@maestro-ai/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    842: 
    843: Sentry.init({
>>> 844:   dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
    845:   environment: process.env.NODE_ENV,
    846:   tracesSampleRate: 1.0,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    707:                             env_patterns = [
    708:                                 r'process\.env\.([A-Z_]+)',
>>> 709:                                 r'import\.meta\.env\.([A-Z_]+)',
    710:                                 r'["\']([A-Z_]+)["\'].*environment'
    711:                             ]

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    706:                             import re
    707:                             env_patterns = [
>>> 708:                                 r'process\.env\.([A-Z_]+)',
    709:                                 r'import\.meta\.env\.([A-Z_]+)',
    710:                                 r'["\']([A-Z_]+)["\'].*environment'

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    268: #### Configuration Changes
    269: ```bash
>>> 270: # Arquivo: .env.production
    271: # Mudanças:
    272: - OLD_VALUE=new_value

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    849:   
    850:   private async sendSlackAlert(severity: string, message: string): Promise<void> {
>>> 851:     const webhook = process.env.SLACK_WEBHOOK_URL;
    852:     const color = this.getSeverityColor(severity);
    853:     

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    69: 2. `source venv/bin/activate`
    70: 3. `pip install fastapi uvicorn sqlalchemy alembic pydantic`
>>> 71: 4. Create `.env`
    72: 5. `alembic upgrade head`
    73: 6. `uvicorn app.main:app --reload`

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    303: 2. Edite o arquivo `.env` com suas configurações
    304: 
>>> 305: 3. Nunca commit o arquivo `.env` (já está no `.gitignore`)
    306: 
    307: ---

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    35: │   └── utils/
    36: ├── tests/
>>> 37: ├── .env.example
    38: └── requirements.txt
    39: ```

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    46: │   └── css/
    47: │       └── main.css
>>> 48: ├── .env.example
    49: ├── nuxt.config.ts
    50: └── package.json

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    51: 50,Plugins,Use provide for injection,Provide helpers across app,return { provide: {} } for type safety,nuxtApp.provide without types,"return { provide: { hello: (name) => `Hello ${name}!` } }","nuxtApp.provide('hello', fn)",Medium,https://nuxt.com/docs/guide/directory-structure/plugins
    52: 51,Plugins,Use .client or .server suffix,Control plugin execution environment,plugin.client.ts for client-only,if (process.client) checks,analytics.client.ts,"if (process.client) { // analytics }",Medium,https://nuxt.com/docs/guide/directory-structure/plugins
>>> 53: 52,Environment,Use runtimeConfig for env vars,Access environment variables safely,runtimeConfig in nuxt.config,process.env directly,"runtimeConfig: { apiSecret: '', public: { apiBase: '' } }",process.env.API_SECRET in components,High,https://nuxt.com/docs/guide/going-further/runtime-config
    54: 53,Environment,Use NUXT_ prefix for env override,Override config with environment variables,NUXT_API_SECRET NUXT_PUBLIC_API_BASE,Custom env var names,NUXT_PUBLIC_API_BASE=https://api.example.com,API_BASE=https://api.example.com,High,https://nuxt.com/docs/guide/going-further/runtime-config
    55: 54,Environment,Access public config with useRuntimeConfig,Get public config in components,useRuntimeConfig().public,Direct process.env access,const config = useRuntimeConfig(); config.public.apiBase,process.env.NUXT_PUBLIC_API_BASE,High,https://nuxt.com/docs/api/composables/use-runtime-config

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    53: 52,Environment,Use runtimeConfig for env vars,Access environment variables safely,runtimeConfig in nuxt.config,process.env directly,"runtimeConfig: { apiSecret: '', public: { apiBase: '' } }",process.env.API_SECRET in components,High,https://nuxt.com/docs/guide/going-further/runtime-config
    54: 53,Environment,Use NUXT_ prefix for env override,Override config with environment variables,NUXT_API_SECRET NUXT_PUBLIC_API_BASE,Custom env var names,NUXT_PUBLIC_API_BASE=https://api.example.com,API_BASE=https://api.example.com,High,https://nuxt.com/docs/guide/going-further/runtime-config
>>> 55: 54,Environment,Access public config with useRuntimeConfig,Get public config in components,useRuntimeConfig().public,Direct process.env access,const config = useRuntimeConfig(); config.public.apiBase,process.env.NUXT_PUBLIC_API_BASE,High,https://nuxt.com/docs/api/composables/use-runtime-config
    56: 55,Environment,Keep secrets in private config,Server-only secrets in runtimeConfig root,runtimeConfig.apiSecret (server only),Secrets in public config,runtimeConfig: { dbPassword: '' },runtimeConfig: { public: { dbPassword: '' } },High,https://nuxt.com/docs/guide/going-further/runtime-config
    57: 56,Performance,Use Lazy prefix for code splitting,Lazy load components with Lazy prefix,<LazyComponent> for below-fold,Eager load all components,<LazyMountainsList v-if="show"/>,<MountainsList/> for hidden content,Medium,https://nuxt.com/docs/guide/directory-structure/components

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    37: │   │   └── utils.ts
    38: │   └── types/
>>> 39: ├── .env.example
    40: └── package.json
    41: ```

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    82: | `tsconfig.json` | TypeScript + path aliases (`@/features/*`) |
    83: | `tailwind.config.ts` | Tailwind config |
>>> 84: | `.env.example` | Environment template |
    85: | `README.md` | Project documentation |
    86: | `.gitignore` | Git ignore rules |

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    54: ├── public/
    55: ├── .env.example
>>> 56: ├── .env.local
    57: ├── package.json
    58: ├── tailwind.config.ts

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    53: │
    54: ├── public/
>>> 55: ├── .env.example
    56: ├── .env.local
    57: ├── package.json

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    31:         severity: "critical",
    32:         pattern: /(password|secret|api_key|apikey|token|jwt_secret|private_key)\s*[:=]\s*['"][^'"]{8,}['"]/i,
>>> 33:         suggestion: "Use variáveis de ambiente (process.env) para secrets",
    34:         references: ["https://owasp.org/Top10/A02_2021-Cryptographic_Failures/"],
    35:     },

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    301:    ```
    302: 
>>> 303: 2. Edite o arquivo `.env` com suas configurações
    304: 
    305: 3. Nunca commit o arquivo `.env` (já está no `.gitignore`)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    298: 1. Copie o arquivo de exemplo:
    299:    ```bash
>>> 300:    cp .env.example .env
    301:    ```
    302: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    113: import { worker } from './api-contract/mocks/browser';
    114: 
>>> 115: if (process.env.NODE_ENV === 'development') {
    116:   worker.start();
    117: }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    212: ├── 📄 tailwind.config.js         # Configuração Tailwind
    213: ├── 📄 docker-compose.yml          # Docker Compose
>>> 214: ├── 📄 .env.example               # Exemplo de variáveis
    215: ├── 📄 .gitignore                 # Arquivos ignorados
    216: └── 📄 LICENSE                    # Licença

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    128: 1. **Variáveis de Ambiente**
    129:    ```bash
>>> 130:    # .env
    131:    DATABASE_URL="postgresql://user:password@localhost:5432/dbname"
    132:    JWT_SECRET="your-secret-key"

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    111: # Configure variáveis de ambiente
    112: cp .env.example .env
>>> 113: # Edite o arquivo .env com suas configurações
    114: 
    115: # Execute migrações do banco (se aplicável)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    110: 
    111: # Configure variáveis de ambiente
>>> 112: cp .env.example .env
    113: # Edite o arquivo .env com suas configurações
    114: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    49: # Configure variáveis de ambiente
    50: cp .env.example .env
>>> 51: # Edite .env com suas configurações
    52: 
    53: # Inicie o desenvolvimento

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    48: 
    49: # Configure variáveis de ambiente
>>> 50: cp .env.example .env
    51: # Edite .env com suas configurações
    52: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    328: ```markdown
    329: ❌ Ruim: "Configure as variáveis de ambiente"
>>> 330: ✅ Bom: "Copie .env.example para .env e configure DATABASE_URL com sua string de conexão PostgreSQL"
    331: ```
    332: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    241: ```bash
    242: npm install
>>> 243: cp .env.example .env
    244: npm run dev
    245: ```

