:51.118Z"}
|
|
295
|
+
{"filename":"react.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"useId, useSyncExternalStore,","explanation":"useId and useSyncExternalStore are React 18+ APIs that may not exist in earlier versions. The code assumes these exports are available without version checking.","timestamp":"2026-05-20T20:42:18.415Z"}
|
|
296
|
+
{"filename":"react.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"startTransition, useTransition, useDeferredValue, useImperativeHandle, useLayoutEffect, useDebugValue,","explanation":"startTransition, useTransition, and useDeferredValue are React 18+ concurrent features that may not exist in older versions. The code destructures them without checking availability.","timestamp":"2026-05-20T20:42:18.417Z"}
|
|
297
|
+
{"filename":"react-dom.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"const { createPortal, flushSync, render, unmountComponentAtNode, findDOMNode, hydrate } = RD;","explanation":"unmountComponentAtNode and findDOMNode are deprecated APIs in React 18+. unmountComponentAtNode was replaced by createRoot().unmount() and findDOMNode is discouraged for accessing DOM nodes directly.","timestamp":"2026-05-20T20:42:29.358Z"}
|
|
298
|
+
{"filename":"react-dom.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"export { createPortal, flushSync, render, unmountComponentAtNode, findDOMNode, hydrate };","explanation":"Exporting deprecated APIs (unmountComponentAtNode, findDOMNode, hydrate) makes them available to consumers, encouraging use of deprecated patterns. hydrate is also deprecated in favor of hydrateRoot.","timestamp":"2026-05-20T20:42:29.359Z"}
|
|
299
|
+
{"filename":"org.service.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const functions = getFunctions(app, 'us-central1');","explanation":"Firebase region 'us-central1' is hardcoded in multiple places throughout the file. This creates deployment inflexibility if functions need to be deployed to different regions for different environments.","timestamp":"2026-05-20T20:42:55.264Z"}
|
|
300
|
+
{"filename":"org.service.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"timezone: params.timezone || 'America/New_York',\n currency: params.currency || 'USD',\n dateFormat: params.dateFormat || 'MM/DD/YYYY',","explanation":"Default values for timezone, currency, and dateFormat are hardcoded. These should be configurable based on deployment region or organization requirements.","timestamp":"2026-05-20T20:42:55.265Z"}
|
|
301
|
+
{"filename":"org.service.ts","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"timezone: 'America/New_York', // Now in settings\n currency: 'USD', // Now in settings\n dateFormat: 'MM/DD/YYYY', // Now in settings","explanation":"Default values are hardcoded even though comments indicate these should come from settings. This creates inconsistent behavior.","timestamp":"2026-05-20T20:42:55.265Z"}
|
|
302
|
+
{"filename":"org.service.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Org service error:', error);","explanation":"Debug console.error statement left in production code. This will clutter production logs and potentially expose sensitive error details.","timestamp":"2026-05-20T20:42:55.265Z"}
|
|
303
|
+
{"filename":"org.service.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const data = result.data as any;","explanation":"Variable named 'data' is generic and used repeatedly throughout the file, making it harder to track what specific data is being handled.","timestamp":"2026-05-20T20:42:55.265Z"}
|
|
304
|
+
{"filename":"job.service.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"const getCreateJobFn = () => {\n ensureFirebaseReady();\n const functions = getFunctions(app, 'us-central1');\n return httpsCallable(functions, 'createJob');\n};","explanation":"Seven nearly identical wrapper functions that each call ensureFirebaseReady() and getFunctions() to return httpsCallable. This abstraction adds indirection without reducing complexity - each function is used exactly once and could be inlined.","timestamp":"2026-05-20T20:43:06.642Z"}
|
|
305
|
+
{"filename":"job.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const result = await getCreateJobFn()({...});\n const data = result.data as any;\n if (!data.success) {\n throw new Error(data.message || 'Failed to create job');\n }\n return this.mapJobFromApi(data.job);\n } catch (error: any) {\n console.error('Job service error:', error);\n throw new Error(error.message || 'Failed to create job');\n }","explanation":"Every service method wraps its entire body in identical try/catch blocks that only log and re-throw with generic messages. This pattern is repeated across all 7 methods, masking specific Firebase errors that might need different handling.","timestamp":"2026-05-20T20:43:06.643Z"}
|
|
306
|
+
{"filename":"invitation.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"async createInvitation(email: string, role: Role): Promise<Invitation> {\n try {\n const result = await getCreateInvitationFn()({ email, role });\n const data = result.data as any;\n\n if (!data.success) {\n throw new Error(data.message || 'Failed to create invitation');\n }\n\n return data.invitation;\n } catch (error: any) {\n throw new Error(error.message || 'Failed to create invitation');\n }\n }","explanation":"Generic try/catch that converts all errors to the same generic message. Network errors, Firebase auth errors, and validation errors all become 'Failed to create invitation', making debugging impossible.","timestamp":"2026-05-20T20:43:23.123Z"}
|
|
307
|
+
{"filename":"invitation.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"async acceptInvitation(invitationId: string): Promise<void> {\n try {\n const result = await getAcceptInvitationFn()({ invitationId });\n const data = result.data as any;\n\n if (!data.success) {\n throw new Error(data.message || 'Failed to accept invitation');\n }\n } catch (error: any) {\n throw new Error(error.message || 'Failed to accept invitation');\n }\n }","explanation":"Same generic error handling pattern. Invitation expired, user already has access, and network failures all become the same error message.","timestamp":"2026-05-20T20:43:23.125Z"}
|
|
308
|
+
{"filename":"invitation.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"async cancelInvitation(invitationId: string): Promise<void> {\n try {\n const result = await getCancelInvitationFn()({ invitationId });\n const data = result.data as any;\n\n if (!data.success) {\n throw new Error(data.message || 'Failed to cancel invitation');\n }\n } catch (error: any) {\n throw new Error(error.message || 'Failed to cancel invitation');\n }\n }","explanation":"Repeated pattern of generic error handling that masks specific Firebase function errors with generic messages.","timestamp":"2026-05-20T20:43:23.125Z"}
|
|
309
|
+
{"filename":"invitation.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"async updateMemberRole(userId: string, role: Role): Promise<void> {\n try {\n const result = await getUpdateMemberRoleFn()({ userId, role });\n const data = result.data as any;\n\n if (!data.success) {\n throw new Error(data.message || 'Failed to update member role');\n }\n } catch (error: any) {\n throw new Error(error.message || 'Failed to update member role');\n }\n }","explanation":"Same generic try/catch pattern that converts permission errors, user not found errors, and network errors into the same generic message.","timestamp":"2026-05-20T20:43:23.125Z"}
|
|
310
|
+
{"filename":"invitation.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"async deactivateMember(userId: string): Promise<void> {\n try {\n const result = await getDeactivateMemberFn()({ userId });\n const data = result.data as any;\n\n if (!data.success) {\n throw new Error(data.message || 'Failed to deactivate member');\n }\n } catch (error: any) {\n throw new Error(error.message || 'Failed to deactivate member');\n }\n }","explanation":"Final instance of the same generic error handling that masks specific errors with a generic fallback message.","timestamp":"2026-05-20T20:43:23.125Z"}
|
|
311
|
+
{"filename":"file.service.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"const getUploadFileFn = () => {\n ensureFirebaseReady();\n const functions = getFunctions(app, 'us-central1');\n return httpsCallable(functions, 'uploadFile');\n};\nconst getGetSignedUrlFn = () => {\n ensureFirebaseReady();\n const functions = getFunctions(app, 'us-central1');\n return httpsCallable(functions, 'getSignedUrl');\n};","explanation":"Five nearly identical wrapper functions that only call ensureFirebaseReady() and return httpsCallable. Each wrapper is used exactly once and adds indirection without reducing complexity.","timestamp":"2026-05-20T20:43:37.146Z"}
|
|
312
|
+
{"filename":"file.service.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('File upload error:', error);","explanation":"Debug console.error statement left in production code that will clutter production logs and potentially expose internal error details.","timestamp":"2026-05-20T20:43:37.147Z"}
|
|
313
|
+
{"filename":"customer.service.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"const getCreateCustomerFn = () => {\n ensureFirebaseReady();\n const functions = getFunctions(app, 'us-central1');\n return httpsCallable(functions, 'createCustomer');\n};\nconst getUpdateCustomerFn = () => {\n ensureFirebaseReady();\n const functions = getFunctions(app, 'us-central1');\n return httpsCallable(functions, 'updateCustomer');\n};\n// ... repeated for 5 nearly identical functions","explanation":"Five nearly identical wrapper functions that only differ by the function name parameter. Each has identical initialization logic and is used exactly once.","timestamp":"2026-05-20T20:43:50.363Z"}
|
|
314
|
+
{"filename":"customer.service.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const result = await getCreateCustomerFn()(params);\n const data = result.data as any;\n\n if (!data.success) {\n throw new Error(data.message || 'Failed to create customer');\n }\n\n return this.mapCustomerFromApi(data.customer);\n} catch (error: any) {\n console.error('Customer service error:', error);\n throw new Error(error.message || 'Failed to create customer');\n}","explanation":"Generic error handling that catches all errors, logs them, and re-throws with a generic message. This pattern is repeated in all 5 service methods, losing specific error context.","timestamp":"2026-05-20T20:43:50.365Z"}
|
|
315
|
+
{"filename":"customer.service.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Customer service error:', error);","explanation":"Debug console.error statement left in production code that will log potentially sensitive customer data and Firebase errors to browser console.","timestamp":"2026-05-20T20:43:50.365Z"}
|
|
316
|
+
{"filename":"auth.service.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error refreshing auth token:', error);","explanation":"Console.error left in production code that could expose internal error details in browser console logs","timestamp":"2026-05-20T20:43:55.861Z"}
|
|
317
|
+
{"filename":"TestEventBusPage.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const [result, setResult] = useState<any>(null);","explanation":"Variable named 'result' is generic and provides no context about what type of result it contains - in this case it's specifically test execution results from the Event Bus function","timestamp":"2026-05-20T20:44:17.195Z"}
|
|
318
|
+
{"filename":"TestEventBusPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Calling testEventBus function...');","explanation":"Debug console.log statement left in production code that provides no value to end users and clutters production logs","timestamp":"2026-05-20T20:44:17.197Z"}
|
|
319
|
+
{"filename":"TestEventBusPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Test result:', response.data);","explanation":"Debug console.log statement left in production code that logs test results to browser console unnecessarily","timestamp":"2026-05-20T20:44:17.197Z"}
|
|
320
|
+
{"filename":"TeamPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error fetching team data:', err);","explanation":"Debug console.error statement left in production code that logs error objects, potentially exposing sensitive internal state or stack traces","timestamp":"2026-05-20T20:44:27.732Z"}
|
|
321
|
+
{"filename":"TeamPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error creating invitation:', err);","explanation":"Debug console.error statement left in production code that logs error objects, potentially exposing sensitive internal state","timestamp":"2026-05-20T20:44:27.734Z"}
|
|
322
|
+
{"filename":"TeamPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error deactivating member:', err);","explanation":"Debug console.error statement left in production code that logs error objects, potentially exposing sensitive internal state","timestamp":"2026-05-20T20:44:27.734Z"}
|
|
323
|
+
