Home / balderdashy / sails
Repository Analysis

balderdashy/sails

Realtime MVC Framework for Node.js

3.7 Likely human-written View on GitHub
3.7
Adjusted Score
3.7
Raw Score
100%
Time Factor
2026-05-27
Last Push
22,809
Stars
JavaScript
Language
66,145
Lines of Code
672
Files
130
Pattern Hits
2026-05-31
Scan Date

Score History

No multi-scan history yet — run the scanner again to build trend data.

Severity Breakdown

CRITICAL 4HIGH 0MEDIUM 38LOW 88

Pattern Findings

130 matches across 7 categories. Click a row to expand file-level details.

Decorative Section Separators36 hits · 108 pts
SeverityFileLineSnippet
MEDIUMtest/unit/virtual-request-interpreter.test.js27 // ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚═╝╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝
MEDIUMtest/unit/virtual-request-interpreter.test.js106 // ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝╚══════╝╚══════╝╚═╝ ╚═══╝╚═════╝ ╚═╝╚═╝ ╚═════╝
MEDIUMtest/unit/virtual-request-interpreter.test.js113 // ╚═╝ ╚═╝╚══════╝╚══════╝╚═╝ ╚════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═══╝ ╚═╝╚═╝
MEDIUMtest/integration/hook.i18n.test.js19// ╚═╝ ╚═╝ ╚════╝ ╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝
MEDIUMtest/integration/hook.i18n.test.js26// ╚═╝ ╚═════╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚══════╝╚═╝
MEDIUMtest/integration/hook.i18n.test.js149// ╚═╝ ╚═╝ ╚════╝ ╚═╝ ╚═══╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═════╝
MEDIUM…ntegration/hook.pubsub.modelEvents.subscribers.test.js106 // ╚═════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚══════╝
MEDIUM…ntegration/hook.pubsub.modelEvents.subscribers.test.js329 // ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝
MEDIUM…ntegration/hook.pubsub.modelEvents.subscribers.test.js458 // ╚═╝ ╚═╝╚═════╝ ╚═════╝
MEDIUM…ntegration/hook.pubsub.modelEvents.subscribers.test.js592 // ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═══╝ ╚══════╝
MEDIUM…ntegration/hook.pubsub.modelEvents.subscribers.test.js677 // ╚═╝ ╚═╝╚══════╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝╚══════╝
MEDIUM…ntegration/hook.pubsub.modelEvents.subscribers.test.js808 // ╚═════╝ ╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝
MEDIUMtest/integration/hook.blueprints.restful.routes.test.js521 // ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═════╝ ╚═════╝╚═╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝╚══════╝
MEDIUMlib/app/load.js154 // ╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚
MEDIUMlib/app/load.js288 // ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚═╝ ╚═════
MEDIUMlib/app/private/loadHooks.js45 // ╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚═╝ ╚══════╝
MEDIUMlib/app/private/loadHooks.js250 // ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝ ╚═╝ ╚═══╝ ╚═════╝ ╚══════╝╚═╝ ╚═══
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js42 // ╚══════╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js98 // ╚═╝ ╚═╝╚═╝ ╚═══╝╚═════╝ ╚═╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js105 // ╚═╝ ╚═╝╚═╝ ╚═══╝╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚══════╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js250 // ╚═════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚══════╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js290 // ╚═════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js333 // ╚═════╝ ╚══════╝╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js356 // ╚═╝ ╚═╝╚═════╝ ╚═════╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js375 // ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═══╝ ╚══════╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js394 // ╚═╝ ╚═╝╚══════╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝╚══════╝
MEDIUMlib/hooks/blueprints/parse-blueprint-options.js434 // ╚═╝ ╚═════╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝ ╚═╝ ╚══════╝