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    52: cd [projeto]
    53: npm install
>>> 54: cp .env.example .env
    55: npm run dev
    56: ```

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    450: 
    451: # Configuração
>>> 452: cp .env.example .env
    453: 
    454: # Execução

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    73: 
    74: # Configure variáveis de ambiente
>>> 75: cp .env.example .env
    76: # Configure DATABASE_URL, JWT_SECRET, etc.
    77: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    200: import { apiClient } from './client/api-client';
    201: 
>>> 202: apiClient.defaults.baseURL = process.env.API_URL;
    203: \`\`\`
    204: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    84: - API (4) - Route Handlers, Response objects, HTTP methods, validation
    85: - Middleware (3) - Auth, path matching, edge-compatible
>>> 86: - Environment (3) - NEXT_PUBLIC prefix, validation, .env.local
    87: - Performance (4) - Bundle analyzer, dynamic imports, layout shifts
    88: - Link (3) - next/link, prefetch, scroll

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    145:                 checks.append("✅ .env.example existe")
    146:             else:
>>> 147:                 issues.append("❌ .env.example ausente")
    148:         else:
    149:             issues.append("❌ README.md não existe")

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    143:             if env_example.exists():
    144:                 score += 1
>>> 145:                 checks.append("✅ .env.example existe")
    146:             else:
    147:                 issues.append("❌ .env.example ausente")

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    140:             
    141:             # Variáveis de ambiente
>>> 142:             env_example = self.project_path / ".env.example"
    143:             if env_example.exists():
    144:                 score += 1

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    647:         """Retorna próximos passos após inicialização"""
    648:         steps = [
>>> 649:             "Configure as variáveis de ambiente no arquivo .env",
    650:             "Execute as migrações do banco de dados (se aplicável)",
    651:             "Inicie o servidor de desenvolvimento",

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    551: # Configure variáveis de ambiente
    552: cp .env.example .env
>>> 553: # Edite o arquivo .env com suas configurações
    554: 
    555: # Execute migrações (se aplicável)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    550: 
    551: # Configure variáveis de ambiente
>>> 552: cp .env.example .env
    553: # Edite o arquivo .env com suas configurações
    554: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    35: 34,Middleware,Keep middleware edge-compatible,Middleware runs on Edge runtime,Edge-compatible code only,Node.js APIs in middleware,Edge-compatible auth check,fs.readFile in middleware,High,
    36: 35,Environment,Use NEXT_PUBLIC prefix,Client-accessible env vars need prefix,NEXT_PUBLIC_ for client vars,Server vars exposed to client,NEXT_PUBLIC_API_URL,API_SECRET in client code,High,https://nextjs.org/docs/app/building-your-application/configuring/environment-variables
>>> 37: 36,Environment,Validate env vars,Check required env vars exist,Validate on startup,Undefined env at runtime,if (!process.env.DATABASE_URL) throw,process.env.DATABASE_URL (might be undefined),High,
    38: 37,Environment,Use .env.local for secrets,Local env file for development secrets,.env.local gitignored,Secrets in .env committed,.env.local with secrets,.env with DATABASE_PASSWORD,High,
    39: 38,Performance,Analyze bundle size,Use @next/bundle-analyzer,Bundle analyzer in dev,Ship large bundles blindly,ANALYZE=true npm run build,No bundle analysis,Medium,https://nextjs.org/docs/app/building-your-application/optimizing/bundle-analyzer

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    36: 35,Environment,Use NEXT_PUBLIC prefix,Client-accessible env vars need prefix,NEXT_PUBLIC_ for client vars,Server vars exposed to client,NEXT_PUBLIC_API_URL,API_SECRET in client code,High,https://nextjs.org/docs/app/building-your-application/configuring/environment-variables
    37: 36,Environment,Validate env vars,Check required env vars exist,Validate on startup,Undefined env at runtime,if (!process.env.DATABASE_URL) throw,process.env.DATABASE_URL (might be undefined),High,
>>> 38: 37,Environment,Use .env.local for secrets,Local env file for development secrets,.env.local gitignored,Secrets in .env committed,.env.local with secrets,.env with DATABASE_PASSWORD,High,
    39: 38,Performance,Analyze bundle size,Use @next/bundle-analyzer,Bundle analyzer in dev,Ship large bundles blindly,ANALYZE=true npm run build,No bundle analysis,Medium,https://nextjs.org/docs/app/building-your-application/optimizing/bundle-analyzer
    40: 39,Performance,Use dynamic imports,Code split with next/dynamic,dynamic() for heavy components,Import everything statically,const Chart = dynamic(() => import('./Chart')),import Chart from './Chart',Medium,https://nextjs.org/docs/app/building-your-application/optimizing/lazy-loading

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    271:     
    272:     def _generate_env_example(self, project_type: str) -> str:
>>> 273:         """Gera .env.example baseado no tipo de projeto"""
    274:         
    275:         base_vars = """

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    133:             env_content = self._generate_env_example(project_type)
    134:             files.append({
>>> 135:                 "path": ".env.example",
    136:                 "content": env_content,
    137:                 "type": "env"

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    129:         })
    130:         
>>> 131:         # .env.example (se aplicável)
    132:         if project_type in ["web", "api"]:
    133:             env_content = self._generate_env_example(project_type)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    84:  */
    85: export function getDefaultProjectsDirectory() {
>>> 86:     return process.env.NODE_ENV === "production"
    87:         ? "/app/projects"
    88:         : process.cwd();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    41: ### Tier 1: Mínimo Viável (Todo Projeto)
    42: - README.md com getting started
>>> 43: - .env.example com variáveis obrigatórias
    44: - OpenAPI spec (se tiver API)
    45: - Scripts básicos (dev, build, test)

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    146: \`\`\`typescript
    147: // Trocar mocks por API real
>>> 148: if (process.env.NODE_ENV === 'production') {
    149:   // MSW não inicia
    150:   // Cliente usa API real

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    3: import cors from "cors";
    4: import { randomUUID } from "crypto";
>>> 5: const PORT = parseInt(process.env.PORT || "3000", 10);
    6: const app = express();
    7: // Middleware

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    77:  */
    78: export function validarGateComTemplate(fase, entregavel, tier = "base", diretorioContent, checklistItems) {
>>> 79:     if (process.env.NODE_ENV !== 'production') {
    80:         console.warn(`[DEPRECATED v6.3] validarGateComTemplate() foi substituído por IntelligentGateEngine.validateDeliverable(). ` +
    81:             `Será removido na v7.0.`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    88: SKIP_DIRS = {'node_modules', '.git', 'dist', 'build', '__pycache__', '.venv', 'venv', '.next'}
    89: CODE_EXTENSIONS = {'.js', '.ts', '.jsx', '.tsx', '.py', '.go', '.java', '.rb', '.php'}
>>> 90: CONFIG_EXTENSIONS = {'.json', '.yaml', '.yml', '.toml', '.env', '.env.local', '.env.development'}
    91: 
    92: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    384:     service: process.env.SERVICE_NAME,
    385:     version: process.env.SERVICE_VERSION,
>>> 386:     environment: process.env.NODE_ENV
    387:   },
    388:   transports: [

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    383:   defaultMeta: {
    384:     service: process.env.SERVICE_NAME,
>>> 385:     version: process.env.SERVICE_VERSION,
    386:     environment: process.env.NODE_ENV
    387:   },

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    382:   ),
    383:   defaultMeta: {
>>> 384:     service: process.env.SERVICE_NAME,
    385:     version: process.env.SERVICE_VERSION,
    386:     environment: process.env.NODE_ENV

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    843: Sentry.init({
    844:   dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
>>> 845:   environment: process.env.NODE_ENV,
    846:   tracesSampleRate: 1.0,
    847: });

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    74:         id: "A03-EVAL",
    75:         name: "Uso de eval",
>>> 76:         description: "Uso de eval() que pode executar código arbitrário",
    77:         severity: "critical",
    78:         pattern: /\beval\s*\(/i,

