Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Proceeding to checkout with items:', selectedItems);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
window.location.replace('http://localhost:5000/checkout.html')Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const redirectUrl = `${process.env.NEXTAUTH_URL}/payments`;Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
[t for t in transactions if t.description == "loan"]
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/', (req, res) => {Add authentication middleware to all routes that access or modify data.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
app.listen(4242, () => console.log(`Node server listening at http://localhost:4242`));
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
db.all('SELECT * FROM products', [], (err, rows) => {Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Backslash-based directory traversal patterns targeting Windows file systems.
console.log("Starting migration...\n");Normalize path separators and apply traversal checks for both forward and backslashes.
Direct usage of child_process module methods with variable arguments may allow command injection.
const { execSync } = require("child_process");Use execFile with explicit argument arrays instead of child_process with string commands.
Detected server.tool() being called with a variable instead of a string literal for the tool name. Dynamic tool registration can be used to inject tools at runtime that were not part of the original server definition.
mcpServer.tool(toolName, toolDescription, paramsSchema, callback as any);
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: pnpm/action-setup@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/setup-node@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: pnpm/action-setup@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/setup-node@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/setup-python@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: astral-sh/setup-uv@v2
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: pnpm/action-setup@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/setup-node@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/setup-python@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: astral-sh/setup-uv@v2
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/upload-artifact@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/download-artifact@v4
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/checkout@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: actions/setup-node@v5
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
uses: peter-evans/create-pull-request@v6
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/checkout@v2
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.
- uses: actions/setup-node@v1
Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Proceeding to checkout with items:', selectedItems);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('No demo onboarding account found');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('updating account with, ', update);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('updated account, ', newUser);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Created checkout session!', checkoutSessionResponse);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('in function');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Creating payments with the following parameters:', json);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('creating customer', name, email, description);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('creating');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Created interventionResponse!', interventionResponse);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('updating account with, ', update);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Unhandled event type', event.type);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console logging statements that reference sensitive fields such as password, secret, token, or API keys. Logging sensitive data can expose credentials in log files, monitoring systems, and log aggregation services.
console.log('Fetching client secret for demo onboarding');Remove sensitive data from log statements. If you must reference sensitive fields, redact or mask them before logging.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Fetching client secret for demo onboarding');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(err);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log.info(f"Charges are disabled for account {account.id}")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log.info(f"Charges are disabled for account {account.id}")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log.info(f"Skipping payouts on account {account.id} as they are disabled")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
log.info(f"Charges are disabled for account {account.id}")Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('No demo onboarding account found');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`⚠️ Webhook signature verification failed.`);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('💰 Payment captured!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('❌ Payment failed.');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
app.listen(4242, () => console.log(`Node server listening at http://localhost:4242`));
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`⚠️ Webhook signature verification failed.`);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('💰 Payment captured!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('❌ Payment failed.');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
app.listen(4242, () => console.log(`Node server listening at http://localhost:4242`));
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Node server listening at http://localhost:4242`)
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("✓ Created bookings table");Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`✓ Created Stripe product: ${productId} (${product.id})`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(` ✓ Created price: ${amount} ${currency} (${price.id})`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`\nMigrating ${bookings.length} bookings...`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("Migrating booking:", bookings[i]);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(` ✓ Migrated ${i + 1}/${bookings.length} bookings`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`✓ Migrated all ${bookings.length} bookings`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("Starting migration...\n");Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("✓ Connected to database");Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("\nCreating Stripe products...");Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log("\n✓ Migration completed successfully!");Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Node server listening at http://localhost:4242`)
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Unhandled event type ${event.type}`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Unhandled event type ${event.type}`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console logging statements that reference sensitive fields such as password, secret, token, or API keys. Logging sensitive data can expose credentials in log files, monitoring systems, and log aggregation services.
console.log('\n=== Sample 6: Stream with Max Tokens ===');Remove sensitive data from log statements. If you must reference sensitive fields, redact or mask them before logging.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 1: Basic generateText with Claude ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 2: Stream Text with Claude ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\nFull text:', fullText);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 3: With System Message ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 4: Multi-turn Conversation ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 5: Using Claude Haiku ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 6: Stream with Max Tokens ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Starting Vercel AI SDK + Anthropic + Stripe Metering Examples');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('All examples completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 1: Basic generateText with Gemini ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 2: Stream Text with Gemini ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\nFull text:', fullText);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 3: With System Message ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 4: Multi-turn Conversation ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 5: Longer Response ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 6: Stream with Temperature Control ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('All examples completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console logging statements that reference sensitive fields such as password, secret, token, or API keys. Logging sensitive data can expose credentials in log files, monitoring systems, and log aggregation services.
