Home / fosrl / pangolin
Repository Analysis

fosrl/pangolin

Identity-aware VPN and tunneled reverse proxy for remote access based on WireGuard®.

1.1 Likely human-written View on GitHub
1.1
Adjusted Score
1.1
Raw Score
100%
Time Factor
2026-05-30
Last Push
20,938
Stars
TypeScript
Language
300,535
Lines of Code
1370
Files
268
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 29LOW 239

Pattern Findings

268 matches across 9 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers188 hits · 189 pts
SeverityFileLineSnippet
LOWlicense_header_checker.py23def extract_leading_block_comment(content):
LOWserver/integrationApiServer.ts25export function createIntegrationApiServer() {
LOWserver/routers/idp/validateOidcCallback.ts762function normalizeRoleMappingResult(result: unknown): string[] {
LOWserver/routers/auth/changePassword.ts34async function invalidateAllSessionsExceptCurrent(
LOWserver/routers/auth/requestEmailVerificationCode.ts15export async function requestEmailVerificationCode(
LOWserver/routers/olm/fingerprintingUtils.ts40export async function handleFingerprintInsertion(
LOWserver/routers/olm/fingerprintingUtils.ts218export async function cleanUpOldFingerprintSnapshots(retentionDays: number) {
LOWserver/routers/olm/buildConfiguration.ts23export async function buildSiteConfigurationForOlmClient(
LOWserver/routers/olm/recoverOlmWithFingerprint.ts25export async function recoverOlmWithFingerprint(
LOWserver/routers/user/adminGeneratePasswordResetCode.ts32export async function adminGeneratePasswordResetCode(
LOW…ver/routers/siteResource/removeRoleFromSiteResource.ts47export async function removeRoleFromSiteResource(
LOW…rver/routers/siteResource/listAllSiteResourcesByOrg.ts203export async function listAllSiteResourcesByOrg(
LOW…ver/routers/siteResource/removeUserFromSiteResource.ts47export async function removeUserFromSiteResource(
LOW…/routers/siteResource/batchAddClientToSiteResources.ts52export async function batchAddClientToSiteResources(
LOWserver/routers/siteResource/updateSiteResource.ts734export async function handleMessagingForUpdatedSiteResource(
LOW…r/routers/siteResource/removeClientFromSiteResource.ts47export async function removeClientFromSiteResource(
LOWserver/routers/auditLogs/queryRequestAuditLog.ts157async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryRequest>>) {
LOWserver/routers/auditLogs/queryRequestAuditLog.ts247async function queryUniqueFilterAttributes(
LOWserver/routers/newt/buildConfiguration.ts25export async function buildClientConfigurationForNewtClient(
LOWserver/routers/newt/buildConfiguration.ts193export async function buildTargetConfigurationForNewtClient(
LOWserver/routers/newt/targets.ts183export async function removeStandaloneHealthCheck(
LOW…r/routers/resource/removeEmailFromResourceWhitelist.ts46export async function removeEmailFromResourceWhitelist(
LOWserver/routers/resource/addEmailToResourceWhitelist.ts46export async function addEmailToResourceWhitelist(
LOWserver/routers/resource/listUserResourceAliases.ts23function userResourceAliasesCacheKey(
LOW…/routers/client/rebuildClientAssociationsCacheRoute.ts30export async function rebuildClientAssociationsCacheRoute(
LOWserver/routers/client/targets.ts16export async function convertTargetsIfNessicary(
LOWserver/routers/client/getClient.ts73function maskPostureDataWithPlaceholder(posture: PostureData): PostureData {
LOWserver/routers/client/verifyClientAssociationsCache.ts30export async function verifyClientAssociationsCache(
LOWserver/routers/gerbil/updateHolePunch.ts125export async function updateAndGenerateEndpointDestinations(
LOWserver/routers/gerbil/updateHolePunch.ts442async function handleClientEndpointChange(
LOWserver/routers/badger/verifySession.ts750function extractResourceSessionToken(
LOWserver/routers/badger/verifySession.ts899async function isUserAllowedToAccessResource(
LOWserver/routers/badger/verifySession.ts1210function isLocalOrCarrierGradeNatIp(ip: string): boolean {
LOWserver/auth/canUserAccessSiteResource.ts5export async function canUserAccessSiteResource({
LOWserver/auth/verifyResourceAccessToken.ts14export async function verifyResourceAccessToken({
LOWserver/auth/sendEmailVerificationCode.ts10export async function sendEmailVerificationCode(
LOWserver/auth/sendEmailVerificationCode.ts30async function generateEmailVerificationCode(
LOWserver/auth/actions.ts158export async function checkUserActionPermission(
LOWserver/auth/sessions/app.ts151export function createBlankSessionTokenCookie(isSecure: boolean): string {
LOWserver/auth/sessions/app.ts170export function generateIdFromEntropySize(size: number): string {
LOWserver/auth/sessions/resource.ts62export async function validateResourceSessionToken(