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    77:         severity: "critical",
    78:         pattern: /\beval\s*\(/i,
>>> 79:         suggestion: "Nunca use eval() com input do usuário. Use JSON.parse para dados",
    80:         references: ["https://owasp.org/Top10/A03_2021-Injection/"],
    81:     },

Decoded base64 content: ��j)ޯ��zǧ��b�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-zo쵧$������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+-zo쵧$������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u��z�.�\�z�'���L�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r۫{�(��'z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���zا�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: j�e�ƭ������z�������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: j�e�ƭ������z����%���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ޭ�^J֭��ڭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ږ'Z��ڶ�z���֭y6�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: j�e�ƭ�����b�,�ߢ{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u��z�.�\�z�'���L�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r۫{�(��'z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�ܢw��?��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r۫{��u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r۫{��u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r۫{��u�^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��b��ܕ�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��ޞ�?��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��ޞ�?��m

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�ܢw��?j�h

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�ܢw��?j�h

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�ܢw��?j�h

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u��)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u��)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u��)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u�݊�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���r۫{�(��'z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��b��&��nW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��u��)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ~����{^�)��֥

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?��{�r���*m��&��"�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i��ǒ��^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i��ǒ��^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���w���Ա��Rǫ ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i������

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: v��r���w���➛�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i��ǃy����Uj[�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��j)ޯ��zǧ��b�v�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����ޭ��{��i�rZ'xI^���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?��{�r���*m��&��"�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u���,�w�jh���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u���,�w�jh���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u���,�w�jh���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: m���)u�^���z�)u�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?��{�������&��"�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?��{�r���*m��&��"�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    78:     
    79:     try:
>>> 80:         proc = subprocess.run(
    81:             linter["cmd"],
    82:             cwd=str(cwd),

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    105: | ❌ NEVER DO | Why It's Wrong | ✅ ALWAYS DO |
    106: |-------------|----------------|--------------|
>>> 107: | **Token in AsyncStorage** | Easily accessible, stolen on rooted device | `SecureStore` / `Keychain` / `EncryptedSharedPreferences` |
    108: | **Hardcode API keys** | Reverse engineered from APK/IPA | Environment variables, secure storage |
    109: | **Skip SSL pinning** | MITM attacks possible | Pin certificates in production |

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    227:         │   │
    228:         │   └── ✅ Secure Storage
>>> 229:         │       ├── iOS: Keychain
    230:         │       ├── Android: EncryptedSharedPreferences
    231:         │       └── RN: expo-secure-store / react-native-keychain

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    229:         │       ├── iOS: Keychain
    230:         │       ├── Android: EncryptedSharedPreferences
>>> 231:         │       └── RN: expo-secure-store / react-native-keychain
    232:         │
    233:         ├── User preferences (settings, theme)

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    362: 
    363: ✅ ALWAYS store tokens in:
>>> 364: ├── iOS: Keychain
    365: ├── Android: EncryptedSharedPreferences
    366: ├── Expo: SecureStore

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    506: 
    507: ```
>>> 508: Secrets?             → SecureStore / Keychain
    509: Settings?            → AsyncStorage / UserDefaults
    510: Structured data?     → SQLite

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    255: REFRESH TOKEN:
    256: ├── Long-lived (30-90 days)
>>> 257: ├── Stored in SecureStore/Keychain
    258: ├── Used only to get new access token
    259: └── Rotate on each use (security)

Decoded base64 content: I�.�䭢��)윅��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    326:         # 8.1 Secure Storage Check
    327:         has_async_storage = bool(re.search(r'AsyncStorage|@react-native-async-storage', content))
>>> 328:         has_secure_storage = bool(re.search(r'SecureStore|Keychain|EncryptedSharedPreferences', content))
    329:         has_token_storage = bool(re.search(r'token|jwt|auth.*storage', content, re.IGNORECASE))
    330:         if has_token_storage and has_async_storage and not has_secure_storage:

Decoded base64 content: r����h��&M��j��j�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����h��&M��j��j�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: 6�b~'�*'�m�$

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: Z�)�
�b�pn��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Cz��yԭjׅ�����+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    20:             output_path = f.name
    21:         
>>> 22:         result = subprocess.run(
    23:             [
    24:                 "lighthouse",

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    301:         # Executar testes com cobertura se não existir
    302:         try:
>>> 303:             result = subprocess.run(
    304:                 ["npm", "run", "test:coverage"],
    305:                 cwd=project_path,

Decoded base64 content: �{^�����ŭ��Š�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �+a�����,�׬�)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �װ��7�^@߮6��ﰺ�u��>�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^B楊܆j׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ޭ�^N��u'��*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��nZ ����w��)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���ƥ�x���v+���0

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: .����j����ۜ�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���ƥ�x���v+���0

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?���Ǭ�K�'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    702:         "max_file_size": "10MB",
    703:         "allowed_extensions": [".ts", ".tsx", ".js", ".jsx", ".vue", ".json"],
>>> 704:         "forbidden_patterns": ["eval(", "innerHTML", "document.write"]
    705:     },
    706:     "api_calls": {

Decoded base64 content: E朷�n{�'��Z���z[^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: E�n��n�֧w��&�V�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: M���)���Zu��杕�,

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    612:                             if 'innerHTML' in content and 'sanitize' not in content:
    613:                                 security_issues += 1
>>> 614:                             if 'eval(' in content:
    615:                                 security_issues += 1
    616:                             if 'document.write' in content:

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    689:                                 security_issues.append(f"Uso perigoso de innerHTML em {file}")
    690:                             
>>> 691:                             # Verificar eval() usage
    692:                             if 'eval(' in content:
    693:                                 security_issues.append(f"Uso perigoso de eval() em {file}")

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    690:                             
    691:                             # Verificar eval() usage
>>> 692:                             if 'eval(' in content:
    693:                                 security_issues.append(f"Uso perigoso de eval() em {file}")
    694:                             

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    145: ### Proteção de Dados (5 pontos)
    146: - [ ] **(2pt)** Tokens armazenados com segurança
>>> 147:   - iOS: Keychain
    148:   - Android: EncryptedSharedPreferences
    149:   - Nunca em AsyncStorage/SharedPreferences plain

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    691:                             # Verificar eval() usage
    692:                             if 'eval(' in content:
>>> 693:                                 security_issues.append(f"Uso perigoso de eval() em {file}")
    694:                             
    695:                             # Verificar document.write

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?r���w����z�h�ȯxj�w�^��'�+���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >���K��B�{Z�w�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �ǫ�'��k�ۜ�'��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?r���w������h��n��'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��?��$���x*.�׫

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u��z�.�\�z�'���L�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: "{^�v���ږ,ڶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    101: - [ ] **(2pt)** Dados persistidos corretamente (sobrevivem a restart do app)
    102: - [ ] **(2pt)** Dados sensíveis criptografados (tokens, senhas, PII)
>>> 103:   - iOS: Keychain
    104:   - Android: EncryptedSharedPreferences
    105: - [ ] **(1pt)** Cache implementado adequadamente (imagens, dados de API)

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    344: 
    345: class KeychainManager {
>>> 346:     static let shared = KeychainManager()
    347:     
    348:     func save(_ value: String, forKey key: String) throws {

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    338: ```
    339: 
>>> 340: ### Keychain (Dados Sensíveis)
    341: 
    342: ```swift

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    343: import Security
    344: 
>>> 345: class KeychainManager {
    346:     static let shared = KeychainManager()
    347:     

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    360:         let status = SecItemAdd(query as CFDictionary, nil)
    361:         guard status == errSecSuccess else {
>>> 362:             throw KeychainError.saveFailed
    363:         }
    364:     }

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    391:         let status = SecItemDelete(query as CFDictionary)
    392:         guard status == errSecSuccess || status == errSecItemNotFound else {
>>> 393:             throw KeychainError.deleteFailed
    394:         }
    395:     }

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    396: }
    397: 
>>> 398: enum KeychainError: Error {
    399:     case saveFailed
    400:     case deleteFailed

