Home / dani-garcia / vaultwarden
Repository Analysis

dani-garcia/vaultwarden

Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs

0.7 Likely human-written View on GitHub
0.7
Adjusted Score
0.7
Raw Score
100%
Time Factor
2026-05-17
Last Push
61,552
Stars
Rust
Language
85,892
Lines of Code
133
Files
45
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 1HIGH 0MEDIUM 1LOW 43

Pattern Findings

45 matches across 6 categories. Click a row to expand file-level details.

Over-Commented Block33 hits · 33 pts
SeverityFileLineSnippet
LOWdocker/healthcheck.sh21 key="$1"
LOWplaywright/compose/keycloak/setup.sh41# export PATH=$PATH:/opt/keycloak/bin
LOW.github/workflows/release.yml21 shell: bash
LOWsrc/util.rs81 // This is the same behavior as upstream Bitwarden.
LOWsrc/config.rs481 let inner = &self.inner.read().unwrap();
LOWsrc/config.rs541 /// Set to 0 to globally disable scheduled jobs.
LOWsrc/config.rs561 /// Auth Request cleanup schedule |> Cron schedule of the job that cleans old auth requests from the auth reques
LOWsrc/config.rs601 /// If unset, trashed items are not auto-deleted. This setting applies globally, so make
LOWsrc/config.rs621 signups_verify: bool, true, def, false;
LOWsrc/config.rs661
LOWsrc/config.rs681 /// The supported codes are 301 (legacy permanent), 302 (legacy temporary), 307 (temporary), and 308 (permanent)
LOWsrc/auth.rs181 // Subject
LOWsrc/auth.rs221 scope: Vec<String>,
LOWsrc/main.rs1#![cfg_attr(feature = "unstable", feature(ip))]
LOWsrc/static/scripts/jquery-4.0.0.slim.js1241 // descendant combinators, which is not what we want.
LOWsrc/static/scripts/jquery-4.0.0.slim.js2981 // Always use camelCase key (gh-2257)
LOWsrc/static/scripts/jquery-4.0.0.slim.js4201 jQuery.event.add( el, type, {
LOWsrc/static/scripts/jquery-4.0.0.slim.js5401 // The regex visualized:
LOWsrc/static/scripts/jquery-4.0.0.slim.js5481function curCSS( elem, name, computed ) {
LOWsrc/static/scripts/jquery-4.0.0.slim.js5501 // disconnected elements. However, in IE even disconnected elements
LOWsrc/static/scripts/jquery-4.0.0.slim.js5661 return;
LOWsrc/static/scripts/jquery-4.0.0.slim.js6721jQuery.expr[ ":" ] = jQuery.expr.filters = jQuery.expr.pseudos;
LOWsrc/static/scripts/datatables.js1121
LOWsrc/static/scripts/datatables.js7421
LOWsrc/db/models/event.rs121 // OrganizationSponsorshipsSynced = 1608, // Not supported
LOWsrc/db/models/user.rs181 /// Set the password hash generated
LOWsrc/db/models/cipher.rs641 // This cipher isn't in any collections accessible to the user.
LOWsrc/db/models/org_policy.rs41 // MaximumVaultTimeout = 9, // Not supported (Not AGPLv3 Licensed)
LOWsrc/api/icons.rs301}
LOWsrc/api/icons.rs421/// * `sizes` - The size of the icon if available as a <width>x<height> value like 32x32.
LOWsrc/api/icons.rs461}
LOWsrc/api/identity.rs1101 // Needed for grant_type = "password" | "client_credentials"
LOWsrc/api/identity.rs1121 #[field(name = uncased("device_type"))]
Hallucination Indicators1 hit · 15 pts
SeverityFileLineSnippet
CRITICALsrc/static/scripts/datatables.js837 * $.fn.dataTable.ext.type.detect.push(
Redundant / Tautological Comments4 hits · 6 pts
SeverityFileLineSnippet
LOWdocker/podman-bake.sh11# Check if a target is given as first argument
LOWdocker/podman-bake.sh39# Check if and which --build-arg arguments we need to configure
LOWdocker/healthcheck.sh11# Check if the $ENV_FILE file exist and is readable
LOW.github/workflows/release.yml161 # Check if there is a GitHub Container Registry Login and use it for caching
Hyper-Verbose Identifiers5 hits · 5 pts
SeverityFileLineSnippet
LOWsrc/static/scripts/bootstrap.bundle.js353 function bootstrapDelegationHandler(element, selector, fn) {
LOWsrc/static/scripts/bootstrap.bundle.js2386 function getOppositeVariationPlacement(placement) {
LOWsrc/static/scripts/bootstrap.bundle.js2521 function getInnerBoundingClientRect(element, strategy) {
LOWsrc/static/scripts/bootstrap.bundle.js2534 function getClientRectFromMixedType(element, clippingParent, strategy) {
LOWsrc/static/scripts/bootstrap.bundle.js2737 function getExpandedFallbackPlacements(placement) {
AI Slop Vocabulary1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMsrc/static/scripts/jquery-4.0.0.slim.js6725// understands anonymous AMD modules. A named AMD is safest and most robust
Overly Generic Function Names1 hit · 1 pts
SeverityFileLineSnippet
LOWsrc/static/scripts/jquery-4.0.0.slim.js3085function getData( data ) {