{"filename":"SettingsPage.tsx","pattern_id":"014","pattern_name":"fake-async-simulation","severity":"high","code_snippet":"setSaving(true);\n // TODO: Implement actual save\n await new Promise(resolve => setTimeout(resolve, 1000));\n setSaving(false);","explanation":"The handleSaveUISettings function uses setTimeout to simulate async work instead of implementing the actual save operation. This creates a fake loading state that misleads users into thinking their settings are being saved when no real work is performed.","timestamp":"2026-05-20T20:44:44.730Z"}
|
|
324
|
+
{"filename":"SettingsPage.tsx","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const handleSaveUISettings = async () => {\n if (!user) return;\n\n try {\n setSaving(true);\n setError('');\n setSuccess('');\n\n // TODO: Implement actual save\n await new Promise(resolve => setTimeout(resolve, 1000));\n setSaving(false);","explanation":"The handleSaveUISettings function has complete error handling structure and loading states but the core business logic is just a TODO comment with fake delay. This appears functional but performs no actual save operation.","timestamp":"2026-05-20T20:44:44.731Z"}
|
|
325
|
+
{"filename":"OnboardingGatePage.tsx","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"<div style={{ fontSize: 48, marginBottom: 16 }}>🏗️</div>","explanation":"Using emoji in user interface elements. While this is UI decoration rather than debug output, it can cause encoding issues in different environments and may not render consistently across all systems.","timestamp":"2026-05-20T20:44:51.698Z"}
|
|
326
|
+
{"filename":"OnboardingGatePage.tsx","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"<div style={{ fontSize: 48, marginBottom: 16 }}>👥</div>","explanation":"Using emoji in user interface elements. While this is UI decoration rather than debug output, it can cause encoding issues in different environments and may not render consistently across all systems.","timestamp":"2026-05-20T20:44:51.698Z"}
|
|
327
|
+
{"filename":"InvitePage.tsx","pattern_id":"014","pattern_name":"fake-async-simulation","severity":"high","code_snippet":"setTimeout(() => {\n navigate('/dashboard');\n }, 2000);","explanation":"Using hardcoded 2-second delay to simulate navigation timing. This creates an arbitrary wait that doesn't correspond to any actual async operation completing.","timestamp":"2026-05-20T20:44:58.189Z"}
|
|
328
|
+
{"filename":"InvitePage.tsx","pattern_id":"014","pattern_name":"fake-async-simulation","severity":"high","code_snippet":"setTimeout(() => {\n navigate('/dashboard');\n }, 2000);","explanation":"Another hardcoded 2-second delay before navigation. This creates artificial waiting time that provides no functional benefit and degrades user experience.","timestamp":"2026-05-20T20:44:58.190Z"}
|
|
329
|
+
{"filename":"CreateOrgPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error getting auth token:', err);","explanation":"Debug console.error statement left in production authentication code that could expose sensitive error details in production logs","timestamp":"2026-05-20T20:45:08.584Z"}
|
|
330
|
+
{"filename":"CreateOrgPage.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error creating organization:', err);","explanation":"Debug console.error statement in organization creation flow that could log sensitive error information including tokens or user data","timestamp":"2026-05-20T20:45:08.585Z"}
|
|
331
|
+
{"filename":"usePermissions.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Get permissions from current org (multi-org support)\n // Check if permissions are explicitly set (not just empty array)","explanation":"Comments simply restate what the code does rather than explaining business logic or reasoning. The first comment just says 'get permissions' which is obvious from the variable assignment below.","timestamp":"2026-05-20T20:45:19.549Z"}
|
|
332
|
+
{"filename":"usePermissions.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Type-safe role checks - role from currentOrg is a Role enum","explanation":"Comment restates that these are role checks, which is obvious from the variable names and comparisons below. Adds no context about why these specific role checks are needed.","timestamp":"2026-05-20T20:45:19.550Z"}
|
|
333
|
+
{"filename":"usePermissions.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" loading: false, // No async loading needed - data comes from AuthContext","explanation":"Comment explains why loading is false, which provides some context, but the hardcoded false value suggests this might be incomplete implementation.","timestamp":"2026-05-20T20:45:19.550Z"}
|
|
334
|
+
{"filename":"usePermissionRegistry.ts","pattern_id":"013","pattern_name":"emoji-debugging","severity":"medium","code_snippet":"console.warn(`Failed to load permissions for plugin ${pluginId}:`, error);","explanation":"While this specific line doesn't contain emoji, it's part of a console logging pattern in production code that could lead to log pollution","timestamp":"2026-05-20T20:45:27.536Z"}
|
|
335
|
+
{"filename":"usePermissionRegistry.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Failed to load permission registry:', error);","explanation":"Console.error statements left in production code create log pollution and don't provide structured logging for monitoring systems","timestamp":"2026-05-20T20:45:27.536Z"}
|
|
336
|
+
{"filename":"useFeatureFlags.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"const checkOrgDocument = async (orgId: string) => {\n try {\n const orgRef = doc(db, `orgs/${orgId}`);\n const orgSnap = await getDoc(orgRef);\n \n if (orgSnap.exists()) {\n const orgData = orgSnap.data();\n const enabledTools = orgData.enabledTools || [];\n setEnabled(enabledTools.includes(toolId));\n } else {\n setEnabled(false);\n }\n }","explanation":"The checkOrgDocument function is defined as a helper but contains nearly identical logic to the main snapshot listener, just with a different data source. The abstraction doesn't reduce complexity or parameters meaningfully.","timestamp":"2026-05-20T20:45:38.081Z"}
|
|
337
|
+
{"filename":"useAuth.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"signUp: async (params: SignUpParams) => {\n try {\n await authService.signUp(params);\n } catch (error) {\n throw error;\n }\n },\n signIn: async (params: SignInParams) => {\n try {\n await authService.signIn(params);\n } catch (error) {\n throw error;\n }\n },\n signOut: async () => {\n try {\n await authService.signOut();\n } catch (error) {\n throw error;\n }\n },\n resetPassword: async (email: string) => {\n try {\n await authService.resetPassword(email);\n } catch (error) {\n throw error;\n }\n }","explanation":"Every auth method is wrapped in identical try/catch blocks that simply rethrow the error without any transformation, logging, or handling. This adds no value and creates unnecessary code duplication.","timestamp":"2026-05-20T20:45:48.727Z"}
|
|
338
|
+
{"filename":"useAuth.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"export function useAuth() {\n const context = useAuthContext();\n \n return {\n ...context,\n // Expose service methods with error handling\n signUp: async (params: SignUpParams) => {\n try {\n await authService.signUp(params);\n } catch (error) {\n throw error;\n }\n },","explanation":"The hook wraps authService methods in functions that provide no additional functionality - they just pass through parameters and rethrow errors. This abstraction layer adds indirection without reducing complexity.","timestamp":"2026-05-20T20:45:48.727Z"}
|
|
339
|
+
{"filename":"DesignModeContext.tsx","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"if (typeof window !== 'undefined') {\n const w = window as unknown as { __FF_SHARED__?: { designMode?: boolean } };\n if (w.__FF_SHARED__) w.__FF_SHARED__.designMode = flag;\n }","explanation":"Variable 'w' is a generic name in a non-trivial context where 'globalWindow' or 'windowWithShared' would communicate intent better","timestamp":"2026-05-20T20:45:54.567Z"}
|
|
340
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Error getting custom claims:', error);","explanation":"Console.error statement left in production authentication code that will clutter production logs and potentially expose sensitive authentication error details","timestamp":"2026-05-20T20:46:01.837Z"}
|
|
341
|
+
{"filename":"AuthContext.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('Auth state change error:', error);","explanation":"Console.error statement left in production authentication code that will expose authentication errors in production logs","timestamp":"2026-05-20T20:46:01.838Z"}
|
|
342
|
+
{"filename":"useInstalledPlugins.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"platformSnap.docs.forEach((d) => {\n const data = d.data();","explanation":"Variables 'd' and 'data' are generic names in a complex context where domain-specific names would improve readability. This is a non-trivial function processing plugin metadata.","timestamp":"2026-05-20T20:46:09.742Z"}
|
|
343
|
+
{"filename":"useInstalledPlugins.ts","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"snap.docs.forEach((d) => {\n const data = d.data();","explanation":"Another instance of generic 'd' and 'data' variables in the installed plugins snapshot processing, making it harder to distinguish from the platform plugins processing above.","timestamp":"2026-05-20T20:46:09.743Z"}
|
|
344
|
+
{"filename":"PluginRegistry.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"export class PluginRegistry {\n // Future: Plugin registration, validation, etc.\n}","explanation":"Empty class with no implementation that serves no current purpose. The comment indicates it's a placeholder for future functionality that doesn't exist yet.","timestamp":"2026-05-20T20:46:17.755Z"}
|
|
345
|
+
{"filename":"PluginLoader.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error(`[PluginLoader] Failed to load plugin ${pluginId}:`, error);","explanation":"Console.error statement left in production code that will log plugin loading failures to browser console, potentially exposing internal system details and errors","timestamp":"2026-05-20T20:46:25.081Z"}
|
|
346
|
+
{"filename":"PluginLoader.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error(`[PluginLoader] Failed to load plugin:`, error);","explanation":"Console.error statement left in production code that will log plugin loading errors to browser console, potentially exposing internal system structure and error details","timestamp":"2026-05-20T20:46:25.081Z"}
|
|
347
|
+
{"filename":"PluginContainer.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import { collection, query, where, getDocs, getDoc, doc, orderBy, limit, addDoc, updateDoc, deleteDoc, setDoc, serverTimestamp, type QueryConstraint } from 'firebase/firestore';\nimport { sanitizeForFirestore } from '../utils/sanitizeForFirestore';","explanation":"Multiple Firebase Firestore imports and sanitizeForFirestore utility are imported but never used in the component. The component defines context methods that would use these imports, but the actual implementation is truncated.","timestamp":"2026-05-20T20:46:35.321Z"}
|
|
348
|
+
{"filename":"PluginContainer.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Plugin Container\n * \n * Loads and renders a plugin dynamically\n * Wraps plugin in SDK provider to inject platform context\n */","explanation":"The comment restates what is already obvious from the component name and props structure. It explains WHAT the component does but not WHY or any important context about how plugin loading works.","timestamp":"2026-05-20T20:46:35.323Z"}
|
|
349
|
+
{"filename":"EventBus.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('[EventBus] Listener error:', e);","explanation":"Console.error statements left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T20:46:43.286Z"}
|
|
350
|
+
{"filename":"EventBus.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('[EventBus] Wildcard listener error:', e);","explanation":"Console.error statements left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T20:46:43.287Z"}
|
|
351
|
+
{"filename":"EventBus.ts","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.error('[EventBus] Failed to log event:', err);","explanation":"Console.error statements left in production code that will clutter production logs and potentially expose internal error details","timestamp":"2026-05-20T20:46:43.287Z"}
|
|
352
|
+
{"filename":"WYSIWYGCanvas.tsx","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import type { LayoutConfig, LayoutField, LayoutSection } from '@flowforge/sdk';\nimport {\n useInlineCustomFields,\n InlineFieldTypePicker,\n InlineFieldConfigPanel,\n nextSectionId,\n type BaseField,\n type CustomFieldDefinition,\n type FieldInfo,\n type FieldType,\n} from './LayoutBuilder';","explanation":"The package '@flowforge/sdk' appears to be a custom/internal package that may not exist. The imports from './LayoutBuilder' include several exports (useInlineCustomFields, InlineFieldTypePicker, InlineFieldConfigPanel, nextSectionId) and types that may not be available from that module.","timestamp":"2026-05-20T20:46:52.832Z"}
