HeyPuter/puter

Pattern Findings

807 matches across 10 categories. Click a row to expand file-level details.

Decorative Section Separators676 hits · 2001 pts

Severity	File	Line	Snippet
MEDIUM	install.sh	41	# ── Step 1: dependency check ────────────────────────────────────────
MEDIUM	install.sh	49	# ── Step 2: install dir ─────────────────────────────────────────────
MEDIUM	install.sh	67	# ── Step 3: docker-compose.yml + nginx config ──────────────────────
MEDIUM	install.sh	83	# ── Step 4: secrets, .env, config.json ──────────────────────────────
MEDIUM	install.sh	181	# ── Step 5: bring it up ─────────────────────────────────────────────
MEDIUM	docker-compose.yml	167	# ── Optional: local LLM ───────────────────────────────────────────
MEDIUM	src/backend/drivers/driverPolicies.test.ts	62	// ── Non-AI drivers (migrated from hardcoded-permissions) ────────────
MEDIUM	src/backend/drivers/driverPolicies.test.ts	155	// ── Iface coordination cross-check ──────────────────────────────────
MEDIUM	src/backend/drivers/meta.test.ts	32	// ── validateDriverRateLimit ─────────────────────────────────────────
MEDIUM	src/backend/drivers/meta.test.ts	143	// ── resolveDriverMethodRateLimit ────────────────────────────────────
MEDIUM	src/backend/drivers/meta.test.ts	182	// ── @Driver decorator: rateLimit propagation ────────────────────────
MEDIUM	src/backend/drivers/meta.test.ts	271	// ── validateDriverConcurrent ────────────────────────────────────────
MEDIUM	src/backend/drivers/meta.test.ts	340	// ── resolveDriverMethodConcurrent ───────────────────────────────────
MEDIUM	src/backend/drivers/meta.test.ts	371	// ── @Driver — concurrent option ─────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	57	// ── SDK mocks ───────────────────────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	99	// ── Test harness ────────────────────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	177	// ── getReportedCosts ────────────────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	195	// ── Argument validation ─────────────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	239	// ── AWS Textract ────────────────────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	374	// ── Mistral OCR ─────────────────────────────────────────────────────
MEDIUM	src/backend/drivers/ai-ocr/OCRDriver.test.ts	571	// ── Default provider selection ──────────────────────────────────────
MEDIUM	src/backend/drivers/util/fileInput.test.ts	29	// ── Test harness ────────────────────────────────────────────────────
MEDIUM	src/backend/drivers/util/fileInput.test.ts	113	// ── inferFilenameFromUrlOrPath ─────────────────────────────────────
MEDIUM	src/backend/drivers/util/fileInput.test.ts	145	// ── loadFileInput — argument validation ─────────────────────────────
MEDIUM	src/backend/drivers/util/fileInput.test.ts	192	// ── loadFileInput — data URL path ───────────────────────────────────
MEDIUM	src/backend/drivers/util/fileInput.test.ts	272	// ── loadFileInput — FS path ─────────────────────────────────────────
MEDIUM	…ackend/drivers/notification/NotificationDriver.test.ts	28	// ── Test harness ────────────────────────────────────────────────────
MEDIUM	…ackend/drivers/notification/NotificationDriver.test.ts	75	// ── create ──────────────────────────────────────────────────────────
MEDIUM	…ackend/drivers/notification/NotificationDriver.test.ts	136	// ── read ────────────────────────────────────────────────────────────
MEDIUM	…ackend/drivers/notification/NotificationDriver.test.ts	184	// ── select / predicates ─────────────────────────────────────────────
MEDIUM	…ackend/drivers/notification/NotificationDriver.test.ts	274	// ── mark_shown / mark_acknowledged ─────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	57	// ── Test harness ────────────────────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	103	// ── Helpers ─────────────────────────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	127	// ── Model catalog ───────────────────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	180	// ── Auth + model resolution ─────────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	257	// ── Happy path: events + cost emission ──────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	423	// ── Validation event routing ────────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	480	// ── Credit gate + max_tokens cap ────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	584	// ── Normalisation ───────────────────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	638	// ── Fallback / error envelope ───────────────────────────────────────
MEDIUM	…c/backend/drivers/ai-chat/ChatCompletionDriver.test.ts	704	// ── Streaming ───────────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	58	// ── OpenAI SDK mock ─────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	81	// ── imageHandling stub ──────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	91	// ── Test harness ────────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	152	// ── Construction ────────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	165	// ── Model catalog ───────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	192	// ── Request shape ───────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	334	// ── Image inlining for vision models ────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	392	// ── Model resolution ────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	466	// ── Non-stream completion ───────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	596	// ── Streaming deltas ────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	727	// ── Error mapping ───────────────────────────────────────────────────
MEDIUM	…rs/ai-chat/providers/moonshot/MoonshotProvider.test.ts	750	// ── Moderation ──────────────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	57	// ── Together SDK mock ───────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	78	// ── Test harness ────────────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	173	// ── Construction ────────────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	183	// ── Model catalog ──────────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	221	// ── Request shape ──────────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	344	// ── Model resolution ────────────────────────────────────────────────
MEDIUM	…/ai-chat/providers/together/TogetherAIProvider.test.ts	399	// ── Non-stream completion ───────────────────────────────────────────
616 more matches not shown…