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    402: 
    403: // Uso
>>> 404: try KeychainManager.shared.save("token123", forKey: "authToken")
    405: let token = try KeychainManager.shared.get(forKey: "authToken")
    406: ```

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    403: // Uso
    404: try KeychainManager.shared.save("token123", forKey: "authToken")
>>> 405: let token = try KeychainManager.shared.get(forKey: "authToken")
    406: ```
    407: 

Decoded base64 content: r��z�E����� �

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��z�E����� �

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���,�t7�r���*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'� V��g�z��=�,Š�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'� V��g�z��=�,Š�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �'� V��g�z��=�,Š�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��{�
�^�V����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    585: 
    586: ```typescript
>>> 587: import * as Keychain from 'react-native-keychain';
    588: 
    589: // Salvar credenciais

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    588: 
    589: // Salvar credenciais
>>> 590: await Keychain.setGenericPassword('username', 'password', {
    591:   service: 'com.myapp.auth',
    592:   accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    590: await Keychain.setGenericPassword('username', 'password', {
    591:   service: 'com.myapp.auth',
>>> 592:   accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED,
    593: });
    594: 

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    594: 
    595: // Recuperar credenciais
>>> 596: const credentials = await Keychain.getGenericPassword({
    597:   service: 'com.myapp.auth',
    598: });

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    604: 
    605: // Remover credenciais
>>> 606: await Keychain.resetGenericPassword({
    607:   service: 'com.myapp.auth',
    608: });

Decoded base64 content: ��b�Ѣ�Mj��j�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: >���Cz֢�Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �֯����¢{Z�w�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����h��&M��j��j�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����h��&M��j��j�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ���g�z��=�,Š�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: jwk�'j�n�w�.�������^���y���i

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    187: 
    188: - [ ] Dados sensíveis criptografados
>>> 189: - [ ] Tokens armazenados com segurança (SecureStore/Keychain)
    190: - [ ] Validação de inputs
    191: - [ ] HTTPS obrigatório

Decoded base64 content: I�.�䭢��)윅��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����^��Z��?

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����^��Z��?��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(�����jjez�ݡ˦z{Z�*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����b�� ��%y��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �.���jب���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �.���jب���&��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {"alg":"HS256","typ":"JWT"}

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��&��ޞ�?��^��?Rǫ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �����no������.j������h

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    178: ### 1. Secure Storage
    179: ```javascript
>>> 180: // React Native com Keychain
    181: import * as Keychain from 'react-native-keychain';
    182: 

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    179: ```javascript
    180: // React Native com Keychain
>>> 181: import * as Keychain from 'react-native-keychain';
    182: 
    183: const secureStorage = {

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    183: const secureStorage = {
    184:   async set(key, value) {
>>> 185:     await Keychain.setInternetCredentials(
    186:       'com.myapp',
    187:       key,

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    191:   
    192:   async get(key) {
>>> 193:     const credentials = await Keychain.getInternetCredentials('com.myapp');
    194:     if (credentials.password) {
    195:       return JSON.parse(credentials.password)[key];

Keychain access

Detected by automated pattern matching (rule DE-007) with medium confidence. May be a false positive.

    507: - **Data Encryption:** AES-256
    508: - **API Security:** OAuth 2.0 + JWT
>>> 509: - **Local Storage:** Keychain/Keystore
    510: - **Network Security:** SSL Pinning
    511: - **Biometric Auth:** TouchID/FaceID

Decoded base64 content: r��z{�����b��?�^r&���Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��z{�����b��?�^r&���Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    89:     
    90:     try:
>>> 91:         proc = subprocess.run(
    92:             cmd,
    93:             cwd=str(cwd),

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    203: |---------|------|----------|
    204: | **String concat in queries** | Injection | `"SELECT * FROM " + user_input` |
>>> 205: | **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |
    206: | **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |
    207: | **Path manipulation** | Traversal | User input in file paths |

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    203: |---------|------|----------|
    204: | **String concat in queries** | Injection | `"SELECT * FROM " + user_input` |
>>> 205: | **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |
    206: | **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |
    207: | **Path manipulation** | Traversal | User input in file paths |

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    23: - [ ] Input validation on all user data
    24: - [ ] Output encoding for XSS
>>> 25: - [ ] No eval() or dynamic code execution
    26: 
    27: ### A04: Insecure Design

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    61: DANGEROUS_PATTERNS = [
    62:     # Injection risks
>>> 63:     (r'eval\s*\(', "eval() usage", "critical", "Code Injection risk"),
    64:     (r'exec\s*\(', "exec() usage", "critical", "Code Injection risk"),
    65:     (r'new\s+Function\s*\(', "Function constructor", "high", "Code Injection risk"),

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    62:     # Injection risks
    63:     (r'eval\s*\(', "eval() usage", "critical", "Code Injection risk"),
>>> 64:     (r'exec\s*\(', "exec() usage", "critical", "Code Injection risk"),
    65:     (r'new\s+Function\s*\(', "Function constructor", "high", "Code Injection risk"),
    66:     (r'child_process\.exec\s*\(', "child_process.exec", "high", "Command Injection risk"),

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    64:     (r'exec\s*\(', "exec() usage", "critical", "Code Injection risk"),
    65:     (r'new\s+Function\s*\(', "Function constructor", "high", "Code Injection risk"),
>>> 66:     (r'child_process\.exec\s*\(', "child_process.exec", "high", "Command Injection risk"),
    67:     (r'subprocess\.call\s*\([^)]*shell\s*=\s*True', "subprocess with shell=True", "high", "Command Injection risk"),
    68:     

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    132:     if (Path(project_path) / "package.json").exists():
    133:         try:
>>> 134:             result = subprocess.run(
    135:                 ["npm", "audit", "--json"],
    136:                 cwd=project_path,

Decoded base64 content: r���ƿj[Z�g����j,Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ƿj[Z�g����j,Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ƿj[Z�g����j,Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �����"jX����y���)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���ƿj[Z�g����j,Z

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    126:         const importRegex = /import\s+.*?\s+from\s+['"](.+?)['"]/g;
    127:         let match;
>>> 128:         while ((match = importRegex.exec(content)) !== null) {
    129:             const importPath = match[1];
    130:             // Apenas imports relativos

Decoded base64 content: n�t7�zw^�̆��a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t7�zw^�̆��a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: I�.�+rU�bu�h�jڦ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �����+{�ږ'Z�*'�V�z�?I�.�+rU�bu�h�jڦ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: I�.�+rU�bu�h�jڦ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �����+{�ږ'Z�*'�V�z�?I�.�+rU�bu�h�jڦ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ޭ�^wi�)��ܶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ޭ�^wi�)��ܶ*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �b���nW�jX�j�+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(���M驕�^=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(���M驕�^=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    105:         padrao.lastIndex = 0; // Reset regex state
    106:         let match;
>>> 107:         while ((match = padrao.exec(entregavel)) !== null) {
    108:             const decisaoTexto = match[1]?.trim();
    109:             if (!decisaoTexto || decisaoTexto.length < 5)

Decoded base64 content: ����b�� ��%y��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (5.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    12: 11,DataFetching,Use $fetch for non-reactive requests,$fetch for event handlers and non-component code,$fetch in event handlers or server routes,useFetch in click handlers,"async function submit() { await $fetch('/api/submit', { method: 'POST' }) }","async function submit() { await useFetch('/api/submit') }",High,https://nuxt.com/docs/api/utils/dollarfetch
    13: 12,DataFetching,Use lazy option for non-blocking fetch,Defer data fetching for better initial load,lazy: true for below-fold content,Blocking fetch for non-critical data,"useFetch('/api/comments', { lazy: true })",await useFetch('/api/comments') for footer,Medium,https://nuxt.com/docs/api/composables/use-fetch
>>> 14: 13,DataFetching,Use server option to control fetch location,Choose where data is fetched,server: false for client-only data,Server fetch for user-specific client data,"useFetch('/api/user-preferences', { server: false })",useFetch for localStorage-dependent data,Medium,https://nuxt.com/docs/api/composables/use-fetch
    15: 14,DataFetching,Use pick to reduce payload size,Select only needed fields from response,pick option for large responses,Fetching entire objects when few fields needed,"useFetch('/api/user', { pick: ['id', 'name'] })",useFetch('/api/user') then destructure,Low,https://nuxt.com/docs/api/composables/use-fetch
    16: 15,DataFetching,Use transform for data manipulation,Transform data before storing in state,transform option for data shaping,Manual transformation after fetch,"useFetch('/api/posts', { transform: (posts) => posts.map(p => p.title) })",const titles = data.value.map(p => p.title),Low,https://nuxt.com/docs/api/composables/use-fetch