|
|
353
|
+
{"filename":"WYSIWYGCanvas.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"nextSectionId,\n type BaseField,\n type CustomFieldDefinition,\n type FieldInfo,\n type FieldType,","explanation":"Several imports from './LayoutBuilder' appear to be unused in the visible portion of the code: nextSectionId, BaseField, CustomFieldDefinition, FieldInfo, and FieldType are imported but not referenced in the code.","timestamp":"2026-05-20T20:46:52.833Z"}
|
|
354
|
+
{"filename":"PermissionEditorDialog.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n await onSave(member.userId, selectedPermissions);\n onClose();\n } catch (error: any) {\n alert(error.message || 'Failed to save permissions');\n } finally {\n setSaving(false);\n }","explanation":"Generic error handling that swallows all errors with a simple alert. Different error types (network errors, validation errors, permission errors) should be handled distinctly, and alert() is not appropriate for production error handling.","timestamp":"2026-05-20T20:47:04.197Z"}
|
|
355
|
+
{"filename":"Navigation.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"import { useCallback, useEffect, useMemo, useRef, useState, type DragEvent } from 'react';","explanation":"DragEvent is imported but never used in the visible code. The file appears to be importing more React hooks and types than necessary.","timestamp":"2026-05-20T20:47:09.260Z"}
|
|
356
|
+
{"filename":"LayoutBuilder.tsx","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import type { LayoutConfig, LayoutSection, LayoutField } from '@flowforge/sdk';","explanation":"Importing from '@flowforge/sdk' which appears to be a fabricated package name. The '@flowforge' namespace and SDK package combination is not a known public package and follows the pattern of plausible-sounding but non-existent imports.","timestamp":"2026-05-20T20:47:15.844Z"}
|
|
357
|
+
{"filename":"FirebaseReady.tsx","pattern_id":"014","pattern_name":"fake-async-simulation","severity":"high","code_snippet":"for (let i = 0; i < 10; i++) {\n await new Promise(resolve => setTimeout(resolve, 50));","explanation":"Uses setTimeout with hardcoded 50ms delays in a loop to simulate waiting for Firebase initialization, creating 500ms of artificial delay without any real verification of Firebase readiness","timestamp":"2026-05-20T20:47:21.641Z"}
|
|
358
|
+
{"filename":"FileUpload.tsx","pattern_id":"014","pattern_name":"fake-async-simulation","severity":"high","code_snippet":"const progressInterval = setInterval(() => {\n setProgress((prev) => {\n if (prev >= 90) {\n clearInterval(progressInterval);\n return 90;\n }\n return prev + 10;\n });\n }, 200);","explanation":"The code simulates file upload progress using a fake timer-based progress bar that increments every 200ms. This creates the illusion of real upload progress without tracking actual file upload status, which can mislead users about the true upload state.","timestamp":"2026-05-20T20:47:37.547Z"}
|
|
359
|
+
{"filename":"FileUpload.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// Simulate progress (in real app, you'd track actual upload progress)","explanation":"This comment simply restates what the code is doing (simulating progress) without explaining the business reasoning or when this should be replaced with real progress tracking.","timestamp":"2026-05-20T20:47:37.548Z"}
|
|
360
|
+
{"filename":"FileUpload.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"const file = files[0]; // For now, handle single file","explanation":"Comment simply translates the code (taking first file) rather than explaining why only single file handling is implemented when the component accepts a 'multiple' prop.","timestamp":"2026-05-20T20:47:37.548Z"}
|
|
361
|
+
{"filename":"FileUpload.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"const file = files[0]; // For now, handle single file","explanation":"Duplicate comment that restates the obvious action of taking the first file without explaining the limitation or future plans.","timestamp":"2026-05-20T20:47:37.548Z"}
|
|
362
|
+
{"filename":"FileUpload.tsx","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// Reset input","explanation":"Comment directly translates the line below it (e.target.value = '') without explaining why the input needs to be reset.","timestamp":"2026-05-20T20:47:37.548Z"}
|
|
363
|
+
{"filename":"DynamicForm.tsx","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"Component,\n type ErrorInfo,\n type ReactNode,","explanation":"React Component, ErrorInfo, and ReactNode are imported but never used in the visible code. These appear to be leftover imports from error boundary implementation that was removed or never completed.","timestamp":"2026-05-20T20:47:43.258Z"}
|
|
364
|
+
{"filename":"DesignModeOverlay.tsx","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"void (async () => {","explanation":"While not a console.log, the void operator with an async IIFE is a debugging/development pattern that suggests incomplete error handling for the async operation","timestamp":"2026-05-20T20:47:50.424Z"}
|
|
365
|
+
{"filename":"DesignModeBar.tsx","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"void saveAll()\n .catch(() => {})\n .finally(() => setSaving(false));","explanation":"The saveAll() promise is caught with an empty handler that silences all errors. Users will see the saving state clear but won't know if the save actually failed or what went wrong.","timestamp":"2026-05-20T20:47:56.535Z"}
|
|
366
|
+
{"filename":"industryTemplates.ts","pattern_id":"016","pattern_name":"mock-data-pollution","severity":"medium","code_snippet":"export const customerTemplates: Record<string, IndustryTemplate> = {\n hvac: {\n id: 'hvac',\n name: 'HVAC',\n description: 'Customer fields for HVAC service companies',\n customFields: [\n { id: 'custom_equipment_on_property', label: 'Equipment on Property', type: 'textarea', showInList: false, showInForm: true, helpText: 'List of HVAC equipment installed at this property' },\n // ... extensive detailed template data for 6 industries\n ]\n },\n // ... continues for general_contractor, plumbing, electrical, roofing, landscaping\n};","explanation":"Large amounts of detailed template data embedded directly in the source file. While this is template data rather than mock data, it follows the same pattern of cluttering the codebase with extensive hardcoded configuration that should be externalized.","timestamp":"2026-05-20T20:48:07.174Z"}
|
|
367
|
+
{"filename":"firebase.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// Initialize Firebase only if not already initialized\n// This prevents \"Firebase App already initialized\" errors","explanation":"The comment restates what the conditional logic does rather than explaining the business reason for preventing reinitialization","timestamp":"2026-05-20T20:48:29.307Z"}
|
|
368
|
+
{"filename":"firebase.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// Initialize services only after app is confirmed to be initialized\n// Wrap in try-catch to handle any service initialization errors","explanation":"Comments explain what the code obviously does (initialize services, wrap in try-catch) rather than why this specific order matters","timestamp":"2026-05-20T20:48:29.309Z"}
|
|
369
|
+
{"filename":"firebase.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// Initialize all services synchronously\n// CRITICAL: Initialize in order and verify each one","explanation":"First comment restates what the code does; second comment doesn't explain why the order is critical","timestamp":"2026-05-20T20:48:29.309Z"}
|
|
370
|
+
{"filename":"firebase.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n const existingApps = getApps();\n // ... entire initialization block\n} catch (error: any) {\n console.error('[Firebase Config] Failed to initialize Firebase:', error);\n // ... recovery logic\n}","explanation":"Large try-catch block wrapping multiple distinct operations (app checking, initialization, validation) with complex recovery logic that may mask specific initialization failures","timestamp":"2026-05-20T20:48:29.309Z"}
|
|
371
|
+
{"filename":"firebase.ts","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n // Initialize all services synchronously\n auth = getAuth(app);\n // ... all service initializations\n} catch (error) {\n console.error('[Firebase Config] Failed to initialize Firebase services:', error);\n throw error;\n}","explanation":"Single try-catch around all service initializations prevents distinguishing between auth failures, firestore connection issues, and functions region problems","timestamp":"2026-05-20T20:48:29.309Z"}
|
|
372
|
+
{"filename":"firebase.ts","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"export function ensureFirebaseReady(): void {\n const apps = getApps();\n if (apps.length === 0) {\n throw new Error('Firebase app not initialized. This should never happen if firebase.ts was imported correctly.');\n }\n if (apps[0].name !== '[DEFAULT]') {\n throw new Error(`Firebase app name is '${apps[0].name}', expected '[DEFAULT]'. This may cause Firebase operations to fail.`);\n }\n}","explanation":"Helper function that's likely used once or twice and simply wraps two getApps() checks - adds indirection without reducing complexity","timestamp":"2026-05-20T20:48:29.309Z"}
|
|
373
|
+
{"filename":"index.ts","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"// import * as apiJobs from './api/jobs';\n// import * as apiCustomers from './api/customers';","explanation":"Commented-out import statements for apiJobs and apiCustomers that are already imported above on lines 28-29. These are dead code that should be removed.","timestamp":"2026-05-20T20:48:36.567Z"}
|
|
374
|
+
{"filename":"index.ts","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"// import * as coreAuth from './core/auth';\n// import * as corePermissions from './core/permissions';\n\n// Triggers\n// import * as triggers from './triggers';","explanation":"Commented-out imports for coreAuth, corePermissions, and triggers that are never used in the file. These are leftover imports from code generation that should be cleaned up.","timestamp":"2026-05-20T20:48:36.568Z"}
|
|
375
|
+
{"filename":"updatePluginBundleUrls.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in the source code, making this script only work for one specific environment and creating deployment fragility","timestamp":"2026-05-20T20:48:44.751Z"}
|
|
376
|
+
{"filename":"updatePluginBundleUrls.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"console.log(`Project: flow-forge-1c74d`);","explanation":"Project ID is hardcoded again in logging output, duplicating the configuration coupling","timestamp":"2026-05-20T20:48:44.751Z"}
|
|
377
|
+
{"filename":"updatePluginBundleUrls.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const BATCH_SIZE = 500;","explanation":"Firestore batch size limit is hardcoded without explanation or configurability, could cause issues if requirements change","timestamp":"2026-05-20T20:48:44.751Z"}
|
|
378
|
+
{"filename":"update-plugin-nav.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Updating plugin nav metadata in platform/plugins/plugins ...');","explanation":"Production script contains console.log statements that will clutter logs when run in automated environments","timestamp":"2026-05-20T20:48:52.741Z"}
|
|
379
|
+
{"filename":"update-plugin-nav.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(` - ${plugin.pluginId}`);","explanation":"Debug logging left in production script that will create noise in automated execution","timestamp":"2026-05-20T20:48:52.742Z"}
|
|
380
|
+
{"filename":"update-plugin-nav.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Done.');","explanation":"Completion logging that may be unnecessary noise in production automation","timestamp":"2026-05-20T20:48:52.743Z"}
|
|
381
|
+
{"filename":"seedIntegrationCatalog.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"The Firebase project ID is hardcoded directly in the source code. This creates deployment fragility and couples the code to a specific environment, making it impossible to run this script against different environments (dev, staging, prod) without code changes.","timestamp":"2026-05-20T20:49:02.882Z"}
|
|
382
|
+
{"filename":"seedIntegrationCatalog.js","pattern_id":"016","pattern_name":"mock-data-pollution","severity":"medium","code_snippet":"const CATALOG = [\n {\n integrationId: 'twilio',\n name: 'Twilio SMS',\n description:\n 'Send and receive SMS messages with customers and field crews. Enables the Smart Capture workflow.',\n category: 'communication',\n authType: 'api_key',\n capabilities: ['sms_send', 'sms_receive', 'smart_capture', 'a2p_10dlc'],\n available: true,\n comingSoon: false,\n phase: '2B',\n },\n // ... multiple similar objects","explanation":"Large catalog of detailed integration data is hardcoded directly in the script file. This makes the script harder to maintain and couples the data structure to the code. When integrations change or new ones are added, the script file itself must be modified.","timestamp":"2026-05-20T20:49:02.883Z"}