Over-Commented Block64 hits · 64 pts

Severity	File	Line	Snippet
LOW	install.sh	1	#!/usr/bin/env sh
LOW	docker-compose.yml	1	---
LOW	docker-compose.yml	21	# grabs this file, generates secrets, writes .env + config.json, and runs
LOW	docker-compose.yml	161	else
LOW	src/puter-js/src/index.js	841	// the existing `puter.token` postMessage delivers the
LOW	src/puter-js/src/lib/path.js	1	// import {cwd} from './env.js'
LOW	src/puter-js/src/lib/utils.js	441	xhr._puterDriverRequestInfo = requestInfo;
LOW	src/puter-js/src/modules/AI.js	221	// language: "en-US"
LOW	src/puter-js/src/modules/UI.js	161	#parentAppConnection = null;
LOW	src/puter-js/src/modules/Drivers.js	241	// For example:
LOW	src/backend/index.ts	21	import path from 'node:path';
LOW	src/backend/server.ts	221
LOW	src/backend/server.ts	681	createErrorHandler({
LOW	src/backend/server.ts	821
LOW	src/backend/drivers/util/aiLimits.ts	21	DEFAULT_FREE_SUBSCRIPTION,
LOW	src/backend/drivers/subdomain/SubdomainDriver.ts	501	}
LOW	src/backend/drivers/apps/AppDriver.js	501	if (object.icon !== undefined) {
LOW	src/backend/drivers/apps/AppDriver.js	781	uuid: actor.user.uuid,
LOW	src/backend/drivers/apps/AppDriver.js	841	}
LOW	src/backend/core/http/middleware/privateAppGate.test.ts	761	expectedAppUid: `app-target-${uuidv4()}`,
LOW	src/backend/core/http/middleware/puterSite.test.ts	21	import type { Request, Response } from 'express';
LOW	src/backend/core/http/middleware/authProbe.ts	161
LOW	src/backend/util/appIcon.ts	21	// than the `puter-app-icons` subdomain directly. Some apps (especially those
LOW	src/backend/util/nativeImport.ts	21	// analysis, but the resulting function inherits a vm context with no
LOW	src/backend/stores/app/AppStore.js	41	// Old-name redirect window. After this many months an entry in
LOW	src/backend/stores/app/AppStore.js	81	// - identity: `id`, `uid`
LOW	src/backend/stores/subdomain/SubdomainStore.js	21	import { PuterStore } from '../types';
LOW	src/backend/stores/session/SessionStore.js	21	import { PuterStore } from '../types';
LOW	src/backend/stores/session/SessionStore.js	41	const TOUCH_THROTTLE_MAX_ENTRIES = 10000;
LOW	src/backend/controllers/auth/AuthController.ts	481	//
LOW	src/backend/controllers/oidc/OIDCController.test.ts	41	// Boots one real PuterServer with a custom OIDC provider configured,
LOW	src/backend/controllers/apps/AppController.js	81	{ legacyCode: 'bad_request' },
LOW	src/backend/controllers/share/ShareController.ts	41	// router.post(
LOW	src/backend/controllers/share/ShareController.ts	61	// }
LOW	src/backend/controllers/share/ShareController.ts	81	// };
LOW	src/backend/controllers/share/ShareController.ts	101	// // Email must be confirmed
LOW	src/backend/controllers/share/ShareController.ts	121	// );
LOW	src/backend/controllers/share/ShareController.ts	141	// };
LOW	src/backend/controllers/share/ShareController.ts	161	// // -- POST /sharelink/request -------------------------------------
LOW	src/backend/controllers/share/ShareController.ts	181	// actor.user.email_confirmed &&
LOW	src/backend/controllers/share/ShareController.ts	201	// (share.data as Record<string, unknown>)?.permissions ??
LOW	src/backend/controllers/share/ShareController.ts	221
LOW	src/backend/controllers/share/ShareController.ts	241	// }
LOW	src/backend/controllers/share/ShareController.ts	261	// );
LOW	src/backend/controllers/share/ShareController.ts	281	// permissions: permissions.map(
LOW	src/backend/controllers/share/ShareController.ts	301	// metadata: body.metadata ?? {},
LOW	src/backend/controllers/share/ShareController.ts	321	// html: `<p>${actor.user.username} shared items with you.</p><p><a href="${origin}?shar
LOW	src/backend/controllers/share/ShareController.ts	341
LOW	src/backend/controllers/share/ShareController.ts	361	// * Convert share declarations into a flat permission list.
LOW	src/backend/controllers/share/ShareController.ts	381	// }
LOW	src/backend/services/auth/TokenService.ts	21	import { PuterService } from '../types';
LOW	src/backend/services/auth/AuthService.ts	1081	// -- Private / public hosted asset cookies -----------------------
LOW	src/backend/services/socket/SocketService.ts	81	*/
LOW	src/docs/build.js	381	html += '<script>hljs.highlightAll();</script>';
LOW	src/docs/src/sidebar.js	641	// title: '<svg style="margin-right: 5px; margin-bottom: -3px;" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="
LOW	src/docs/src/sidebar.js	661	// source: '/Perms/grantApp.md',
LOW	src/docs/src/sidebar.js	681	// icon:'/assets/img/function.svg',
LOW	src/docs/src/sidebar.js	701	// page_title: '<code>puter.perms.revokeAppAnyUser()</code>',
LOW	src/gui/src/initgui.js	1141
LOW	src/gui/src/init_sync.js	61	})();
4 more matches not shown…