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    852:     const color = this.getSeverityColor(severity);
    853:     
>>> 854:     await fetch(webhook, {
    855:       method: 'POST',
    856:       headers: { 'Content-Type': 'application/json' },

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    387: def extract_from_api(url, headers=None, params=None):
    388:     """Extrai dados de API REST"""
>>> 389:     response = requests.get(url, headers=headers, params=params)
    390:     response.raise_for_status()
    391:     return response.json()

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    11: 10,DataFetching,Use useAsyncData for complex fetching,Fine-grained control over async data,useAsyncData for CMS or custom fetching,useFetch for non-URL data sources,"const { data } = await useAsyncData('posts', () => cms.getPosts())","const { data } = await useFetch(() => cms.getPosts())",Medium,https://nuxt.com/docs/api/composables/use-async-data
    12: 11,DataFetching,Use $fetch for non-reactive requests,$fetch for event handlers and non-component code,$fetch in event handlers or server routes,useFetch in click handlers,"async function submit() { await $fetch('/api/submit', { method: 'POST' }) }","async function submit() { await useFetch('/api/submit') }",High,https://nuxt.com/docs/api/utils/dollarfetch
>>> 13: 12,DataFetching,Use lazy option for non-blocking fetch,Defer data fetching for better initial load,lazy: true for below-fold content,Blocking fetch for non-critical data,"useFetch('/api/comments', { lazy: true })",await useFetch('/api/comments') for footer,Medium,https://nuxt.com/docs/api/composables/use-fetch
    14: 13,DataFetching,Use server option to control fetch location,Choose where data is fetched,server: false for client-only data,Server fetch for user-specific client data,"useFetch('/api/user-preferences', { server: false })",useFetch for localStorage-dependent data,Medium,https://nuxt.com/docs/api/composables/use-fetch
    15: 14,DataFetching,Use pick to reduce payload size,Select only needed fields from response,pick option for large responses,Fetching entire objects when few fields needed,"useFetch('/api/user', { pick: ['id', 'name'] })",useFetch('/api/user') then destructure,Low,https://nuxt.com/docs/api/composables/use-fetch

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    96: fetch() is UNCACHED by default in v15!
    97: Do: fetch(url, { cache: 'force-cache' })
>>> 98: Don't: fetch(url) // Uncached!
    99: Severity: High
    100: ```

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    95: Configure caching explicitly
    96: fetch() is UNCACHED by default in v15!
>>> 97: Do: fetch(url, { cache: 'force-cache' })
    98: Don't: fetch(url) // Uncached!
    99: Severity: High

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    94: ```csv
    95: Configure caching explicitly
>>> 96: fetch() is UNCACHED by default in v15!
    97: Do: fetch(url, { cache: 'force-cache' })
    98: Don't: fetch(url) // Uncached!

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    10: 9,DataFetching,Use useFetch for simple data fetching,Wrapper around useAsyncData for URL fetching,useFetch for API calls,$fetch in onMounted,"const { data } = await useFetch('/api/posts')","onMounted(async () => { data.value = await $fetch('/api/posts') })",High,https://nuxt.com/docs/api/composables/use-fetch
    11: 10,DataFetching,Use useAsyncData for complex fetching,Fine-grained control over async data,useAsyncData for CMS or custom fetching,useFetch for non-URL data sources,"const { data } = await useAsyncData('posts', () => cms.getPosts())","const { data } = await useFetch(() => cms.getPosts())",Medium,https://nuxt.com/docs/api/composables/use-async-data
>>> 12: 11,DataFetching,Use $fetch for non-reactive requests,$fetch for event handlers and non-component code,$fetch in event handlers or server routes,useFetch in click handlers,"async function submit() { await $fetch('/api/submit', { method: 'POST' }) }","async function submit() { await useFetch('/api/submit') }",High,https://nuxt.com/docs/api/utils/dollarfetch
    13: 12,DataFetching,Use lazy option for non-blocking fetch,Defer data fetching for better initial load,lazy: true for below-fold content,Blocking fetch for non-critical data,"useFetch('/api/comments', { lazy: true })",await useFetch('/api/comments') for footer,Medium,https://nuxt.com/docs/api/composables/use-fetch
    14: 13,DataFetching,Use server option to control fetch location,Choose where data is fetched,server: false for client-only data,Server fetch for user-specific client data,"useFetch('/api/user-preferences', { server: false })",useFetch for localStorage-dependent data,Medium,https://nuxt.com/docs/api/composables/use-fetch

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    56: 55,Environment,Keep secrets in private config,Server-only secrets in runtimeConfig root,runtimeConfig.apiSecret (server only),Secrets in public config,runtimeConfig: { dbPassword: '' },runtimeConfig: { public: { dbPassword: '' } },High,https://nuxt.com/docs/guide/going-further/runtime-config
    57: 56,Performance,Use Lazy prefix for code splitting,Lazy load components with Lazy prefix,<LazyComponent> for below-fold,Eager load all components,<LazyMountainsList v-if="show"/>,<MountainsList/> for hidden content,Medium,https://nuxt.com/docs/guide/directory-structure/components
>>> 58: 57,Performance,Use useLazyFetch for non-blocking data,Alias for useFetch with lazy: true,useLazyFetch for secondary data,useFetch for all requests,"const { data } = useLazyFetch('/api/comments')",await useFetch for comments section,Medium,https://nuxt.com/docs/api/composables/use-lazy-fetch
    59: 58,Performance,Use lazy hydration for interactivity,Delay component hydration until needed,LazyComponent with hydration strategy,Immediate hydration for all,<LazyModal hydrate-on-visible/>,<Modal/> in footer,Low,https://nuxt.com/docs/guide/going-further/experimental-features

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    529: 
    530:       const queryParams = buildQueryParams();
>>> 531:       const response = await fetch(`/api/products?${queryParams}`);
    532:       
    533:       if (!response.ok) {

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    801:           return response;
    802:         }
>>> 803:         return fetch(event.request);
    804:       })
    805:   );

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    9: 8,Rendering,Use .server suffix for server-only components,Mark components to render only on server,ComponentName.server.vue suffix,Manual server check,HeavyMarkdown.server.vue,v-if="process.server",Low,https://nuxt.com/docs/guide/directory-structure/components
    10: 9,DataFetching,Use useFetch for simple data fetching,Wrapper around useAsyncData for URL fetching,useFetch for API calls,$fetch in onMounted,"const { data } = await useFetch('/api/posts')","onMounted(async () => { data.value = await $fetch('/api/posts') })",High,https://nuxt.com/docs/api/composables/use-fetch
>>> 11: 10,DataFetching,Use useAsyncData for complex fetching,Fine-grained control over async data,useAsyncData for CMS or custom fetching,useFetch for non-URL data sources,"const { data } = await useAsyncData('posts', () => cms.getPosts())","const { data } = await useFetch(() => cms.getPosts())",Medium,https://nuxt.com/docs/api/composables/use-async-data
    12: 11,DataFetching,Use $fetch for non-reactive requests,$fetch for event handlers and non-component code,$fetch in event handlers or server routes,useFetch in click handlers,"async function submit() { await $fetch('/api/submit', { method: 'POST' }) }","async function submit() { await useFetch('/api/submit') }",High,https://nuxt.com/docs/api/utils/dollarfetch
    13: 12,DataFetching,Use lazy option for non-blocking fetch,Defer data fetching for better initial load,lazy: true for below-fold content,Blocking fetch for non-critical data,"useFetch('/api/comments', { lazy: true })",await useFetch('/api/comments') for footer,Medium,https://nuxt.com/docs/api/composables/use-fetch