LOWserver/auth/sessions/resource.ts114export async function invalidateResourceSession(
LOWserver/auth/sessions/resource.ts169export function serializeResourceSessionCookie(
LOWserver/auth/sessions/resource.ts190export function createBlankResourceSessionTokenCookie(
LOWserver/auth/sessions/newt.ts62export async function invalidateAllNewtSessions(newtId: string): Promise<void> {
LOWserver/setup/scriptsSqlite/1.3.0.ts200function generateIdFromEntropySize(size: number): string {
LOWserver/middlewares/verifyUserCanSetUserOrgRoles.ts10export function verifyUserCanSetUserOrgRoles() {
LOWserver/middlewares/verifySiteProvisioningKeyAccess.ts15export async function verifySiteProvisioningKeyAccess(
LOW…dlewares/integration/verifyApiKeySetResourceClients.ts8export async function verifyApiKeySetResourceClients(
LOW…/middlewares/integration/verifyApiKeyResourceAccess.ts8export async function verifyApiKeyResourceAccess(
LOW…ver/middlewares/integration/verifyAccessTokenAccess.ts9export async function verifyApiKeyAccessTokenAccess(
LOW…dlewares/integration/verifyApiKeySiteResourceAccess.ts9export async function verifyApiKeySiteResourceAccess(
LOW…iddlewares/integration/verifyApiKeySetResourceUsers.ts8export async function verifyApiKeySetResourceUsers(
LOW…dlewares/integration/verifyApiKeyCanSetUserOrgRoles.ts26export function verifyApiKeyCanSetUserOrgRoles() {
LOW…/private/routers/remoteExitNode/listRemoteExitNodes.ts30async function getLatestPangolinNodeVersion(): Promise<string | null> {
LOW…e/routers/remoteExitNode/pickRemoteExitNodeDefaults.ts28export async function pickRemoteExitNodeDefaults(
LOWserver/private/routers/healthChecks/getStatusHistory.ts31export async function getHealthCheckStatusHistory(
LOW…/routers/siteProvisioning/updateSiteProvisioningKey.ts72export async function updateSiteProvisioningKey(
LOW…/routers/siteProvisioning/createSiteProvisioningKey.ts60export async function createSiteProvisioningKey(
LOW…/routers/siteProvisioning/deleteSiteProvisioningKey.ts33export async function deleteSiteProvisioningKey(
128 more matches not shown…
Decorative Section Separators25 hits · 75 pts
SeverityFileLineSnippet
MEDIUMserver/routers/newt/pingAccumulator.ts28// ── Site (newt) pings ──────────────────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts32// ── Client (OLM) pings ────────────────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts48// ── Public API ─────────────────────────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts80// ── Flush Logic ────────────────────────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts198 // ── Flush client pings ─────────────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts235 // ── Flush OLM archive resets ───────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts271// ── Retry / Error Helpers ──────────────────────────────────────────────
MEDIUMserver/routers/newt/pingAccumulator.ts352// ── Lifecycle ──────────────────────────────────────────────────────────
MEDIUMserver/lib/traefik/pathEncoding.test.ts23// ── Helpers ──────────────────────────────────────────────────────────
MEDIUMserver/lib/traefik/pathEncoding.test.ts65// ── Tests ────────────────────────────────────────────────────────────
MEDIUMserver/lib/traefik/pathEncoding.test.ts72 // ── encodePath unit tests ────────────────────────────────────────
MEDIUMserver/lib/traefik/pathEncoding.test.ts187 // ── Collision fix: the actual bug we're fixing ───────────────────
MEDIUMserver/lib/traefik/pathEncoding.test.ts253 // ── Edge cases ───────────────────────────────────────────────────
MEDIUMsrc/app/[orgId]/settings/logs/streaming/page.tsx59// ── Re-export Destination so the rest of the file can use it ──────────────────
MEDIUMsrc/app/[orgId]/settings/logs/streaming/page.tsx70// ── Destination card ───────────────────────────────────────────────────────────
MEDIUMsrc/app/[orgId]/settings/logs/streaming/page.tsx227// ── Add destination card ───────────────────────────────────────────────────────
MEDIUMsrc/app/[orgId]/settings/logs/streaming/page.tsx250// ── Destination type picker ────────────────────────────────────────────────────
MEDIUMsrc/app/[orgId]/settings/logs/streaming/page.tsx354// ── Main page ──────────────────────────────────────────────────────────────────
MEDIUMsrc/components/HttpDestinationCredenza.tsx30// ── Types ──────────────────────────────────────────────────────────────────────
MEDIUMsrc/components/HttpDestinationCredenza.tsx66// ── Helpers ────────────────────────────────────────────────────────────────────
MEDIUMsrc/components/HttpDestinationCredenza.tsx90// ── Headers editor ─────────────────────────────────────────────────────────────