Verbosity Indicators18 hits · 33 pts

Severity	File	Line	Snippet
LOW	src/dev-center/js/websites.js	57	// Step 1: Show directory picker
LOW	src/dev-center/js/websites.js	67	// Step 2: Ask for website name
LOW	src/dev-center/js/websites.js	71	// Step 3: Create website with selected directory
LOW	src/dev-center/js/websites.js	447	// Step 1: Show directory picker
LOW	src/dev-center/js/websites.js	454	// Step 2: Confirm the change since it will replace the current website
LOW	src/dev-center/js/websites.js	474	// Step 3: Show loading spinner
LOW	src/dev-center/js/websites.js	478	// Step 4: Delete the existing website
LOW	src/dev-center/js/websites.js	481	// Step 5: Create a new website with the same name but new directory
LOW	src/dev-center/js/websites.js	484	// Step 6: Refresh the websites list to show the updated directory
LOW	src/dev-center/js/websites.js	487	// Step 7: Show success message
LOW	src/dev-center/js/workers.js	75	// Step 1: Show file picker limited to .js files
LOW	src/dev-center/js/workers.js	87	// Step 2: Ask for worker name
LOW	src/dev-center/js/workers.js	91	// Step 3: Create worker with selected file
LOW	src/puter-js/test/ai.test.js	103	// For streaming, we need to check if it's an async iterator or has a different structure
LOW	src/docs/src/playground/examples/ai-image-edit.html	8	// Step 1: Generate initial image
LOW	src/docs/src/playground/examples/ai-image-edit.html	23	// Step 2: Edit the image in a follow-up turn
LOW	src/gui/src/index.js	58	// window.disable_temp_users might be set somewhere else, so we need to check if it is already set and if not, use t
LOW	src/gui/src/lib/jquery-ui-1.13.2/jquery-ui.js	17258	// IE sets focus asynchronously, so we need to check if focus