console.log('\n=== Sample 5: With Max Tokens ===');Remove sensitive data from log statements. If you must reference sensitive fields, redact or mask them before logging.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 1: Basic generateText ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 2: Stream Text ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\nFull text:', fullText);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 3: With System Message ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 4: Multi-turn Conversation ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 5: With Max Tokens ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 6: Using GPT-4 ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n=== Sample 7: Stream with System Message ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Starting Vercel AI SDK + Stripe Metering Examples');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('All examples completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 1: Simple text generation with Claude Sonnet 4 ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result1.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result1.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 2: Streaming with Claude Opus 4 ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 3: Chat conversation with Claude 3.7 Sonnet ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result3.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result3.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 4: Using Claude 3.5 Haiku for quick responses ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result4.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result4.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 5: Complex reasoning with Claude Opus 4.1 ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result5.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result5.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 6: Per-call customer ID override ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result7.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result7.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== All examples completed! ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 1: Simple text generation with Gemini 2.5 Pro ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result1.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result1.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 2: Streaming with Gemini 2.5 Flash ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 3: Chat conversation with Gemini 2.0 Flash ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result3.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result3.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 4: Using Gemini 2.5 Flash Lite for quick responses ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result4.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result4.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 5: Long-form content with Gemini 2.5 Pro ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result5.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result5.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 6: Streaming with custom headers ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== All examples completed! ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 1: Simple text generation with OpenAI GPT-5 ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result1.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result1.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 2: Streaming with GPT-4.1 ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Sending request with prompt: "${streamPrompt}"`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Model: openai/gpt-4.1`);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Customer ID: ${process.env.STRIPE_CUSTOMER_ID}\n`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Stream started, consuming chunks...');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`\n\n(Received ${chunkCount} chunks)`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Final text length:', finalText.length);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 3: Chat conversation with GPT-4.1-mini ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result3.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result3.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== Example 4: Using OpenAI o3 reasoning model ===\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result4.text);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result4.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('=== All examples completed! ===');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.content[0]);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\nFull content:', fullContent);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', JSON.stringify(response.content, null, 2));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.content[0]);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.content[0]);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Starting Anthropic Usage Tracking Examples');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 1: Basic Message');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 2: Streaming Message');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 3: Message with Tools');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 4: Message with System Prompt');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 5: Multi-turn Conversation');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('All examples completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.text());Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usageMetadata);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\nFull text:', fullText);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', (await meteredStream.response).usageMetadata);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usageMetadata);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.text());Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usageMetadata);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', result.response.text());Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', result.response.usageMetadata);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Starting Gemini Usage Tracking Examples');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 1: Basic Text Generation');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 2: Streaming Text Generation');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 3: Function Calling');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 4: System Instructions');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Sample 5: Multi-turn Chat');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('All examples completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.choices[0]?.message?.content);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n\nFull content:', fullContent);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\nUsage in stream:', chunk.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\nTool calls:', Array.from(toolCalls.values()));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', JSON.stringify(response.output, null, 2));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Final output:', JSON.stringify(finalOutput, null, 2));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', finalUsage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Parsed response:', response.output[0]);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Embedding dimensions:', response.data[0]?.embedding.length);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('First 5 values:', response.data[0]?.embedding.slice(0, 5));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Response:', response.choices[0]?.message?.content);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Usage:', response.usage);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('Starting OpenAI Usage Tracking Examples');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('\n' + '='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('All examples completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('='.repeat(80));Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Found ${skills.length} skills`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(`Syncing skill: ${skill.name}`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(` Written: ${outputPath}`);Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('🔨 Building with esbuild...');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('✅ Build completed successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('📦 Output: dxt-dist/index.js');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('✅ DXT extension built successfully!');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log('📦 Output: stripe.dxt');Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(result);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
// const isLoggedIn = false;
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected patterns that disable, silence, or suppress logging or audit trails. Disabling security logging can mask malicious activity and hinder incident investigation.
// const isLoggedIn = false;
Ensure security-related logging is always enabled in production. Never suppress audit trails or security event logs.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(response);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Detected console.log() usage in non-test source code. Console.log is not appropriate for production logging as it lacks log levels, structured output, and proper log management.
console.log(completion.choices[0].message);
Replace console.log with a structured logging library (e.g., winston, pino) that supports log levels and proper log management.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
return_url='http://localhost:5000/return.html?session_id={CHECKOUT_SESSION_ID}',Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
window.replace('http://localhost:4242/checkout.html')Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
"return_url": "http://localhost:4242/session-status?session_id={CHECKOUT_SESSION_ID}"Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
url = f"http://localhost:{port}"Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
window.replace('http://localhost:4242/checkout.html')Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
return_url: 'http://localhost:4242/return.html',
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
window.replace('http://localhost:4242/checkout.html')Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Passing user-controlled variables directly to fetch, axios, or http.get without URL validation enables SSRF attacks.