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    8: 7,Rendering,Use .client suffix for client-only components,Mark components to render only on client,ComponentName.client.vue suffix,v-if with process.client check,Comments.client.vue,<div v-if="process.client"><Comments/></div>,Medium,https://nuxt.com/docs/guide/directory-structure/components
    9: 8,Rendering,Use .server suffix for server-only components,Mark components to render only on server,ComponentName.server.vue suffix,Manual server check,HeavyMarkdown.server.vue,v-if="process.server",Low,https://nuxt.com/docs/guide/directory-structure/components
>>> 10: 9,DataFetching,Use useFetch for simple data fetching,Wrapper around useAsyncData for URL fetching,useFetch for API calls,$fetch in onMounted,"const { data } = await useFetch('/api/posts')","onMounted(async () => { data.value = await $fetch('/api/posts') })",High,https://nuxt.com/docs/api/composables/use-fetch
    11: 10,DataFetching,Use useAsyncData for complex fetching,Fine-grained control over async data,useAsyncData for CMS or custom fetching,useFetch for non-URL data sources,"const { data } = await useAsyncData('posts', () => cms.getPosts())","const { data } = await useFetch(() => cms.getPosts())",Medium,https://nuxt.com/docs/api/composables/use-async-data
    12: 11,DataFetching,Use $fetch for non-reactive requests,$fetch for event handlers and non-component code,$fetch in event handlers or server routes,useFetch in click handlers,"async function submit() { await $fetch('/api/submit', { method: 'POST' }) }","async function submit() { await useFetch('/api/submit') }",High,https://nuxt.com/docs/api/utils/dollarfetch

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    291:     setLoading(true);
    292:     try {
>>> 293:       const response = await fetch('/api/data');
    294:       const result = await response.json();
    295:       setData(result);

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    290:         
    291:         do {
>>> 292:             let response: ProductsResponse = try await APIClient.shared.fetch("/products")
    293:             products = response.products
    294:         } catch {

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    146: 
    147: ```typescript
>>> 148: const especialista = await fetch('maestro://especialista/debugging-troubleshooting');
    149: ```
    150: 

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2: 1,Async Waterfall,Defer Await,async await defer branch,React/Next.js,Move await into branches where actually used to avoid blocking unused code paths,Move await operations into branches where they're needed,Await at top of function blocking all branches,"if (skip) return { skipped: true }; const data = await fetch()","const data = await fetch(); if (skip) return { skipped: true }",Critical
    3: 2,Async Waterfall,Promise.all Parallel,promise all parallel concurrent,React/Next.js,Execute independent async operations concurrently using Promise.all(),Use Promise.all() for independent operations,Sequential await for independent operations,"const [user, posts] = await Promise.all([fetchUser(), fetchPosts()])","const user = await fetchUser(); const posts = await fetchPosts()",Critical
>>> 4: 3,Async Waterfall,Dependency Parallelization,better-all dependency parallel,React/Next.js,Use better-all for operations with partial dependencies to maximize parallelism,Use better-all to start each task at earliest possible moment,Wait for unrelated data before starting dependent fetch,"await all({ user() {}, config() {}, profile() { return fetch((await this.$.user).id) } })","const [user, config] = await Promise.all([...]); const profile = await fetchProfile(user.id)",Critical
    5: 4,Async Waterfall,API Route Optimization,api route waterfall promise,React/Next.js,In API routes start independent operations immediately even if not awaited yet,Start promises early and await late,Sequential awaits in API handlers,"const sessionP = auth(); const configP = fetchConfig(); const session = await sessionP","const session = await auth(); const config = await fetchConfig()",Critical
    6: 5,Async Waterfall,Suspense Boundaries,suspense streaming boundary,React/Next.js,Use Suspense to show wrapper UI faster while data loads,Wrap async components in Suspense boundaries,Await data blocking entire page render,"<Suspense fallback={<Skeleton />}><DataDisplay /></Suspense>","const data = await fetchData(); return <DataDisplay data={data} />",High

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    209:     Networking.addPublicKeyPin(
    210:       'api.example.com',
>>> 211:       ['sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=']
    212:     );
    213:   }

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

>>> 1: {"version":3,"file":"SecurityValidatorWrapper.js","sourceRoot":"","sources":["../../../../src/core/validation/layers/SecurityValidatorWrapper.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,IAAI,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAEvF;;;GAGG;AACH,MAAM,OAAO,wBAAwB;IACzB,SAAS,CAA0B;IAE3C;QACI,IAAI,CAAC,SAAS,GAAG,IAAI,uBAAuB,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,OAA2B;QACpD,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YAExD,MAAM,MAAM,GAAsB,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;YACtD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,KAAK,IAAI,EAAE,CAAC;YAE3B,OAAO;gBACH,KAAK,EAAE,WAAW;gBAClB,KAAK;gBACL,MAAM;gBACN,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC;gBAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACtC,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,+BAA+B;YAC/B,OAAO;gBACH,KAAK,EAAE,WAAW;gBAClB,KAAK,EAAE,EAAE;gBACT,MAAM,EAAE,IAAI;gBACZ,MAAM,EAAE,EAAE;gBACV,WAAW,EAAE,CAAC,kCAAkC,CAAC;gBACjD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACtC,CAAC;QACN,CAAC;IACL,CAAC;IAEO,mBAAmB,CAAC,MAAyB;QACjD,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QAC/D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,WAAW,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QACvD,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClB,WAAW,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QAC1E,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,WAAW,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,WAAW,CAAC;IACvB,CAAC;CACJ"}

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    29: 28,Forms,Debounce rapid input changes,Debounce search/filter inputs,useDeferredValue or debounce for search,Filter on every keystroke,useDeferredValue(searchTerm),useEffect filtering on every change,Medium,https://react.dev/reference/react/useDeferredValue
    30: 29,Hooks,Follow rules of hooks,Only call hooks at top level and in React functions,Hooks at component top level,Hooks in conditions loops or callbacks,"const [x, setX] = useState()","if (cond) { const [x, setX] = useState() }",High,https://react.dev/reference/rules/rules-of-hooks
>>> 31: 30,Hooks,Custom hooks for reusable logic,Extract shared stateful logic to custom hooks,useCustomHook for reusable patterns,Duplicate hook logic across components,const { data } = useFetch(url),Duplicate useEffect/useState in components,Medium,https://react.dev/learn/reusing-logic-with-custom-hooks
    32: 31,Hooks,Name custom hooks with use prefix,Custom hooks must start with use,useFetch useForm useAuth,fetchData or getData for hook,function useFetch(url),function fetchData(url),High,
    33: 32,Context,Use context for global data,Context for theme auth locale,Context for app-wide state,Context for frequently changing data,<ThemeContext.Provider>,Context for form field values,Medium,https://react.dev/learn/passing-data-deeply-with-context

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    30: 29,Hooks,Follow rules of hooks,Only call hooks at top level and in React functions,Hooks at component top level,Hooks in conditions loops or callbacks,"const [x, setX] = useState()","if (cond) { const [x, setX] = useState() }",High,https://react.dev/reference/rules/rules-of-hooks
    31: 30,Hooks,Custom hooks for reusable logic,Extract shared stateful logic to custom hooks,useCustomHook for reusable patterns,Duplicate hook logic across components,const { data } = useFetch(url),Duplicate useEffect/useState in components,Medium,https://react.dev/learn/reusing-logic-with-custom-hooks
>>> 32: 31,Hooks,Name custom hooks with use prefix,Custom hooks must start with use,useFetch useForm useAuth,fetchData or getData for hook,function useFetch(url),function fetchData(url),High,
    33: 32,Context,Use context for global data,Context for theme auth locale,Context for app-wide state,Context for frequently changing data,<ThemeContext.Provider>,Context for form field values,Medium,https://react.dev/learn/passing-data-deeply-with-context
    34: 33,Context,Split contexts by concern,Separate contexts for different domains,ThemeContext + AuthContext,One giant AppContext,<ThemeProvider><AuthProvider>,<AppProvider value={{theme user...}}>,Medium,