MEDIUMlib/hooks/security/index.js51 // ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝
MEDIUMlib/hooks/security/index.js58 // ╚═════╝╚══════╝╚═╝ ╚═╝╚═╝
MEDIUMlib/hooks/security/index.js116 // ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝
MEDIUMlib/hooks/security/index.js123 // ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝
MEDIUMlib/hooks/pubsub/index.js185 // ╚═╝ ╚═════╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝
MEDIUMlib/hooks/pubsub/index.js355 // ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝
MEDIUMlib/hooks/views/html-scriptify.js57 // ╚═══╝ ╚═╝ ╚═╝╚══════╝╚═╝╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚══════╝
MEDIUMlib/hooks/views/html-scriptify.js135 // ╚═════╝ ╚═════╝ ╚═╝╚══════╝╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝
MEDIUMlib/hooks/views/html-scriptify.js142 // ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝
Over-Commented Block77 hits · 77 pts
SeverityFileLineSnippet
LOWappveyor.yml1# # # # # # # # # # # # # # # # # # # # # # # # # #
LOWappveyor.yml41# (Not sure what this is for, it's just in Appveyor's example.
LOWtest/init.js1// Initialization script that runs once before any tests.
LOWtest/unit/virtual-request-interpreter.test.js101 // ██████╗ ███████╗███████╗ ███████╗███████╗███╗ ██╗██████╗ ██╗██╗ ██╗
LOWtest/unit/virtual-request-interpreter.test.js121 // return res.send(false); // 215b (sends down the string `false`, content len ==> 5)
LOW…st/helpers/test-spawning-sails-child-process-in-cwd.js41 * Also if it is set AND `httpRequestInstructions` are set, then the HTTP request
LOWtest/helpers/router.js121// var helper = {
LOWtest/helpers/router.js141// // Emit a request event (will be intercepted by the Router)
LOWtest/helpers/router.js161// return function () {
LOWtest/helpers/router.js181// url: '/',
LOWtest/helpers/router.js201// var _enhancedRes = util.defaults(res || {}, {
LOWtest/helpers/router.js221
LOWtest/helpers/router.js241// *
LOWtest/helpers/router.js261// return {
LOWtest/helpers/router.js281// var expectedResponse = { status: 200 };
LOWtest/helpers/router.js301// __it('should have sent the proper response', expect.equal('response', expectedResponse));
LOWbin/sails.js161// FUTURE: ^^ Consider simplifying this into a script.
LOWbin/sails-run.js261 // Maybe as an option at least.
LOWbin/sails-run.js281 // ```
LOWbin/sails-console.js41
LOWbin/sails-console.js141 // Return the new writable stream.
LOWbin/sails-console.js161 preview: false,
LOWdocs/concepts/Security/XSS.md41// },
LOWdocs/concepts/Realtime/Realtime.md101 // are _listening_. In other words, to actually handle the socket message,
LOWdocs/concepts/ORM/Associations/OneWayAssociation.md41}
LOWdocs/concepts/ORM/Associations/OnetoMany.md81 // lastName: 'Bar',
LOWlib/index.js1/**
LOWlib/app/load.js101 controller: ['hooks', function(results, cb) {
LOWlib/app/load.js141
LOWlib/app/load.js281 }
LOWlib/app/lower.js121 // Allow process to exit once this server is closed
LOWlib/app/configuration/rc.js21
LOWlib/app/private/bootstrap.js21module.exports = function runBootstrap(done) {
LOWlib/app/private/loadHooks.js81 // // If so, something is wrong.
LOWlib/app/private/loadHooks.js241 process.nextTick(function(){ cb(); });
LOWlib/app/private/isLocalSailsValid.js81 log.debug(requiredSailsVersion);
LOWlib/hooks/moduleloader/index.js21 // • 'js' (.js)
LOWlib/hooks/moduleloader/index.js61 // Paths for application modules and key files
LOWlib/hooks/moduleloader/index.js121 // Configuration
LOWlib/hooks/moduleloader/index.js421 // Look inside namespaced folders e.g. node_modules/@sailsjs/sails-hook-foo
LOWlib/hooks/blueprints/index.js61 // Blueprint/Shadow-Routes Enabled
LOWlib/hooks/blueprints/actions/create.js81 // e.g.
LOWlib/hooks/blueprints/actions/add.js41
LOWlib/hooks/blueprints/actions/replace.js141 return res.serverError(err);