MEDIUMsrc/components/HttpDestinationCredenza.tsx157// ── Component ──────────────────────────────────────────────────────────────────
MEDIUMsrc/components/S3DestinationCredenza.tsx29// ── Types ──────────────────────────────────────────────────────────────────────
MEDIUMsrc/components/S3DestinationCredenza.tsx45// ── Helpers ────────────────────────────────────────────────────────────────────
MEDIUMsrc/components/S3DestinationCredenza.tsx67// ── Component ──────────────────────────────────────────────────────────────────
Over-Commented Block47 hits · 47 pts
SeverityFileLineSnippet
LOWserver/routers/external.ts641authenticated.post(
LOWserver/routers/external.ts781);
LOWserver/routers/external.ts801// role.addRoleAction
LOWserver/routers/external.ts881
LOWserver/routers/external.ts901// role.addRoleAction
LOWserver/routers/role/removeRoleSite.ts61 if (deletedRoleSite.length === 0) {
LOWserver/routers/auth/login.ts161 // // Check if user has security keys registered
LOWserver/routers/user/removeUserSite.ts61 if (deletedUserSite.length === 0) {
LOWserver/routers/user/addUserSite.ts41 })
LOWserver/routers/auditLogs/queryRequestAuditLog.ts301 })
LOWserver/routers/newt/buildConfiguration.ts61 );
LOWserver/routers/newt/buildConfiguration.ts81 // eq(siteResources.siteId, site.siteId),
LOWserver/routers/newt/buildConfiguration.ts101 // allSiteResources.map(
LOWserver/routers/site/updateSite.ts21 niceId: z.string().min(1).max(255).optional(),
LOWserver/routers/resource/listUserResourceAliases.ts61});
LOWserver/routers/client/listClients.ts361 // const latestOlmVersionPromise = getLatestOlmVersion();
LOWserver/routers/client/listClients.ts381 // latestOlVersion
LOWserver/routers/client/listUserDevices.ts401 };
LOWserver/routers/client/listUserDevices.ts421 // client.olmUpdateAvailable = false;
LOWserver/routers/ws/checkRoundTripMessage.ts21// registry.registerPath({
LOWserver/private/routers/org/sendUsageNotifications.ts61// "application/json": {
LOWserver/private/routers/ssh/signSshKey.ts81// registry.registerPath({
LOW…ate/routers/domain/checkDomainNamespaceAvailability.ts61 );
LOWserver/private/routers/domain/listDomainNamespaces.ts101 fromError(parsedParams.error).toString()
LOWserver/private/middlewares/verifyRemoteExitNode.ts41 // .from(users)
LOWserver/private/lib/exitNodes/exitNodes.ts201 return [];
LOWserver/private/lib/exitNodes/exitNodes.ts221 // }
LOWserver/lib/ip.test.ts41 {
LOWserver/lib/ip.test.ts101// start: BigInt("3232235520"),
LOWserver/lib/ip.test.ts121// );
LOWserver/lib/blueprints/parseDotNotation.ts81// "resources.resource-nice-id.name": "this is my resource",
LOWserver/lib/blueprints/parseDotNotation.ts101// "resources.resource-nice-id2.protocol": "tcp",
LOWserver/lib/blueprints/parseDockerContainers.ts221 }
LOWserver/lib/blueprints/parseDockerContainers.ts241// ip: "0.0.0.0"
LOWserver/lib/blueprints/parseDockerContainers.ts261// name: "nginx2",
LOWserver/lib/blueprints/parseDockerContainers.ts281// owen_default: {
LOWserver/lib/blueprints/parseDockerContainers.ts301// ],
LOWserver/lib/blueprints/parseDockerContainers.ts321// image: "bolkedebruin/rdpgw:latest",
LOWsrc/app/[orgId]/settings/logs/request/page.tsx361 // 102 - Valid Access Token
LOWsrc/components/ShareLinksTable.tsx161 // cell: ({ row }) => {
LOWsrc/components/ShareLinksTable.tsx181 // variant="ghost"
LOWsrc/components/ShareLinksTable.tsx201 // );
LOWsrc/components/RolesTable.tsx101 // enableHiding: false,
LOWsrc/components/HealthCheckCredenza.tsx581 description: t(
LOWsrc/components/PendingSitesTable.tsx241 </span>
LOWsrc/components/PendingSitesTable.tsx261 // ? ArrowUp10Icon
LOWsrc/components/PendingSitesTable.tsx281 // );
Excessive Try-Catch Wrapping3 hits · 2 pts
SeverityFileLineSnippet
LOWlicense_header_checker.py117 except Exception as e:
MEDIUMlicense_header_checker.py118 print(f"Error processing file {file_path}: {e}")
MEDIUMlicense_header_checker.py134 print(f"Error: Directory '{target_directory}' not found.")
AI Slop Vocabulary1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMpackage-lock.json16260 "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.3.tgz",
Self-Referential Comments1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMsrc/components/newt-install-commands.tsx79 command: `# Create the directory and environment file
Example Usage Blocks1 hit · 2 pts
SeverityFileLineSnippet
LOWserver/lib/blueprints/parseDotNotation.ts79// // Example usage:
Deep Nesting1 hit · 1 pts
SeverityFileLineSnippet
LOWlicense_header_checker.py62
Slop Phrases1 hit · 1 pts
SeverityFileLineSnippet
LOWmessages/en-US.json1338 "otpSetupSuccessStoreBackupCodes": "Your account is now more secure. Don't forget to save your backup codes.",