_, thrid_data = imap_conn.fetch(email.id, "(X-GM-THRID)")
Validate and sanitize all URLs before making HTTP requests. Use an allowlist of permitted domains.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
success_url: 'http://localhost:4242/payment/success',
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
success_url: 'http://localhost:4242/payment/success',
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Requests targeting 127.0.0.1, localhost, or [::1] may access internal services not intended to be exposed.
success_url: 'http://localhost:4242/payment/success',
Block requests to localhost and loopback addresses. Implement URL validation that rejects 127.x.x.x and ::1.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const redirectUrl = `${process.env.NEXTAUTH_URL}/settings`;Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const secret = process.env.STRIPE_WEBHOOK_SECRET;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
process.env.STRIPE_WEBHOOK_SECRET || ''
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY, {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
if (process.env.STRIPE_WEBHOOK_SECRET) {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
process.env.STRIPE_WEBHOOK_SECRET
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const stripe = require('stripe')(process.env.STRIPE_SECRET_KEY, {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
if (process.env.STRIPE_WEBHOOK_SECRET) {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
process.env.STRIPE_WEBHOOK_SECRET
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const stripe = require("stripe")(process.env.STRIPE_SECRET_KEY, {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const stripe = require("stripe")(process.env.STRIPE_SECRET_KEY, {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const stripe = require("stripe")(process.env.STRIPE_SECRET_KEY, {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const STRIPE_API_KEY = process.env.STRIPE_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const STRIPE_API_KEY = process.env.STRIPE_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
process.env.GOOGLE_GENERATIVE_AI_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const STRIPE_API_KEY = process.env.STRIPE_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const OPENAI_API_KEY = process.env.OPENAI_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
if (!process.env.STRIPE_API_KEY) {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
apiKey: process.env.STRIPE_API_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
if (!process.env.STRIPE_API_KEY) {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
apiKey: process.env.STRIPE_API_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
apiKey: process.env.STRIPE_API_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
if (!process.env.STRIPE_API_KEY) {Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
apiKey: process.env.STRIPE_API_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
* apiKey: process.env.STRIPE_API_KEY,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const apiKey = config.apiKey || process.env.STRIPE_API_KEY;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
* apiKey: process.env.STRIPE_API_KEY,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const apiKey = config.apiKey || process.env.STRIPE_API_KEY;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const STRIPE_API_KEY = process.env.STRIPE_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const STRIPE_API_KEY = process.env.STRIPE_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const GOOGLE_GENERATIVE_AI_API_KEY = process.env.GOOGLE_GENERATIVE_AI_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const STRIPE_API_KEY = process.env.STRIPE_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const OPENAI_API_KEY = process.env.OPENAI_API_KEY!;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
const apiKey = options.apiKey || process.env.STRIPE_SECRET_KEY;
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
secretKey: process.env.STRIPE_SECRET_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
secretKey: process.env.STRIPE_SECRET_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Accessing process.env properties like API_KEY, SECRET, TOKEN, or PASSWORD via dot notation may indicate credential harvesting.
secretKey: process.env.STRIPE_SECRET_KEY!,
Avoid accessing sensitive env vars directly. Use a configuration module that validates and restricts access.
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
result = await session.call_tool(name, final_args)
Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected tool responses that attempt to call or invoke other tools (use_tool, call_tool, invoke, execute_tool). A poisoned tool response could trick the LLM into executing additional tools without user consent.
const response = await agentExecutor.invoke({Tool responses should never contain tool invocation patterns. Validate and sanitize all output to ensure it does not include cross-tool call instructions.
Detected runtime reassignment of a tool's description property to a non-literal value. Dynamically modifying tool descriptions can allow an attacker to inject misleading instructions that alter LLM behavior.