|
|
383
|
+
{"filename":"seedDemoOrgs.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded directly in the source code, making the script environment-specific and preventing it from running against different Firebase projects or environments without code changes.","timestamp":"2026-05-20T20:49:08.254Z"}
|
|
384
|
+
{"filename":"reset-plugin-installs.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const ORG_ID = 'org_reid_builds_1770408645439_fzm7fmvup';\nconst PLUGINS = ['estimating', 'customers', 'dashboard', 'jobs'];","explanation":"Organization ID and plugin list are hardcoded in source code instead of being passed as command line arguments or environment variables. This makes the script inflexible and requires code changes to target different orgs.","timestamp":"2026-05-20T20:49:19.295Z"}
|
|
385
|
+
{"filename":"reset-plugin-installs.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(`Resetting installed_plugins for org ${ORG_ID} ...`);\n...\nconsole.log(` - deleted orgs/${ORG_ID}/installed_plugins/${pluginId}`);\n...\nconsole.log(`Summary:`);\nconsole.log(` Deleted: ${deleted.length ? deleted.join(', ') : '(none)'}`);\nconsole.log(` Not found: ${missing.length ? missing.join(', ') : '(none)'}`);","explanation":"Multiple console.log statements throughout the script. While this is a one-off utility script, the logs expose internal organization structure and could leak sensitive org IDs in production environments.","timestamp":"2026-05-20T20:49:19.295Z"}
|
|
386
|
+
{"filename":"refresh-demo-data.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const PROJECT_ID = 'flow-forge-1c74d';\nconst ORG_ID = 'org_restoration_demo_001';\nconst BATCH_SIZE = 450;","explanation":"Production Firebase project ID and organization ID are hardcoded in source code. While this is a demo data script, these values should still be configurable via environment variables to avoid coupling the script to specific environments.","timestamp":"2026-05-20T20:49:28.352Z"}
|
|
387
|
+
{"filename":"refresh-demo-data.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const ANCHOR_ISO = process.env.DEMO_ANCHOR_ISO || '2026-05-13T18:00:00.000Z';","explanation":"While this does check environment variables first, the hardcoded fallback date '2026-05-13T18:00:00.000Z' will become outdated and cause the demo to show stale timestamps relative to when the script is actually run.","timestamp":"2026-05-20T20:49:28.352Z"}
|
|
388
|
+
{"filename":"patchDemoOrgData.js","pattern_id":"016","pattern_name":"mock-data-pollution","severity":"medium","code_snippet":"const orgPatches = [\n {\n orgId: 'org_residential_gc_demo_001',\n scheduleEvents: [\n {\n entry_id: 'se_ccg_001',\n orgId: 'org_residential_gc_demo_001',\n jobId: 'job_ccg_001',\n jobTitle: 'Riverside Kitchen & Bath Remodel',\n technicianId: 'marcus_carpenter',\n technicianName: 'Marcus Webb',\n start_datetime: '2026-04-07T08:00:00',\n end_datetime: '2026-04-07T16:00:00',\n status: 'scheduled',\n type: 'project',\n notes: 'Electrical rough-in — coordinate with sub',\n },","explanation":"Large mock data object with hundreds of lines of detailed fake business data embedded directly in the script file. This creates maintenance overhead and makes the core logic harder to understand.","timestamp":"2026-05-20T20:49:35.598Z"}
|
|
389
|
+
{"filename":"patch-vendors-invoices.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const PROJECT_ID = 'flow-forge-1c74d';\nconst ORG_ID = 'org_restoration_demo_001';\nconst BATCH_SIZE = 450;","explanation":"Project ID and organization ID are environment-specific constants hardcoded in source code. These should be configurable via environment variables to avoid coupling the script to specific environments and enable reuse.","timestamp":"2026-05-20T20:49:41.684Z"}
|
|
390
|
+
{"filename":"addDemoOrgsToUser.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const TARGET_USER_ID = 'MClh6neIPBdqRQO8wIJza6UNXBJ3';","explanation":"User ID is hardcoded directly in the script instead of being passed as a command line argument or environment variable, making the script inflexible and potentially exposing user IDs in version control","timestamp":"2026-05-20T20:49:52.903Z"}
|
|
391
|
+
{"filename":"addDemoOrgsToUser.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded in source code, preventing the script from being used across different environments or projects without code changes","timestamp":"2026-05-20T20:49:52.904Z"}
|
|
392
|
+
{"filename":"addDemoOrgsToUser.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('Before claims.orgs:', JSON.stringify(beforeOrgs));","explanation":"Debug console.log statements left in production script that could log sensitive user data and org information","timestamp":"2026-05-20T20:49:52.904Z"}
|
|
393
|
+
{"filename":"addDemoOrgsToUser.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log('After claims.orgs:', JSON.stringify(afterOrgs));","explanation":"Debug console.log statements left in production script that could log sensitive user data and org information","timestamp":"2026-05-20T20:49:52.904Z"}
|
|
394
|
+
{"filename":"addDemoOrgsToUser.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(`\\nDone. Added ${added} demo orgs to user claims.`);","explanation":"Debug console.log statements left in production script that could log sensitive operational information","timestamp":"2026-05-20T20:49:52.904Z"}
|
|
395
|
+
{"filename":"addDemoOrgMemberships.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"const TARGET_USER_ID = 'MClh6neIPBdqRQO8wIJza6UNXBJ3';","explanation":"Firebase user ID is hardcoded directly in source code. This creates deployment fragility and makes the script non-reusable for different users without code changes.","timestamp":"2026-05-20T20:50:06.879Z"}
|
|
396
|
+
{"filename":"addDemoOrgMemberships.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"admin.initializeApp({ projectId: 'flow-forge-1c74d' });","explanation":"Firebase project ID is hardcoded in source code, coupling the script to a specific environment and making it non-portable across different deployments.","timestamp":"2026-05-20T20:50:06.881Z"}
|
|
397
|
+
{"filename":"index.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"// import * as apiJobs from './api/jobs';\n// import * as apiCustomers from './api/customers';\n// Platform core","explanation":"Commented out import statements suggest unused imports that were removed but left as comments, creating code clutter","timestamp":"2026-05-20T20:50:13.543Z"}
|
|
398
|
+
{"filename":"index.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"// import * as coreAuth from './core/auth';\n// import * as corePermissions from './core/permissions';\n// Triggers\n// import * as triggers from './triggers';","explanation":"More commented out import statements that indicate unused imports, adding noise to the codebase","timestamp":"2026-05-20T20:50:13.543Z"}
|
|
399
|
+
{"filename":"index-4DfZGhkL.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"function q1(t,e){for(var n=0;n<e.length;n++){const r=e[n];","explanation":"Variables are named with single letters (t, e, n, r) throughout the code, making it extremely difficult to understand what each variable represents","timestamp":"2026-05-20T20:50:24.514Z"}
|
|
400
|
+
{"filename":"react.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"const {\n useState, useEffect, useRef, useCallback, useMemo, useContext, useReducer, useId, useSyncExternalStore,\n createContext, createElement, Fragment, forwardRef, memo, lazy, Suspense,\n Component, PureComponent, Children, cloneElement, isValidElement, createRef,\n startTransition, useTransition, useDeferredValue, useImperativeHandle, useLayoutEffect, useDebugValue,\n} = R;","explanation":"The destructured exports include React APIs that may not exist or were added in different React versions. Specifically, useSyncExternalStore, useId, startTransition, useTransition, useDeferredValue are newer React 18 features that may not be available in all React versions, and useDebugValue is a specialized hook that's rarely used in production code.","timestamp":"2026-05-20T20:50:32.584Z"}
|
|
401
|
+
{"filename":"react-dom.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"const { createPortal, flushSync, render, unmountComponentAtNode, findDOMNode, hydrate } = RD;","explanation":"unmountComponentAtNode and findDOMNode are deprecated APIs in React 18. unmountComponentAtNode was replaced with createRoot().unmount(), and findDOMNode is discouraged in favor of refs.","timestamp":"2026-05-20T20:50:43.908Z"}
|
|
402
|
+
{"filename":"react-dom.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"export { createPortal, flushSync, render, unmountComponentAtNode, findDOMNode, hydrate };","explanation":"Exporting deprecated APIs (unmountComponentAtNode, findDOMNode, render, hydrate) makes them available to consumers, encouraging use of outdated patterns that will break in future React versions.","timestamp":"2026-05-20T20:50:43.909Z"}
|
|
403
|
+
{"filename":"browser.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const parser = new YargsParser({\n cwd: () => { return '' },\n format: (str, arg) => { return str.replace('%s', arg) },\n normalize: (str) => { return str },\n resolve: (str) => { return str },\n require: () => {\n throw Error('loading config from files not currently supported in browser')\n },\n env: () => {}\n})","explanation":"Several functions are stubs that don't implement their intended functionality: cwd() returns empty string instead of current working directory, normalize() and resolve() return input unchanged (no path normalization/resolution), and env() returns undefined instead of environment variables. These create a shell that looks functional but doesn't provide the expected behavior.","timestamp":"2026-05-20T20:50:54.797Z"}
|
|
404
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"return browsers.reduce((result, entry) => {","explanation":"Generic variable name 'result' used in a reduce operation where 'browserMap' or 'groupedBrowsers' would better communicate intent","timestamp":"2026-05-20T20:52:04.438Z"}
|
|
405
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"return browsers.reduce((result, entry) => {","explanation":"Generic variable name 'entry' used when iterating over browser data where 'browser' would be more descriptive","timestamp":"2026-05-20T20:52:04.440Z"}
|
|
406
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":".reduce((result, array) => result.concat(array), [])","explanation":"Generic variable names 'result' and 'array' in reduce operation where 'allChanges' and 'browserChanges' would be clearer","timestamp":"2026-05-20T20:52:04.440Z"}
|
|
407
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"for (let i in node.dependencies) {","explanation":"Generic variable name 'i' used when iterating over dependency names where 'depName' or 'packageName' would be more descriptive","timestamp":"2026-05-20T20:52:04.440Z"}
|
|
408
|
+
{"filename":"cli.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n updateDb()\n } catch (e) {\n if (e.name === 'BrowserslistUpdateError') {\n error(e.message)\n } else {\n throw e\n }\n }","explanation":"Generic try-catch with only one specific error type handled. All other errors are re-thrown without any additional context or logging, making debugging difficult for unexpected errors.","timestamp":"2026-05-20T20:52:14.174Z"}
|
|
409
|
+
{"filename":"check-npm-version.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"} catch (e) {}","explanation":"Empty catch block silences all errors from execSync without any handling or logging, making debugging impossible if the command fails","timestamp":"2026-05-20T20:52:19.591Z"}
|
|
410
|
+
{"filename":"snapshot-agent.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import MockAgent from './mock-agent'","explanation":"This import statement assumes the existence of a './mock-agent' module with a default export. In TypeScript declaration files, this is particularly problematic because it creates a hard dependency on a module that may not exist or may not have the expected export structure.","timestamp":"2026-05-20T20:52:37.134Z"}
|
|
411
|
+
{"filename":"mock-errors.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import Errors from './errors'","explanation":"The import assumes a default export from './errors', but TypeScript declaration files typically use named exports or namespaces. The reference to 'Errors.UndiciError' suggests it should be importing from a namespace or named export structure.","timestamp":"2026-05-20T20:53:20.931Z"}
|
|
412
|
+