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    39: 38,Performance,Batch state updates,React 18 auto-batches but be aware,Let React batch related updates,Manual batching with flushSync,setA(1); setB(2); // batched,flushSync(() => setA(1)),Low,https://react.dev/learn/queueing-a-series-of-state-updates
    40: 39,ErrorHandling,Use error boundaries,Catch JavaScript errors in component tree,ErrorBoundary wrapping sections,Let errors crash entire app,<ErrorBoundary><App/></ErrorBoundary>,No error handling,High,https://react.dev/reference/react/Component#catching-rendering-errors-with-an-error-boundary
>>> 41: 40,ErrorHandling,Handle async errors,Catch errors in async operations,try/catch in async handlers,Unhandled promise rejections,try { await fetch() } catch(e) {},await fetch() // no catch,High,
    42: 41,Testing,Test behavior not implementation,Test what user sees and does,Test renders and interactions,Test internal state or methods,expect(screen.getByText('Hello')),expect(component.state.name),Medium,https://testing-library.com/docs/react-testing-library/intro/
    43: 42,Testing,Use testing-library queries,Use accessible queries,getByRole getByLabelText,getByTestId for everything,getByRole('button'),getByTestId('submit-btn'),Medium,https://testing-library.com/docs/queries/about#priority

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    112: → Severity: High
    113: → Guideline: "Configure caching explicitly (fetch uncached por padrão!)"
>>> 114: → Code Good: fetch(url, { cache: 'force-cache' })
    115: ```
    116: 

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    422: def fetch_url(url: str):
    423:     # VULNERABILIDADE: Permite qualquer URL
>>> 424:     response = requests.get(url)
    425:     return response.json()
    426: ```

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    456:     
    457:     # MITIGAÇÃO: Timeout e validação
>>> 458:     response = requests.get(url, timeout=10)
    459:     return response.json()
    460: ```

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    198: // Carregar especialista da próxima fase
    199: const proximaFase = novoEstado.fases[novoEstado.fase_atual - 1];
>>> 200: const especialista = await fetch(`maestro://especialista/${proximaFase.especialista}`);
    201: ```
    202: 

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    65:    - **migracao**: Mudança de padrão/arquitetura
    66: 
>>> 67:    Escolha: [complexidade/duplicacao/performance/manutencao/migracao]
    68: 
    69: 3. (Opcional) Arquivos principais:

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    187: 
    188: ```typescript
>>> 189: const especialista = await fetch('maestro://especialista/gestao-de-produto');
    190: // Aplicar persona e instruções do especialista
    191: ```

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    270:         else {
    271:             const url = this.buildUrlTemplate(endpoint.path);
>>> 272:             func += `  const response = await fetch(\`\${BASE_URL}${url}\`, {\n`;
    273:             func += `    method: '${endpoint.method}',\n`;
    274:             if (endpoint.request?.body) {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1: No,Category,Issue,Keywords,Platform,Description,Do,Don't,Code Example Good,Code Example Bad,Severity
>>> 2: 1,Async Waterfall,Defer Await,async await defer branch,React/Next.js,Move await into branches where actually used to avoid blocking unused code paths,Move await operations into branches where they're needed,Await at top of function blocking all branches,"if (skip) return { skipped: true }; const data = await fetch()","const data = await fetch(); if (skip) return { skipped: true }",Critical
    3: 2,Async Waterfall,Promise.all Parallel,promise all parallel concurrent,React/Next.js,Execute independent async operations concurrently using Promise.all(),Use Promise.all() for independent operations,Sequential await for independent operations,"const [user, posts] = await Promise.all([fetchUser(), fetchPosts()])","const user = await fetchUser(); const posts = await fetchPosts()",Critical
    4: 3,Async Waterfall,Dependency Parallelization,better-all dependency parallel,React/Next.js,Use better-all for operations with partial dependencies to maximize parallelism,Use better-all to start each task at earliest possible moment,Wait for unrelated data before starting dependent fetch,"await all({ user() {}, config() {}, profile() { return fetch((await this.$.user).id) } })","const [user, config] = await Promise.all([...]); const profile = await fetchProfile(user.id)",Critical

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    15: 14,Server,Parallel Fetching,parallel fetch component composition,React/Next.js,Restructure components to parallelize data fetching in RSC,Use component composition for parallel fetches,Sequential fetches in parent component,"<Header /><Sidebar /> // both fetch in parallel","const header = await fetchHeader(); return <><div>{header}</div><Sidebar /></>",Critical
    16: 15,Server,After Non-blocking,after non-blocking logging,React/Next.js,Use Next.js after() to schedule work after response is sent,Use after() for logging/analytics,Block response for non-critical operations,"after(async () => { await logAction() }); return Response.json(data)","await logAction(); return Response.json(data)",Medium
>>> 17: 16,Client,SWR Deduplication,swr dedup cache revalidate,React/Next.js,Use SWR for automatic request deduplication and caching,Use useSWR for client data fetching,Manual fetch in useEffect,"const { data } = useSWR('/api/users', fetcher)","useEffect(() => { fetch('/api/users').then(setUsers) }, [])",Medium-High
    18: 17,Client,Event Listener Dedup,event listener deduplicate global,React/Next.js,Share global event listeners across component instances,Use useSWRSubscription for shared listeners,Register listener per component instance,"useSWRSubscription('global-keydown', () => { window.addEventListener... })","useEffect(() => { window.addEventListener('keydown', handler) }, [])",Low
    19: 18,Rerender,Defer State Reads,state read callback subscription,React/Next.js,Don't subscribe to state only used in callbacks,Read state on-demand in callbacks,Subscribe to state used only in handlers,"const handleClick = () => { const params = new URLSearchParams(location.search) }","const params = useSearchParams(); const handleClick = () => { params.get('ref') }",Medium

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    43: 42,SvelteKit,Use +page.js for data loading,Load data before render,load function in +page.js,onMount for data fetching,export function load() {},onMount(() => fetchData()),High,https://kit.svelte.dev/docs/load
    44: 43,SvelteKit,Use +page.server.js for server-only,Server-side data loading,+page.server.js for sensitive data,+page.js for API keys,+page.server.js with DB access,+page.js with DB access,High,
>>> 45: 44,SvelteKit,Use form actions,Server-side form handling,+page.server.js actions,API routes for forms,export const actions = { default },fetch('/api/submit'),Medium,https://kit.svelte.dev/docs/form-actions
    46: 45,SvelteKit,Use $app/stores for app state,$page $navigating $updated,$page for current page data,Manual URL parsing,import { page } from '$app/stores',window.location.pathname,Medium,https://kit.svelte.dev/docs/modules#$app-stores
    47: 46,Performance,Use {#key} for forced re-render,Reset component state,{#key id} for fresh instance,Manual destroy/create,{#key item.id}<Component/>{/key},on:change={() => component = null},Low,https://svelte.dev/docs/logic-blocks#key

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

>>> 1: {"version":3,"file":"SecurityValidatorWrapper.d.ts","sourceRoot":"","sources":["../../../../src/core/validation/layers/SecurityValidatorWrapper.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,iBAAiB,EAAmB,MAAM,aAAa,CAAC;AAG7G;;;GAGG;AACH,qBAAa,wBAAyB,YAAW,cAAc;IAC3D,OAAO,CAAC,SAAS,CAA0B;;IAMrC,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IA6BzF,OAAO,CAAC,mBAAmB;CAmB9B"}