this.description = description;
Use only static, hardcoded string literals for tool descriptions. Never assign descriptions from variables, user input, or external data sources.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/config', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/products', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post('/create-payment-intent', async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post('/webhook', async (req, res) => {Add authentication middleware to all routes that access or modify data.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/config', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/products', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/create-payment-intent', async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/webhook', async (req, res) => {Add rate limiting middleware to all public API endpoints.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/create-payment-intent', async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/webhook', async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/config', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/products', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/customer/:email/bookings', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get('/customer/:email/bookings/:product', (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post('/customer/:email/bookings/:product/refund', async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post('/purchase', async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post('/create-payment-intent', async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post('/webhook', async (req, res) => {Add authentication middleware to all routes that access or modify data.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/config', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/products', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/customer/:email/bookings', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/customer/:email/bookings/:product', (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/customer/:email/bookings/:product/refund', async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/purchase', async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/create-payment-intent', async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/webhook', async (req, res) => {Add rate limiting middleware to all public API endpoints.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/customer/:email/bookings/:product/refund', async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/purchase', async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/create-payment-intent', async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/webhook', async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get("/config", (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get("/products", async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post("/purchase", async (req, res) => {Add authentication middleware to all routes that access or modify data.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get("/config", (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get("/products", async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post("/purchase", async (req, res) => {Add rate limiting middleware to all public API endpoints.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post("/purchase", async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get("/products", async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.post("/purchase", async (req, res) => {Add authentication middleware to all routes that access or modify data.
HTTP endpoints defined without authentication middleware may be accessible to unauthorized users.
app.get("/customer/:email/bookings", async (req, res) => {Add authentication middleware to all routes that access or modify data.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get("/products", async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post("/purchase", async (req, res) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get("/customer/:email/bookings", async (req, res) => {Add rate limiting middleware to all public API endpoints.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post("/purchase", async (req, res) => {Implement CSRF protection using tokens or SameSite cookies.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"oauth": {Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: `Bearer ${apiKey}`,Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: `Bearer ${apiKey}`,Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: `Bearer ${options.apiKey}`,Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"Authorization": f"Bearer {self._config['secret_key']}",Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
"@cloudflare/workers-oauth-provider": "^0.0.5",
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/', async (c) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/authorize', async (c) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/payment/success', async (c) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/approve', async (c) => {Add rate limiting middleware to all public API endpoints.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/approve', async (c) => {Implement CSRF protection using tokens or SameSite cookies.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
import {OAuthProvider} from '@cloudflare/workers-oauth-provider';Validate OAuth scopes on every endpoint. Check that the token has required permissions.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
// Export the OAuth handler as the default
Validate OAuth scopes on every endpoint. Check that the token has required permissions.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/', async (c) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/authorize', async (c) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.get('/payment/success', async (c) => {Add rate limiting middleware to all public API endpoints.
API endpoints without rate limiting are vulnerable to brute force and denial of service.
app.post('/approve', async (c) => {Add rate limiting middleware to all public API endpoints.
POST/PUT/DELETE endpoints without CSRF tokens are vulnerable to cross-site request forgery.
app.post('/approve', async (c) => {Implement CSRF protection using tokens or SameSite cookies.
OAuth-protected endpoints that don't validate scopes may allow unauthorized actions.
Authorization: `Bearer ${this.config.secretKey}`,Validate OAuth scopes on every endpoint. Check that the token has required permissions.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
app.listen(4242, () => console.log(`Node server listening at http://localhost:4242`));
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
app.listen(4242, () =>
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
An HTTP server is created without configuring Strict-Transport-Security (HSTS) headers. Without HSTS, browsers may allow downgrade attacks from HTTPS to HTTP.
app.listen(4242, () =>
Add Strict-Transport-Security headers to your server responses. Use a middleware such as helmet to set HSTS automatically.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(404).send({ error: { message: 'Booking not found' } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(404).send({ error: { message: 'Booking not found' } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
res.send({ success: true, message: 'Booking refunded successfully' });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
return res.status(500).send({ error: { message: err.message } });Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await stdioTransport.send(message);
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Sending conversation, prompt, or session data to external storage services may leak sensitive user interactions.
await httpTransport!.send(message);
Do not write session or conversation data to external storage. Keep user interaction data within the authorized session boundary.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
'SELECT * FROM bookings WHERE customer = ? AND product = ?',
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
db.get('SELECT * FROM products WHERE id = ?', [product], async (err, productRow) => {Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
Detected SELECT * or ORM queries without explicit field selection. Returning all columns risks exposing sensitive fields (passwords, tokens, internal IDs) to the client or LLM context.
SELECT * FROM bookings WHERE customer = ?
Always specify the exact columns or fields to return. Use SELECT with explicit column names or ORM select/projection options.
File system operations using variables without prior path validation or sanitization may allow traversal attacks.
await fs.mkdir(path.dirname(outputPath), { recursive: true });Add path sanitization before all fs operations. Validate paths against an allowlist of permitted directories.
File system operations using variables without prior path validation or sanitization may allow traversal attacks.
await fs.writeFile(outputPath, content, "utf8");
Add path sanitization before all fs operations. Validate paths against an allowlist of permitted directories.
Always use static string literals for tool names when calling server.tool(). Avoid registering tools from variables, configuration, or user input.