{"filename":"mock-call-history.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import Dispatcher from './dispatcher'","explanation":"This imports a default export 'Dispatcher' from a relative './dispatcher' module, but only uses the namespaced type 'Dispatcher.DispatchOptions' in the code. This suggests either the import should be a type-only import, or the module doesn't export a default 'Dispatcher' but rather has a namespace. The import pattern doesn't match the usage pattern.","timestamp":"2026-05-20T20:53:30.557Z"}
|
|
413
|
+
{"filename":"header.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { Autocomplete } from './utility'","explanation":"The import references an 'Autocomplete' type from a './utility' module that may not exist or may not export this specific type. This is a common AI pattern of generating plausible-sounding import statements without verifying the actual API surface.","timestamp":"2026-05-20T20:53:45.611Z"}
|
|
414
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n connectTimeout?: number;","explanation":"TypeScript definition includes a TODO comment for connectTimeout property, indicating incomplete documentation in what appears to be a complete interface definition","timestamp":"2026-05-20T20:53:59.411Z"}
|
|
415
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n socketPath?: string;","explanation":"TypeScript definition includes a TODO comment for socketPath property, indicating incomplete documentation in what appears to be a complete interface definition","timestamp":"2026-05-20T20:53:59.411Z"}
|
|
416
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n maxCachedSessions?: number;","explanation":"TypeScript definition includes a TODO comment for maxCachedSessions property, indicating incomplete documentation in what appears to be a complete interface definition","timestamp":"2026-05-20T20:53:59.412Z"}
|
|
417
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n connect?: Omit<Partial<buildConnector.BuildOptions>, 'allowH2'> | buildConnector.connector;","explanation":"TypeScript definition includes a TODO comment for connect property, indicating incomplete documentation in what appears to be a complete interface definition","timestamp":"2026-05-20T20:53:59.412Z"}
|
|
418
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n maxRequestsPerClient?: number;","explanation":"TypeScript definition includes a TODO comment for maxRequestsPerClient property, indicating incomplete documentation in what appears to be a complete interface definition","timestamp":"2026-05-20T20:53:59.412Z"}
|
|
419
|
+
{"filename":"h2c-client.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"/** TODO */\n localAddress?: string;","explanation":"TypeScript definition includes a TODO comment for localAddress property, indicating incomplete documentation in what appears to be a complete interface definition","timestamp":"2026-05-20T20:53:59.412Z"}
|
|
420
|
+
{"filename":"formdata.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { File } from 'buffer'","explanation":"The Node.js 'buffer' module does not export a 'File' class. This import will cause a runtime error when the code tries to use this type definition.","timestamp":"2026-05-20T20:54:14.742Z"}
|
|
421
|
+
{"filename":"formdata.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { SpecIterableIterator } from './fetch'","explanation":"This imports SpecIterableIterator from a relative './fetch' module that likely doesn't exist or doesn't export this specific type. This will cause a module resolution error.","timestamp":"2026-05-20T20:54:14.743Z"}
|
|
422
|
+
{"filename":"eventsource.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import { MessageEvent, ErrorEvent } from './websocket'","explanation":"MessageEvent and ErrorEvent are standard DOM types that should be imported from 'lib.dom.d.ts' or the global scope, not from a './websocket' module. This import path suggests these types are being imported from a non-standard location.","timestamp":"2026-05-20T20:54:26.979Z"}
|
|
423
|
+
{"filename":"eventsource.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import {\n EventListenerOptions,\n AddEventListenerOptions,\n EventListenerOrEventListenerObject\n} from './patch'","explanation":"EventListenerOptions, AddEventListenerOptions, and EventListenerOrEventListenerObject are standard DOM types that should be available globally in TypeScript's DOM lib, not imported from a './patch' module.","timestamp":"2026-05-20T20:54:26.980Z"}
|
|
424
|
+
{"filename":"diagnostics-channel.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import buildConnector from './connector'","explanation":"The import uses a default export pattern but then references 'buildConnector.connector' as a type, suggesting the actual export structure doesn't match the import pattern. This would cause a TypeScript compilation error.","timestamp":"2026-05-20T20:54:41.168Z"}
|
|
425
|
+
{"filename":"cookies.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import type { Headers } from './fetch'","explanation":"The import references a local './fetch' module that may not exist. TypeScript definition files typically import from established packages or well-known modules, not relative paths to undefined local modules.","timestamp":"2026-05-20T20:54:47.518Z"}
|
|
426
|
+
{"filename":"cache.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import type { RequestInfo, Response, Request } from './fetch'","explanation":"This import references a local './fetch' module that likely doesn't exist. These are standard Web API types that should be imported from TypeScript's built-in DOM types or a proper fetch polyfill package, not a local fetch module.","timestamp":"2026-05-20T20:55:05.865Z"}
|
|
427
|
+
{"filename":"cache-interceptor.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":" /**\n * TODO docs\n * @default 'shared'\n */\n type?: 'shared' | 'private'","explanation":"The type definition includes a TODO comment indicating incomplete documentation for a public API. While the type is defined, the lack of proper documentation makes this field unclear to consumers.","timestamp":"2026-05-20T20:55:13.151Z"}
|
|
428
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"function normalize(str) {","explanation":"Function parameter 'str' is generic when 'text' or 'input' would be more descriptive in this Unicode normalization context","timestamp":"2026-05-20T20:55:38.249Z"}
|
|
429
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"return str.split('\\u0000').map(function (s) { return s.normalize('NFC'); }).join('\\u0000');","explanation":"Variable 's' in map callback is generic when 'segment' or 'part' would be more descriptive","timestamp":"2026-05-20T20:55:38.250Z"}
|
|
430
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"function findStatus(val) {","explanation":"Function parameter 'val' is generic when 'codePoint' would be more descriptive given this function searches for Unicode code point status","timestamp":"2026-05-20T20:55:38.250Z"}
|
|
431
|
+
{"filename":"index.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"var stubs = require('stubs')","explanation":"The package 'stubs' does not exist on npm. This appears to be a hallucinated import - the AI likely intended to use a real stubbing/mocking library but generated a non-existent package name.","timestamp":"2026-05-20T20:56:36.135Z"}
|
|
432
|
+
{"filename":"strnum.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":" case \"original\":\n defau","explanation":"The switch statement for handling infinity options appears to be cut off mid-word (\"defau\" likely meant to be \"default:\"). This creates incomplete business logic that will fall through without handling the default case properly.","timestamp":"2026-05-20T20:57:02.269Z"}
|
|
433
|
+
{"filename":"index.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"function SafeBuffer (arg, encodingOrOffset, length) {\n return Buffer(arg, encodingOrOffset, length)\n}","explanation":"Uses deprecated Buffer constructor without 'new' keyword, which was deprecated in Node.js due to security vulnerabilities and removed in newer versions","timestamp":"2026-05-20T20:57:49.306Z"}
|
|
434
|
+
{"filename":"index.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"return Buffer(arg, encodingOrOffset, length)","explanation":"Uses deprecated Buffer constructor without 'new' keyword in SafeBuffer.from method","timestamp":"2026-05-20T20:57:49.307Z"}
|
|
435
|
+
{"filename":"index.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"var buf = Buffer(size)","explanation":"Uses deprecated Buffer constructor without 'new' keyword in SafeBuffer.alloc method","timestamp":"2026-05-20T20:57:49.307Z"}
|
|
436
|
+
{"filename":"index.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"return Buffer(size)","explanation":"Uses deprecated Buffer constructor without 'new' keyword in SafeBuffer.allocUnsafe method","timestamp":"2026-05-20T20:57:49.307Z"}
|
|
437
|
+
{"filename":"index.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"debug = message => {\n console.log('retry-request:', message);\n };","explanation":"Debug console.log statements left in production code that will output internal retry logic details to production logs","timestamp":"2026-05-20T20:57:56.835Z"}
|
|
438
|
+
{"filename":"index.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import * as request from 'request';\n import * as teenyRequest from 'teeny-request';","explanation":"The 'request' package was deprecated in 2020 and is no longer maintained. TypeScript definitions may not exist for current Node.js versions. The 'teeny-request' package appears to be a real package but the import pattern assumes both packages exist and are compatible.","timestamp":"2026-05-20T20:58:03.328Z"}
|
|
439
|
+
{"filename":"static.node.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var s;\nif (process.env.NODE_ENV === 'production') {\n s = require('./cjs/react-dom-server.node.production.js');\n} else {\n s = require('./cjs/react-dom-server.node.development.js');\n}","explanation":"Variable 's' is a generic name that doesn't communicate its purpose. In this context, it's holding the React DOM server module, so a more descriptive name would improve readability.","timestamp":"2026-05-20T20:58:50.783Z"}
|
|
440
|
+
{"filename":"static.edge.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var s;\nif (process.env.NODE_ENV === 'production') {\n s = require('./cjs/react-dom-server.edge.production.js');\n} else {\n s = require('./cjs/react-dom-server.edge.development.js');\n}","explanation":"Variable 's' is a generic name that doesn't communicate its purpose as a module export container for react-dom-server functionality","timestamp":"2026-05-20T20:59:00.081Z"}
|
|
441
|
+
{"filename":"static.browser.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var s;\nif (process.env.NODE_ENV === 'production') {\n s = require('./cjs/react-dom-server.browser.production.js');\n} else {\n s = require('./cjs/react-dom-server.browser.development.js');\n}","explanation":"Variable 's' is a generic name that provides no context about what it contains - it holds the React DOM server module but the name gives no indication of its purpose","timestamp":"2026-05-20T20:59:07.643Z"}
|
|
442
|
+
{"filename":"server.node.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var l, s;","explanation":"Variables 'l' and 's' are generic single-letter names that provide no context about what they represent. In this case they hold references to legacy and standard React DOM server modules respectively.","timestamp":"2026-05-20T20:59:17.805Z"}
|
|
443
|
+
{"filename":"server.edge.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var b;\nvar l;","explanation":"Variables 'b' and 'l' are single-letter generic names that provide no context about what they represent. Given they hold different React DOM server modules, they should have descriptive names.","timestamp":"2026-05-20T20:59:30.405Z"}
|
|
444
|
+
{"filename":"server.bun.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var b;\nvar l;","explanation":"Variables named 'b' and 'l' provide no context about what they represent. In this case they hold references to different React DOM server modules, but the single-letter names make the code harder to understand and maintain.","timestamp":"2026-05-20T20:59:39.599Z"}
|
|
445
|
+
{"filename":"server.browser.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var l, s;","explanation":"Variables 'l' and 's' are single-letter generic names that provide no context about what they represent. In this case they hold React DOM server modules but the names give no indication of their purpose.","timestamp":"2026-05-20T20:59:46.228Z"}
|
|
446
|
+
{"filename":"errors.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"return str.substr(!pos || pos < 0 ? 0 : +pos, search.length) === search;","explanation":"Uses String.substr() which is deprecated and should be replaced with String.substring() or String.slice(). The substr() method has been deprecated since ES2015 and may be removed in future JavaScript versions.","timestamp":"2026-05-20T21:01:18.597Z"}
|
|
447
|
+