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    21: 20,Components,Use PascalCase for components,Consistent component naming,PascalCase in imports and templates,kebab-case in script,<MyComponent/>,<my-component/>,Low,https://vuejs.org/style-guide/rules-strongly-recommended.html
    22: 21,Components,Prefer composition over mixins,Composables replace mixins,Composables for shared logic,Mixins for code reuse,const { data } = useApi(),mixins: [apiMixin],Medium,
>>> 23: 22,Composables,Name composables with use prefix,Convention for composable functions,useFetch useAuth useForm,getData or fetchApi,export function useFetch(),export function fetchData(),Medium,https://vuejs.org/guide/reusability/composables.html
    24: 23,Composables,Return refs from composables,Maintain reactivity when destructuring,Return ref values,Return reactive objects that lose reactivity,return { data: ref(null) },return reactive({ data: null }),Medium,
    25: 24,Composables,Accept ref or value params,Use toValue for flexible inputs,toValue() or unref() for params,Only accept ref or only value,const val = toValue(maybeRef),const val = maybeRef.value,Low,https://vuejs.org/api/reactivity-utilities.html#tovalue

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    28: 27,State,Use unique keys for useState,Prevent state conflicts with unique keys,Descriptive unique keys for each state,Generic or duplicate keys,"useState('user-preferences', () => ({}))",useState('data') in multiple places,Medium,https://nuxt.com/docs/api/composables/use-state
    29: 28,State,Use Pinia for complex state,Pinia for advanced state management,@pinia/nuxt for complex apps,Custom state management,useMainStore() with Pinia,Custom reactive store implementation,Medium,https://nuxt.com/docs/getting-started/state-management
>>> 30: 29,State,Use callOnce for one-time async operations,Ensure async operations run only once,callOnce for store initialization,Direct await in component,"await callOnce(store.fetch)",await store.fetch() on every render,Medium,https://nuxt.com/docs/api/utils/call-once
    31: 30,SEO,Use useSeoMeta for SEO tags,Type-safe SEO meta tag management,useSeoMeta for meta tags,useHead for simple meta,"useSeoMeta({ title: 'Home', ogTitle: 'Home', description: '...' })","useHead({ meta: [{ name: 'description', content: '...' }] })",High,https://nuxt.com/docs/api/composables/use-seo-meta
    32: 31,SEO,Use reactive values in useSeoMeta,Dynamic SEO tags with refs or getters,Computed getters for dynamic values,Static values for dynamic content,"useSeoMeta({ title: () => post.value.title })","useSeoMeta({ title: post.value.title })",Medium,https://nuxt.com/docs/api/composables/use-seo-meta

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    14: 13,DataFetching,Use server option to control fetch location,Choose where data is fetched,server: false for client-only data,Server fetch for user-specific client data,"useFetch('/api/user-preferences', { server: false })",useFetch for localStorage-dependent data,Medium,https://nuxt.com/docs/api/composables/use-fetch
    15: 14,DataFetching,Use pick to reduce payload size,Select only needed fields from response,pick option for large responses,Fetching entire objects when few fields needed,"useFetch('/api/user', { pick: ['id', 'name'] })",useFetch('/api/user') then destructure,Low,https://nuxt.com/docs/api/composables/use-fetch
>>> 16: 15,DataFetching,Use transform for data manipulation,Transform data before storing in state,transform option for data shaping,Manual transformation after fetch,"useFetch('/api/posts', { transform: (posts) => posts.map(p => p.title) })",const titles = data.value.map(p => p.title),Low,https://nuxt.com/docs/api/composables/use-fetch
    17: 16,DataFetching,Handle loading and error states,Always handle pending and error states,Check status pending error refs,Ignoring loading states,"<div v-if=""status === 'pending'"">Loading...</div>",No loading indicator,High,https://nuxt.com/docs/getting-started/data-fetching
    18: 17,Lifecycle,Avoid side effects in script setup root,Move side effects to lifecycle hooks,Side effects in onMounted,setInterval in root script setup,"onMounted(() => { interval = setInterval(...) })","<script setup>setInterval(...)</script>",High,https://nuxt.com/docs/guide/concepts/nuxt-lifecycle

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    13: 12,DataFetching,Use lazy option for non-blocking fetch,Defer data fetching for better initial load,lazy: true for below-fold content,Blocking fetch for non-critical data,"useFetch('/api/comments', { lazy: true })",await useFetch('/api/comments') for footer,Medium,https://nuxt.com/docs/api/composables/use-fetch
    14: 13,DataFetching,Use server option to control fetch location,Choose where data is fetched,server: false for client-only data,Server fetch for user-specific client data,"useFetch('/api/user-preferences', { server: false })",useFetch for localStorage-dependent data,Medium,https://nuxt.com/docs/api/composables/use-fetch
>>> 15: 14,DataFetching,Use pick to reduce payload size,Select only needed fields from response,pick option for large responses,Fetching entire objects when few fields needed,"useFetch('/api/user', { pick: ['id', 'name'] })",useFetch('/api/user') then destructure,Low,https://nuxt.com/docs/api/composables/use-fetch
    16: 15,DataFetching,Use transform for data manipulation,Transform data before storing in state,transform option for data shaping,Manual transformation after fetch,"useFetch('/api/posts', { transform: (posts) => posts.map(p => p.title) })",const titles = data.value.map(p => p.title),Low,https://nuxt.com/docs/api/composables/use-fetch
    17: 16,DataFetching,Handle loading and error states,Always handle pending and error states,Check status pending error refs,Ignoring loading states,"<div v-if=""status === 'pending'"">Loading...</div>",No loading indicator,High,https://nuxt.com/docs/getting-started/data-fetching

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    429: 
    430: headers = {'Authorization': f'Bearer {token}'}
>>> 431: response = requests.get('https://api.example.com/v1/users', headers=headers)
    432: users = response.json()
    433: ```

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    12: 11,Rendering,Choose correct rendering strategy,SSG for static SSR for dynamic ISR for semi-static,generateStaticParams for known paths,SSR for static content,export const revalidate = 3600,fetch without cache config,Medium,
    13: 12,DataFetching,Fetch data in Server Components,Fetch directly in async Server Components,async function Page() { const data = await fetch() },useEffect for initial data,const data = await fetch(url),useEffect(() => fetch(url)),High,https://nextjs.org/docs/app/building-your-application/data-fetching
>>> 14: 13,DataFetching,Configure caching explicitly (Next.js 15+),Next.js 15 changed defaults to uncached for fetch,Explicitly set cache: 'force-cache' for static data,Assume default is cached (it's not in Next.js 15),fetch(url { cache: 'force-cache' }),fetch(url) // Uncached in v15,High,https://nextjs.org/docs/app/building-your-application/upgrading/version-15
    15: 14,DataFetching,Deduplicate fetch requests,React and Next.js dedupe same requests,Same fetch call in multiple components,Manual request deduplication,Multiple components fetch same URL,Custom cache layer,Low,
    16: 15,DataFetching,Use Server Actions for mutations,Server Actions for form submissions,action={serverAction} in forms,API route for every mutation,<form action={createPost}>,<form onSubmit={callApiRoute}>,Medium,https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    11: 10,Rendering,Use streaming for better UX,Stream content with Suspense boundaries,Suspense for slow data fetches,Wait for all data before render,<Suspense><SlowComponent/></Suspense>,await allData then render,Medium,https://nextjs.org/docs/app/building-your-application/routing/loading-ui-and-streaming
    12: 11,Rendering,Choose correct rendering strategy,SSG for static SSR for dynamic ISR for semi-static,generateStaticParams for known paths,SSR for static content,export const revalidate = 3600,fetch without cache config,Medium,
>>> 13: 12,DataFetching,Fetch data in Server Components,Fetch directly in async Server Components,async function Page() { const data = await fetch() },useEffect for initial data,const data = await fetch(url),useEffect(() => fetch(url)),High,https://nextjs.org/docs/app/building-your-application/data-fetching
    14: 13,DataFetching,Configure caching explicitly (Next.js 15+),Next.js 15 changed defaults to uncached for fetch,Explicitly set cache: 'force-cache' for static data,Assume default is cached (it's not in Next.js 15),fetch(url { cache: 'force-cache' }),fetch(url) // Uncached in v15,High,https://nextjs.org/docs/app/building-your-application/upgrading/version-15
    15: 14,DataFetching,Deduplicate fetch requests,React and Next.js dedupe same requests,Same fetch call in multiple components,Manual request deduplication,Multiple components fetch same URL,Custom cache layer,Low,

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.3 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.