Hyper-Verbose Identifiers32 hits · 32 pts

Severity	File	Line	Snippet
LOW	extensions/thumbnails.ts	75	async function decodeAndValidateThumbnail(
LOW	src/dev-center/js/apps.js	2692	function getDefaultPreviewImagesState () {
LOW	src/dev-center/js/apps.js	2700	function createPreviewThumbElement (item) {
LOW	src/puter-js/test/index.html	1131	function updateMasterCheckboxState() {
LOW	src/puter-js/src/lib/socket.io/socket.io.js	469	function createPacketEncoderStream() {
LOW	src/puter-js/src/lib/socket.io/socket.io.js	524	function createPacketDecoderStream(maxPayload, binaryType) {
LOW	src/puter-js/src/modules/EmailConfirmationDialog.js	257	export function showEmailConfirmationDialog (message) {
LOW	src/backend/drivers/meta.ts	189	export function resolveDriverMethodRateLimit(
LOW	src/backend/drivers/meta.ts	291	export function resolveDriverMethodConcurrent(
LOW	src/backend/drivers/util/fileInput.ts	270	export function inferFilenameFromUrlOrPath(
LOW	src/backend/drivers/subdomain/SubdomainDriver.ts	810	function mapEntryToSubdomainRootDir(entry: FSEntry): Record<string, unknown> {
LOW	src/backend/core/http/middleware/rateLimit.js	328	export function listConfiguredRateLimitBackends() {
LOW	src/backend/core/http/middleware/privateAppGate.ts	189	export async function resolveOwnedAppForHostedSite(opts: {
LOW	src/backend/core/http/middleware/privateAppGate.ts	474	export async function resolvePublicHostedIdentity(opts: {
LOW	src/backend/util/privateLaunchAccess.ts	106	export async function resolvePrivateLaunchAccess({
LOW	src/backend/stores/fs/pendingUploadSessionHelpers.ts	30	export function toPendingUploadSessionKey(sessionId: string): string {
LOW	src/backend/stores/fs/pendingUploadSessionHelpers.ts	34	export function toPendingUploadSessionExpiresAtSeconds(
LOW	src/backend/stores/fs/pendingUploadSessionHelpers.ts	95	export function normalizePendingUploadSession(
LOW	src/backend/stores/fs/pendingUploadSessionHelpers.ts	133	export function withPendingUploadSessionStatus(
LOW	src/backend/controllers/fs/legacyFsHelpers.ts	278	function mapAppForLegacyAssociatedApp(
LOW	src/backend/controllers/fs/legacyFsHelpers.ts	470	export function signingConfigFromAppConfig(config: IConfig): SigningConfig {
LOW	src/docs/build.js	114	function createDirectoryRecursively (directoryPath) {
LOW	src/docs/build.js	121	function removeDirectoryRecursively (directoryPath) {
LOW	src/docs/build.js	165	function generateSearchTriggerHTML () {
LOW	src/docs/build.js	194	function generateTableOfContentsHTML (htmlContent, title) {
LOW	src/docs/build.js	248	function generatePlatformCompatibilityHTML (frontMatter) {
LOW	src/docs/build.js	701	function getDescriptionFromMarkdown (sourcePath) {
LOW	src/gui/src/UI/UIWindowRequestPermission.js	22	async function UIWindowRequestPermission (options) {
LOW	src/gui/src/UI/UIWindowEmailConfirmationRequired.js	23	function UIWindowEmailConfirmationRequired (options) {
LOW	src/gui/src/UI/UIWindowDesktopBGSettings.js	22	async function UIWindowDesktopBGSettings (options) {
LOW	src/gui/src/UI/Settings/UIWindowConfirmUserDeletion.js	23	async function UIWindowConfirmUserDeletion (options) {
LOW	src/gui/src/UI/Settings/UIWindowFinalizeUserDeletion.js	23	async function UIWindowFinalizeUserDeletion (options) {

Hallucination Indicators3 hits · 30 pts

Severity	File	Line	Snippet
CRITICAL	src/dev-center/js/libs/jquery-3.6.0.min.js	2	!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):f
CRITICAL	src/gui/src/lib/jquery-3.6.1/jquery-3.6.1.min.js	2	!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):f
CRITICAL	src/gui/src/lib/jquery-ui-1.13.2/jquery-ui.min.js	6	!function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],t):t(jQuery)}(function(V){"use strict"

Synthetic Comment Markers2 hits · 15 pts

Severity	File	Line	Snippet
HIGH	src/backend/controllers/puterai/PuterAIController.ts	114	// Reverse-proxies AI-generated video URLs that can't be given
HIGH	src/gui/src/lib/jquery-ui-1.13.2/jquery-ui.js	8706	// Format a name, short or long as requested

Excessive Try-Catch Wrapping5 hits · 10 pts

Severity	File	Line	Snippet
MEDIUM	src/docs/src/FS.md	88	puter.print('Error creating directory:', error);
MEDIUM	…/docs/src/playground/examples/fs-write-from-input.html	11	puter.print('Error writing file:', error);
MEDIUM	src/docs/src/playground/examples/fs-mkdir.html	10	puter.print('Error creating directory:', error);
MEDIUM	src/docs/src/FS/mkdir.md	51	puter.print('Error creating directory:', error);
MEDIUM	src/docs/src/FS/write.md	76	puter.print('Error writing file:', error);

Cross-Language Confusion (JS/TS)1 hit · 5 pts

Severity	File	Line	Snippet
HIGH	src/puter-js/types/puter.d.ts	83	print(text: string, options?: { code?: boolean; escapeHTML?: boolean }): void;

Fake / Example Data5 hits · 5 pts

Severity	File	Line	Snippet
LOW	src/backend/drivers/kv/KVStoreDriver.test.ts	37	email: 'test@test.com',
LOW	src/backend/drivers/workers/WorkerDriver.test.ts	37	email: 'test@test.com',
LOW	src/docs/src/UI/prompt.md	34	puter.ui.prompt('Please enter your name:', 'John Doe').then((resp) => {
LOW	src/docs/src/playground/examples/ui-prompt.html	5	puter.ui.prompt('Please enter your name:', 'John Doe').then((resp) => {
LOW	src/docs/src/playground/examples/workers-exec.html	187	profile: { name: 'John Doe', email: 'john@example.com' },

Example Usage Blocks1 hit · 2 pts

Severity	File	Line	Snippet
LOW	install.sh	4	# Usage:

Score History

Severity Breakdown

Pattern Findings