{"filename":"errors-browser.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"return str.substr(!pos || pos < 0 ? 0 : +pos, search.length) === search;","explanation":"Uses deprecated String.substr() method which has been deprecated in favor of String.substring() or String.slice(). The substr() method is still supported but marked as legacy in modern JavaScript.","timestamp":"2026-05-20T21:01:24.249Z"}
|
|
448
|
+
{"filename":"index.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Check whether the passed `path` is a file.\n *\n * @param path - The path to check.\n * @returns Whether the `path` is a file.\n */","explanation":"The comment simply restates what the function name already communicates. 'isFile' clearly indicates it checks if a path is a file, making the comment redundant.","timestamp":"2026-05-20T21:01:40.881Z"}
|
|
449
|
+
{"filename":"index.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Check whether the passed `path` is a directory.\n *\n * @param path - The path to check.\n * @returns Whether the `path` is a directory.\n */","explanation":"The comment simply restates what the function name 'isDirectory' already communicates clearly.","timestamp":"2026-05-20T21:01:40.881Z"}
|
|
450
|
+
{"filename":"index.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Check whether the passed `path` is a symlink.\n *\n * @param path - The path to check.\n * @returns Whether the `path` is a symlink.\n */","explanation":"The comment simply restates what the function name 'isSymlink' already communicates clearly.","timestamp":"2026-05-20T21:01:40.882Z"}
|
|
451
|
+
{"filename":"index.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Synchronously check whether the passed `path` is a file.\n *\n * @param path - The path to check.\n * @returns Whether the `path` is a file.\n */","explanation":"The comment simply restates what the function name 'isFileSync' already communicates clearly.","timestamp":"2026-05-20T21:01:40.882Z"}
|
|
452
|
+
{"filename":"index.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Synchronously check whether the passed `path` is a directory.\n *\n * @param path - The path to check.\n * @returns Whether the `path` is a directory.\n */","explanation":"The comment simply restates what the function name 'isDirectorySync' already communicates clearly.","timestamp":"2026-05-20T21:01:40.882Z"}
|
|
453
|
+
{"filename":"index.d.ts","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"/**\n * Synchronously check whether the passed `path` is a symlink.\n *\n * @param path - The path to check.\n * @returns Whether the `path` is a directory.\n */","explanation":"The comment restates what the function name communicates and contains a copy-paste error in the @returns statement (says 'directory' instead of 'symlink').","timestamp":"2026-05-20T21:01:40.882Z"}
|
|
454
|
+
{"filename":"index.d.ts","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"// TODO: Remove this for the next major release, refactor the whole definition to:\n\t// declare function pathKey(options?: pathKey.Options): string;\n\t// export = pathKey;","explanation":"This TypeScript declaration file contains a TODO comment describing a major structural change that should be made to the API, indicating the current definition structure is incomplete or temporary. The comment suggests the entire declaration needs refactoring, which means the current exported interface may not be the intended final form.","timestamp":"2026-05-20T21:01:55.310Z"}
|
|
455
|
+
{"filename":"index.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n\t\tawait pAccess(path);\n\t\treturn true;\n\t} catch (_) {\n\t\treturn false;\n\t}","explanation":"The try-catch block silences all errors from fs.access and converts them to a boolean return. While this may be intentional for an existence check utility, it swallows potentially important error information like permission issues vs file not found.","timestamp":"2026-05-20T21:02:04.559Z"}
|
|
456
|
+
{"filename":"index.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n\t\tfs.accessSync(path);\n\t\treturn true;\n\t} catch (_) {\n\t\treturn false;\n\t}","explanation":"Same issue in the sync version - all errors from fs.accessSync are silenced and converted to false, potentially masking permission errors or other filesystem issues that should be handled differently than file-not-found.","timestamp":"2026-05-20T21:02:04.560Z"}
|
|
457
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"let seenVal = false;","explanation":"Variable name 'seenVal' is generic and doesn't communicate its purpose - tracking whether we've encountered the target filepath in the stack trace","timestamp":"2026-05-20T21:02:17.205Z"}
|
|
458
|
+
{"filename":"index.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","code_snippet":"const pLocate = async (iterable, tester, options) => {\n\toptions = {\n\t\tconcurrency: Infinity,\n\t\tpreserveOrder: true,\n\t\t...options\n\t};\n\n\tconst limit = pLimit(options.concurrency);\n\n\t// Start all the promises concurrently with optional limit\n\tconst items = [...iterable].map(element => [element, limit(testElement, element, tester)]);\n\n\t// Check the promises either serially or concurrently\n\tconst checkLimit = pLimit(options.preserveOrder ? 1 : Infinity);\n\n\ttry {\n\t\tawait Promise.all(items.map(element => checkLimit(finder, element)));\n\t} catch (error) {\n\t\tif (error instanceof EndError) {\n\t\t\treturn error.value;\n\t\t}\n\n\t\tthrow error;\n\t}\n};","explanation":"The main function has complete structure (parameter handling, error handling, return shape) but no explicit return statement for the success case. The function appears to return undefined when no element is found, which may be intentional but looks like incomplete implementation.","timestamp":"2026-05-20T21:02:24.992Z"}
|
|
459
|
+
{"filename":"index.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","code_snippet":"try {\n\t\t\tawait result;\n\t\t} catch {}","explanation":"Empty catch block silences all errors from the async function execution. This makes debugging extremely difficult as any errors thrown by the fn(...args) will be completely swallowed without logging or handling.","timestamp":"2026-05-20T21:02:33.788Z"}
|
|
460
|
+
{"filename":"index.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"//console.log(\"[DEBUG] Dispatch: \", valu","explanation":"Commented-out debug console.log statement left in production code, indicating debugging session remnants that should be cleaned up","timestamp":"2026-05-20T21:02:44.997Z"}
|
|
461
|
+
{"filename":"index.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"/* eslint-disable no-unused-vars */","explanation":"The eslint-disable comment suggests there are unused variables, but all declared variables (getOwnPropertySymbols, hasOwnProperty, propIsEnumerable) are actually used in the code","timestamp":"2026-05-20T21:03:14.674Z"}
|
|
462
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var s = 1000;\nvar m = s * 60;\nvar h = m * 60;\nvar d = h * 24;\nvar w = d * 7;\nvar y = d * 365.25;","explanation":"Single-letter variable names (s, m, h, d, w, y) are used for time unit constants. While mathematically obvious in context, they reduce readability and make the code harder to maintain.","timestamp":"2026-05-20T21:03:37.998Z"}
|
|
463
|
+
{"filename":"minimatch.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"if (options.debug) this.debug = function debug() { console.error.apply(console, arguments) }","explanation":"Debug console output is conditionally enabled in production code. This will log debugging information to console when debug option is enabled, which may leak internal state or implementation details in production.","timestamp":"2026-05-20T21:04:00.713Z"}
|
|
464
|
+
{"filename":"decode.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" //try parse the payload","explanation":"Comment simply restates what the code below is doing - the try/catch block with JSON.parse makes it obvious this is parsing the payload","timestamp":"2026-05-20T21:06:45.753Z"}
|
|
465
|
+
{"filename":"decode.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" //return header if `complete` option is enabled. header includes claims","explanation":"First part of comment restates the conditional logic below. The explanation about header contents is useful, but the 'return header if complete' part just narrates the code","timestamp":"2026-05-20T21:06:45.754Z"}
|
|
466
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"//TODO: handle reviver/dehydrate function like normal\n//and handle indentation, like normal.\n//if anyone needs this... please send pull request.","explanation":"While this is a TODO comment rather than pure comment restatement, it provides no context about what the current limitations are, why these features are missing, or what 'like normal' means. It's essentially restating that the code doesn't do something without explaining the current behavior or impact.","timestamp":"2026-05-20T21:07:00.955Z"}
|
|
467
|
+
{"filename":"jsesc.js","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"const forOwn = (object, callback) => {\n\tfor (const key in object) {\n\t\tif (hasOwnProperty.call(object, key)) {\n\t\t\tcallback(key, object[key]);\n\t\t}\n\t}\n};","explanation":"Creates a helper function for a standard for...in loop with hasOwnProperty check that's used only once. This abstraction doesn't reduce complexity or improve readability over the inline pattern.","timestamp":"2026-05-20T21:07:11.781Z"}
|
|
468
|
+
{"filename":"jsesc.js","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","code_snippet":"const forEach = (array, callback) => {\n\tconst length = array.length;\n\tlet index = -1;\n\twhile (++index < length) {\n\t\tcallback(array[index]);\n\t}\n};","explanation":"Creates a custom forEach implementation when Array.prototype.forEach is available and more standard. The custom implementation doesn't provide any advantage over the built-in method.","timestamp":"2026-05-20T21:07:11.783Z"}
|
|
469
|
+
{"filename":"index.d.ts","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import Stringify = require('streaming-json-stringify');","explanation":"The package 'streaming-json-stringify' does not exist on npm. This is a plausible-sounding name for a JSON streaming library but is not a real package, making this example code non-functional.","timestamp":"2026-05-20T21:07:34.419Z"}
|
|
470
|
+
{"filename":"index.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"var fs = require('fs')","explanation":"The fs module is imported but never used anywhere in the file. The code only uses the platform-specific core modules.","timestamp":"2026-05-20T21:07:48.146Z"}
|
|
471
|
+
{"filename":"with-async-ittr.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"export * from './build/index.js';\nimport './build/async-iterators.js';","explanation":"Both import paths reference files in a './build/' directory that likely doesn't exist. The specific filename 'async-iterators.js' appears to be a plausible-sounding but potentially non-existent file, and the export-all from './build/index.js' suggests a build output that may not be present.","timestamp":"2026-05-20T21:08:23.902Z"}
|
|
472
|
+
{"filename":"shams.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var obj = {};","explanation":"Variable named 'obj' in a context where 'testObject' or 'symbolContainer' would better communicate that this object is specifically used to test symbol property behavior","timestamp":"2026-05-20T21:09:21.244Z"}
|
|
473
|
+
{"filename":"shams.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"for (var _ in obj) { return false; }","explanation":"Using underscore as a throwaway variable name is acceptable in this specific context as it's a standard convention for unused iteration variables","timestamp":"2026-05-20T21:09:21.245Z"}
|
|
474
|
+
{"filename":"Object.getPrototypeOf.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"var $Object = require('es-object-atoms');","explanation":"The package 'es-object-atoms' does not exist on npm. This appears to be a hallucinated import that sounds plausible for ECMAScript object utilities but is not a real package.","timestamp":"2026-05-20T21:10:05.249Z"}
|
|
475
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // stack[0] holds this file\n // stack[1] holds where this function was called\n // stack[2] holds the file we're interested in","explanation":"These comments simply restate what the array indices contain without explaining why these positions matter or how the stack inspection algorithm works","timestamp":"2026-05-20T21:10:16.369Z"}
|
|
476
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const items = Array.from(args[0]);","explanation":"Variable 'items' is generic when the context suggests these are operations/generators being processed by gensync.all()","timestamp":"2026-05-20T21:10:32.953Z"}
|
|
477
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const items = Array.from(args[0]);","explanation":"Variable 'items' is generic when the context suggests these are operations/generators being processed by gensync.all()","timestamp":"2026-05-20T21:10:32.954Z"}
|
|
478