LOWlib/hooks/blueprints/actions/replace.js161 // blueprint action would have been rolled back along with the transaction
LOWlib/hooks/security/index.js41 },
LOWlib/hooks/http/initialize.js21 // or if it is disabled, then go ahead and proceed
LOWlib/hooks/http/initialize.js201 // (see https://github.com/balderdashy/sails/pull/3599#issuecomment-195665040)
LOWlib/hooks/http/initialize.js321 }
LOWlib/hooks/http/initialize.js341
LOWlib/hooks/http/index.js61 // and `./get-configured-http-middleware-fns.js` in this hook for details.
LOWlib/hooks/http/index.js121 // If no _explicit_ middleware order is specified, make sure the implicit default order
LOWlib/hooks/http/get-configured-http-middleware-fns.js21 * @property {Function} *
LOWlib/hooks/request/params.all.js41 }
LOWlib/hooks/request/params.all.js61 // value: function (){
LOWlib/hooks/request/metadata.js21module.exports = function _mixinServerMetadata(req) {
LOWlib/hooks/views/default-view-rendering-fn.js201
LOWlib/hooks/views/res.view.js261 // Note:
LOWlib/hooks/views/res.view.js381 if (err) {
LOW…s/views/unescape-html-entities-deep-lite.min.string.js1// This module exports the `toString()`-ed, minified version of the function defined below (`unescapeHtmlEntitiesDeepLit
17 more matches not shown…
Hallucination Indicators4 hits · 40 pts
SeverityFileLineSnippet
CRITICALlib/hooks/security/index.js159 sails.config.security.cors.allowOrigins = _.map(sails.config.security.cors.allowOrigins.split(','), function(ori
CRITICALlib/hooks/security/index.js207 sails.config.security.cors.allowOrigins = _.map(sails.config.security.cors.allowOrigins.split(','), function(ori
CRITICALlib/hooks/http/index.js233 if (!_.contains(sails.config.http.middleware.order.concat(['404', '500', 'startRequestTimer']), middlewareName))
CRITICALlib/hooks/http/index.js249 _.each(_.difference(sails.config.http.middleware.order, sails.hooks.http.defaults.http.middleware.order.concat(['4
Hyper-Verbose Identifiers7 hits · 7 pts
SeverityFileLineSnippet
LOW…st/helpers/test-spawning-sails-child-process-in-cwd.js44module.exports = function testSpawningSailsLiftChildProcessInCwd (opts){
LOW…lpers/test-spawning-sails-lift-child-process-in-cwd.js45module.exports = function testSpawningSailsLiftChildProcessInCwd (_opts){
LOWbin/private/read-repl-history-and-start-transcribing.js23module.exports = function readReplHistoryAndBeginTranscribing(repl, file) {
LOWlib/hooks/responses/index.js74 sails.modules.loadResponses(function loadedRuntimeErrorModules(err, responseDefs) {
LOW…s/views/unescape-html-entities-deep-lite.min.string.js9module.exports = 'function unescapeHtmlEntitiesDeepLite(r){if("function"!=typeof Array.isArray||"function"!=typeof Array
LOW…s/views/unescape-html-entities-deep-lite.min.string.js67function unescapeHtmlEntitiesDeepLite(data){
LOWlib/router/index.js395Router.prototype.getActionIdentityForTarget = function getActionIdentityForTarget(target) {
Fake / Example Data4 hits · 4 pts
SeverityFileLineSnippet
LOWtest/integration/middleware.compression.test.js19 var lipsum = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fringilla mollis sapien sed consequat. C
LOWtest/integration/middleware.compression.test.js19 var lipsum = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras fringilla mollis sapien sed consequat. C
LOWdocs/concepts/Configuration/Configuration.md108// Set a custom "email" value to "foo@bar.com":
LOWdocs/concepts/Configuration/Configuration.md109sails lift --custom.email='foo@bar.com'
AI Slop Vocabulary1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMlib/hooks/request/metadata.js40 // But Express only delivers the host devoid of a port, so we have to delve into
Slop Phrases1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMlib/hooks/views/res.view.js434// While unlikely this will change, it's worth noting that this implementation