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"items.forEach((item, i) => {","explanation":"Variable 'item' is generic when iterating over operations/generators in an async control flow context","timestamp":"2026-05-20T21:10:32.954Z"}
|
|
479
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"item,","explanation":"Variable 'item' is generic when referring to a specific operation/generator being evaluated","timestamp":"2026-05-20T21:10:32.954Z"}
|
|
480
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const items = Array.from(args[0]);","explanation":"Variable 'items' is generic when the context suggests these are operations/generators being processed by gensync.race()","timestamp":"2026-05-20T21:10:32.954Z"}
|
|
481
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const items = Array.from(args[0]);","explanation":"Variable 'items' is generic when the context suggests these are operations/generators being processed by gensync.race()","timestamp":"2026-05-20T21:10:32.954Z"}
|
|
482
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"for (const item of items) {","explanation":"Variable 'item' is generic when iterating over operations/generators in a race condition context","timestamp":"2026-05-20T21:10:32.954Z"}
|
|
483
|
+
{"filename":"rbtree.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"//Returns the number of nodes in the tree","explanation":"Comment simply restates what the getter property name 'length' already communicates clearly","timestamp":"2026-05-20T21:10:43.663Z"}
|
|
484
|
+
{"filename":"rbtree.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"//Insert a new item into the tree","explanation":"Comment directly translates the method name 'insert' into English without adding meaningful context","timestamp":"2026-05-20T21:10:43.664Z"}
|
|
485
|
+
{"filename":"rbtree.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"//Find point to insert new node at","explanation":"Comment narrates the obvious - the following while loop is clearly searching for insertion point","timestamp":"2026-05-20T21:10:43.664Z"}
|
|
486
|
+
{"filename":"rbtree.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"//Rebuild path to leaf node","explanation":"Comment simply describes what the following loop does without explaining the red-black tree rebalancing logic","timestamp":"2026-05-20T21:10:43.664Z"}
|
|
487
|
+
{"filename":"rbtree.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"//Rebalance tree using rotations","explanation":"Comment restates what the complex rotation logic obviously does without explaining the red-black tree cases","timestamp":"2026-05-20T21:10:43.664Z"}
|
|
488
|
+
{"filename":"esm.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"const{parse:t,stringify:e}=JSON,{keys:n}=Object,l=String,o=\"string\",r={},s=\"object\",c=(t,e)=>e","explanation":"Single-letter variable names (t,e,n,l,o,r,s,c) make this code completely unreadable and unmaintainable. These generic names provide no context about what each variable represents.","timestamp":"2026-05-20T21:11:16.864Z"}
|
|
489
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// 64 KiB (same size chrome slice theirs blob into Uint8array's)","explanation":"Comment restates what the constant name and value already make clear - that POOL_SIZE is 64 KiB","timestamp":"2026-05-20T21:11:39.599Z"}
|
|
490
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":"// For blobs that have arrayBuffer but no stream method (nodes buffer.Blob)","explanation":"Comment simply describes what the else block does rather than explaining why this fallback is necessary","timestamp":"2026-05-20T21:11:39.601Z"}
|
|
491
|
+
{"filename":"from.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import DOMException from 'node-domexception'","explanation":"The package 'node-domexception' does not exist on npm. This import will cause a runtime module not found error.","timestamp":"2026-05-20T21:11:47.948Z"}
|
|
492
|
+
{"filename":"cache.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var me = this;\n files = files || [];","explanation":"Variable 'me' is a generic alias for 'this' with no benefit in readability or context","timestamp":"2026-05-20T21:12:10.517Z"}
|
|
493
|
+
{"filename":"cache.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var res = {\n changedFiles: [],\n notFoundFiles: [],\n notChangedFiles: [],\n };","explanation":"Variable 'res' is a generic name that provides no context about what the result contains","timestamp":"2026-05-20T21:12:10.518Z"}
|
|
494
|
+
{"filename":"cache.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var me = this;","explanation":"Variable 'me' is a generic alias for 'this' with no benefit in readability or context","timestamp":"2026-05-20T21:12:10.518Z"}
|
|
495
|
+
{"filename":"cache.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var me = this;","explanation":"Variable 'me' is a generic alias for 'this' with no benefit in readability or context","timestamp":"2026-05-20T21:12:10.518Z"}
|
|
496
|
+
{"filename":"levenshtein.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","code_snippet":"console.log(\"Collator could not be initialized and wouldn't be used\");","explanation":"Debug console.log statement left in production code that will clutter production logs and leak implementation details about collator initialization failures","timestamp":"2026-05-20T21:12:15.646Z"}
|
|
497
|
+
{"filename":"firebase-storage.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"import{_getProvider,getApp as e,_registerComponent as t,registerVersion as n,_isFirebaseServerApp as r,SDK_VERSION as o}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"Using Firebase SDK version 12.8.0 via CDN import with private/internal APIs (functions prefixed with underscore like _getProvider, _registerComponent, _isFirebaseServerApp). These are internal APIs not intended for public use and may break without notice in future versions.","timestamp":"2026-05-20T21:13:08.895Z"}
|
|
498
|
+
{"filename":"firebase-remote-config.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_registerComponent as t,_getProvider,getApp as i,SDK_VERSION as s}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The Firebase SDK version 12.8.0 does not exist. Firebase JavaScript SDK versions follow semantic versioning and the latest major version is 10.x. Version 12.8.0 is a hallucinated version number that will cause module not found errors.","timestamp":"2026-05-20T21:13:18.416Z"}
|
|
499
|
+
{"filename":"firebase-messaging.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_registerComponent as t,_getProvider,getApp as n}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"Importing from a specific Firebase CDN version (12.8.0) that may not exist or may be unstable. The version number appears to be hallucinated as Firebase versions don't follow this numbering scheme.","timestamp":"2026-05-20T21:13:36.750Z"}
|
|
500
|
+
{"filename":"firebase-messaging-sw.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_registerComponent as t,_getProvider,getApp as n}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The Firebase SDK version 12.8.0 does not exist. Firebase SDK versions follow semantic versioning and the latest stable version is in the 9.x or 10.x range. Version 12.8.0 is a hallucinated version number that will result in a 404 error when trying to load the CDN resource.","timestamp":"2026-05-20T21:13:42.861Z"}
|
|
501
|
+
{"filename":"firebase-installations.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{registerVersion as e,_getProvider,getApp as t,_registerComponent as n}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"Firebase version 12.8.0 does not exist. Firebase SDK versions follow semantic versioning with the highest major version being 10.x at the time of writing. This will fail at runtime with a 404 error when trying to load the non-existent CDN resource.","timestamp":"2026-05-20T21:13:52.118Z"}
|
|
502
|
+
{"filename":"firebase-functions.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_registerComponent as e,registerVersion as t,_getProvider,getApp as n,_isFirebaseServerApp as r}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"The import references Firebase JavaScript SDK version 12.8.0, which does not exist. The Firebase JavaScript SDK has never reached version 12 - current versions are in the 9.x and 10.x range as of 2024.","timestamp":"2026-05-20T21:14:00.600Z"}
|
|
503
|
+
{"filename":"firebase-firestore.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_isFirebaseServerApp as e,_getProvider,getApp as r,_removeServiceInstance as i,_registerComponent as s,registerVersion as o,SDK_VERSION as _}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"The import references Firebase SDK version 12.8.0, but Firebase SDK v9+ does not have a version 12.8.0. The current stable major version is v9 with latest being around 9.x.x. Version 12.8.0 does not exist in the Firebase release timeline.","timestamp":"2026-05-20T21:14:10.423Z"}
|
|
504
|
+
{"filename":"firebase-firestore-pipelines.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_isFirebaseServerApp as e,_getProvider,getApp as r,_removeServiceInstance as i,_registerComponent as s,registerVersion as o,SDK_VERSION as _}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"Import uses Firebase SDK version 12.8.0 which does not exist. Firebase SDK follows semantic versioning and the latest v12 version is 12.6.0. Version 12.8.0 is a hallucinated future version.","timestamp":"2026-05-20T21:14:16.684Z"}
|
|
505
|
+
{"filename":"firebase-firestore-lite-pipelines.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\";","explanation":"The import references Firebase version 12.8.0, but Firebase SDK v9+ follows a different module structure and the latest versions are v10+. Version 12.8.0 does not exist in the Firebase release history.","timestamp":"2026-05-20T21:14:26.055Z"}
|
|
506
|
+
{"filename":"firebase-auth.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"import{_getProvider,_isFirebaseServerApp as e,_registerComponent as t,registerVersion as r,getApp as n,SDK_VERSION as i}from\"https://www.gstatic.com/firebasejs/12.8.0/firebase-app.js\"","explanation":"Importing from Firebase SDK version 12.8.0 which does not exist. The Firebase SDK follows semantic versioning and has never had a version 12.x.x series. Current major versions are 9.x.x and 10.x.x.","timestamp":"2026-05-20T21:14:46.618Z"}
|
|
507
|
+
{"filename":"install.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","code_snippet":"var ESBUILD_BINARY_PATH = process.env.ESBUILD_BINARY_PATH || ESBUILD_BINARY_PATH;","explanation":"This line uses ESBUILD_BINARY_PATH as a fallback to itself, which creates a circular reference and will always result in undefined when the environment variable is not set. This is likely a bug where a hardcoded path should be provided as the fallback.","timestamp":"2026-05-20T21:15:20.743Z"}
|
|
508
|
+
{"filename":"uri.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"/** @type {import('./uri')} */","explanation":"JSDoc type annotation imports from './uri' but this IS the uri.js file - it's attempting to import itself, creating a circular reference that cannot resolve","timestamp":"2026-05-20T21:15:54.346Z"}
|
|
509
|
+
{"filename":"type.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"/** @type {import('./type')} */","explanation":"The JSDoc type annotation imports from './type' which would be the current file itself (type.js), creating a circular self-import that cannot resolve","timestamp":"2026-05-20T21:16:02.047Z"}
|
|
510
|
+
{"filename":"test.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"var HELLO_WORLD = (Buffer.from && Buffer.from !== Uint8Array.from)\n ? Buffer.from('hello world')\n : new Buffer('hello world')","explanation":"Uses deprecated Buffer constructor 'new Buffer()' as fallback. This constructor was deprecated in Node.js v6 due to security concerns and removed in later versions.","timestamp":"2026-05-20T21:17:25.074Z"}
|
|
511
|
+
{"filename":"index.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"var SIGNAL_FLUSH = (Buffer.from && Buffer.from !== Uint8Array.from)\n ? Buffer.from([0])\n : new Buffer([0])","explanation":"Uses deprecated Buffer constructor `new Buffer([0])` as fallback. This constructor was deprecated in Node.js 6.0.0 and removed in later versions due to security concerns.","timestamp":"2026-05-20T21:17:30.597Z"}
|
|
512
|
+
{"filename":"example.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"var duplexify = require('duplexify')","explanation":"The 'duplexify' package name looks plausible but needs verification - AI often generates realistic-sounding package names that don't exist or have different APIs than expected","timestamp":"2026-05-20T21:17:36.805Z"}
|
|
513
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" //~~~I've managed to break Object.keys through screwy arguments passing.","explanation":"Comment simply restates what the code below does (converting to array) without explaining why this solution works or what specific edge case is being handled","timestamp":"2026-05-20T21:17:49.752Z"}
|
|
514
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Converting to array solves the problem.","explanation":"Comment directly translates the code action without providing insight into why array conversion solves the Object.keys issue","timestamp":"2026-05-20T21:17:49.753Z"}
|
|
515
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" } catch (e) {//happens when one is a string literal and the other isn't","explanation":"Comment describes when the error occurs but doesn't explain why string literals break Object.keys or why this catch approach is appropriate","timestamp":"2026-05-20T21:17:49.754Z"}
|
|
516
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" //~~~cheap key test","explanation":"Comment simply describes that this is a key comparison without explaining why the cheap test is done before the expensive deep comparison","timestamp":"2026-05-20T21:17:49.754Z"}
|
|
517
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" //~~~possibly expensive deep test","explanation":"Comment states the obvious fact that deep comparison is expensive without explaining why it's necessary or what makes it expensive","timestamp":"2026-05-20T21:17:49.754Z"}
|
|
518
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Parse the arguments","explanation":"Comment simply restates what the next line does without explaining why parsing is needed or what the parsed result contains","timestamp":"2026-05-20T21:18:03.195Z"}
|
|
519
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Spawn the child process","explanation":"Comment directly translates the cp.spawn call into English without adding any useful context about why or how","timestamp":"2026-05-20T21:18:03.197Z"}
|
|
520
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Parse the arguments","explanation":"Duplicate of the same unnecessary restatement comment from the async version","timestamp":"2026-05-20T21:18:03.197Z"}
|
|
521
|
+
{"filename":"index.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","code_snippet":" // Spawn the child process","explanation":"Another direct restatement of the spawnSync call without adding context or reasoning","timestamp":"2026-05-20T21:18:03.197Z"}
|
|
522
|
+
{"filename":"set.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"var callBind = require('call-bind-apply-helpers');","explanation":"The package 'call-bind-apply-helpers' does not exist. The correct package is 'call-bind' and the module should be imported as require('call-bind')","timestamp":"2026-05-20T21:18:09.539Z"}
|
|
523
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var args = setWriteHeadHeaders.apply(this, arguments)","explanation":"Variable named 'args' is generic in a context where it represents processed HTTP headers and arguments - 'processedHeaders' or 'headerArgs' would be more descriptive","timestamp":"2026-05-20T21:27:47.784Z"}
|
|
524
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var args = new Array(Math.min(length, headerIndex))","explanation":"Variable named 'args' is generic where it represents leading arguments for writeHead method - 'leadingArgs' would be more descriptive","timestamp":"2026-05-20T21:27:47.786Z"}
|
|
525
|
+
{"filename":"index.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","code_snippet":"var keys = Object.keys(headers)\n for (var i = 0; i < keys.length; i++) {\n var k = keys[i]","explanation":"Variable 'k' is a single-letter generic name for a header key - 'headerName' or 'key' would be more readable","timestamp":"2026-05-20T21:27:47.786Z"}
|
|
526
|
+
{"filename":"index.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","code_snippet":"/* eslint-disable no-unused-vars */","explanation":"The eslint-disable comment suggests there are unused variables, but all declared variables (getOwnPropertySymbols, hasOwnProperty, propIsEnumerable) are actually used in the code. This is a stale comment that should be removed.","timestamp":"2026-05-20T21:27:54.685Z"}
|
|
527
|
+
{"filename":"test.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"var dst = new Buffer(8);","explanation":"Using deprecated Buffer constructor which was removed in Node.js 10+ and produces security warnings. The bare Buffer() constructor is unsafe for dynamic content.","timestamp":"2026-05-20T21:28:12.121Z"}
|
|
528
|
+
{"filename":"test.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"new Buffer([0xff, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xf7, 0x00]),","explanation":"Using deprecated Buffer constructor. The Buffer() constructor is deprecated and unsafe in modern Node.js versions.","timestamp":"2026-05-20T21:28:12.122Z"}
|
|
529
|
+
{"filename":"test.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"var sourceBuffer = new Buffer(16);","explanation":"Using deprecated Buffer constructor which is unsafe and removed in modern Node.js versions.","timestamp":"2026-05-20T21:28:12.122Z"}
|
|
530
|
+
{"filename":"test.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"var targetBuffer = new Buffer(16);","explanation":"Using deprecated Buffer constructor which is unsafe and removed in modern Node.js versions.","timestamp":"2026-05-20T21:28:12.122Z"}
|
|
531
|
+
{"filename":"Int64.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"this.buffer = new Buffer(a1);","explanation":"Uses deprecated Buffer constructor without 'new Buffer.from()'. The Buffer constructor was deprecated in Node.js v6 and throws deprecation warnings in modern versions.","timestamp":"2026-05-20T21:30:18.610Z"}
|
|
532
|
+
{"filename":"Int64.js","pattern_id":"006","pattern_name":"deprecated-api-confidence","severity":"high","code_snippet":"this.buffer = this.buffer || new Buffer(8);","explanation":"Uses deprecated Buffer constructor. Should use Buffer.alloc() for creating new buffers with specified size to avoid security issues and deprecation warnings.","timestamp":"2026-05-20T21:30:18.611Z"}
|
|
533
|
+
{"filename":"zlib.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","code_snippet":"require('thenify-all').withCallback(","explanation":"The package 'thenify-all' does not exist on npm. This appears to be a hallucinated package name that combines the real 'thenify' package concept with a non-existent variant. The method 'withCallback' also doesn't match the API of existing thenify-related packages.","timestamp":"2026-05-20T21:30:38.761Z"}
|
|
534
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:06:53.599Z"}
|
|
535
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:06:53.608Z"}
|
|
536
|
+
{"filename":"test-sample.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","timestamp":"2026-05-21T00:06:53.609Z"}
|
|
537
|
+
{"filename":"test-sample.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","timestamp":"2026-05-21T00:06:53.609Z"}
|
|
538
|
+
{"filename":"test-sample.js","pattern_id":"012","pattern_name":"over-engineered-simple","severity":"medium","timestamp":"2026-05-21T00:06:53.609Z"}
|
|
539
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:06:53.610Z"}
|
|
540
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:06:53.610Z"}
|
|
541
|
+
{"filename":"test-sample.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","timestamp":"2026-05-21T00:06:53.611Z"}
|
|
542
|
+
{"filename":"test-sample.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","timestamp":"2026-05-21T00:06:53.612Z"}
|
|
543
|
+
{"filename":"test-sample.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","timestamp":"2026-05-21T00:06:53.612Z"}
|
|
544
|
+
{"filename":"test-sample.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","timestamp":"2026-05-21T00:06:53.613Z"}
|
|
545
|
+
{"filename":"test-sample.js","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","timestamp":"2026-05-21T00:06:53.613Z"}
|
|
546
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:06:53.613Z"}
|
|
547
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:06:53.613Z"}
|
|
548
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:11:34.731Z"}
|
|
549
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:11:34.738Z"}
|
|
550
|
+
{"filename":"test-sample.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","timestamp":"2026-05-21T00:11:34.739Z"}
|
|
551
|
+
{"filename":"test-sample.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","timestamp":"2026-05-21T00:11:34.739Z"}
|
|
552
|
+
{"filename":"test-sample.js","pattern_id":"012","pattern_name":"over-engineered-simple","severity":"medium","timestamp":"2026-05-21T00:11:34.740Z"}
|
|
553
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:11:34.740Z"}
|
|
554
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:11:34.740Z"}
|
|
555
|
+
{"filename":"test-sample.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","timestamp":"2026-05-21T00:11:34.741Z"}
|
|
556
|
+
{"filename":"test-sample.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","timestamp":"2026-05-21T00:11:34.742Z"}
|
|
557
|
+
{"filename":"test-sample.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","timestamp":"2026-05-21T00:11:34.742Z"}
|
|
558
|
+
{"filename":"test-sample.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","timestamp":"2026-05-21T00:11:34.743Z"}
|
|
559
|
+
{"filename":"test-sample.js","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","timestamp":"2026-05-21T00:11:34.743Z"}
|
|
560
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:11:34.743Z"}
|
|
561
|
+
{"filename":"test-sample.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","timestamp":"2026-05-21T00:11:34.743Z"}
|
|
562
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:11:34.743Z"}
|
|
563
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:18:05.702Z"}
|
|
564
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:18:05.708Z"}
|
|
565
|
+
{"filename":"test-sample.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","timestamp":"2026-05-21T00:18:05.709Z"}
|
|
566
|
+
{"filename":"test-sample.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","timestamp":"2026-05-21T00:18:05.709Z"}
|
|
567
|
+
{"filename":"test-sample.js","pattern_id":"012","pattern_name":"over-engineered-simple","severity":"medium","timestamp":"2026-05-21T00:18:05.709Z"}
|
|
568
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:18:05.710Z"}
|
|
569
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:18:05.710Z"}
|
|
570
|
+
{"filename":"test-sample.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","timestamp":"2026-05-21T00:18:05.711Z"}
|
|
571
|
+
{"filename":"test-sample.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","timestamp":"2026-05-21T00:18:05.712Z"}
|
|
572
|
+
{"filename":"test-sample.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","timestamp":"2026-05-21T00:18:05.712Z"}
|
|
573
|
+
{"filename":"test-sample.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","timestamp":"2026-05-21T00:18:05.712Z"}
|
|
574
|
+
{"filename":"test-sample.js","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","timestamp":"2026-05-21T00:18:05.712Z"}
|
|
575
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:18:05.712Z"}
|
|
576
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:18:05.713Z"}
|
|
577
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:29:58.219Z"}
|
|
578
|
+
{"filename":"test-sample.js","pattern_id":"001","pattern_name":"hallucinated-imports","severity":"high","timestamp":"2026-05-21T00:29:58.230Z"}
|
|
579
|
+
{"filename":"test-sample.js","pattern_id":"004","pattern_name":"unused-imports","severity":"low","timestamp":"2026-05-21T00:29:58.231Z"}
|
|
580
|
+
{"filename":"test-sample.js","pattern_id":"005","pattern_name":"hardcoded-config","severity":"high","timestamp":"2026-05-21T00:29:58.231Z"}
|
|
581
|
+
{"filename":"test-sample.js","pattern_id":"012","pattern_name":"over-engineered-simple","severity":"medium","timestamp":"2026-05-21T00:29:58.232Z"}
|
|
582
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:29:58.232Z"}
|
|
583
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:29:58.233Z"}
|
|
584
|
+
{"filename":"test-sample.js","pattern_id":"008","pattern_name":"generic-variable-names","severity":"low","timestamp":"2026-05-21T00:29:58.233Z"}
|
|
585
|
+
{"filename":"test-sample.js","pattern_id":"011","pattern_name":"console-log-left-in","severity":"medium","timestamp":"2026-05-21T00:29:58.234Z"}
|
|
586
|
+
{"filename":"test-sample.js","pattern_id":"007","pattern_name":"try-catch-everything","severity":"medium","timestamp":"2026-05-21T00:29:58.235Z"}
|
|
587
|
+
{"filename":"test-sample.js","pattern_id":"009","pattern_name":"stub-with-shell","severity":"high","timestamp":"2026-05-21T00:29:58.235Z"}
|
|
588
|
+
{"filename":"test-sample.js","pattern_id":"003","pattern_name":"unnecessary-abstraction","severity":"medium","timestamp":"2026-05-21T00:29:58.235Z"}
|
|
589
|
+
{"filename":"test-sample.js","pattern_id":"010","pattern_name":"async-misuse","severity":"high","timestamp":"2026-05-21T00:29:58.235Z"}
|
|
590
|
+
{"filename":"test-sample.js","pattern_id":"002","pattern_name":"comment-restatement","severity":"low","timestamp":"2026-05-21T00:29:58.235Z"}
|