Home / microsoft / winget-cli
Repository Analysis

microsoft/winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).

3.0 Likely human-written View on GitHub
3.0
Adjusted Score
3.0
Raw Score
100%
Time Factor
2026-05-29
Last Push
25,939
Stars
C++
Language
324,137
Lines of Code
2106
Files
847
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 3HIGH 6MEDIUM 26LOW 812

Pattern Findings

847 matches across 8 categories. Click a row to expand file-level details.

Over-Commented Block808 hits · 808 pts
SeverityFileLineSnippet
LOW…tallAndCheckCorrelation/InstallAndCheckCorrelation.cpp1// Copyright (c) Microsoft Corporation.
LOWtools/SampleWinGetUWPCaller/AppInstallerCaller/pch.h1// Copyright (c) Microsoft Corporation.
LOWtools/SampleWinGetUWPCaller/AppInstallerCaller/App.cpp101/// <summary>
LOWtools/IndexComparisonTool/pch.h1// Copyright (c) Microsoft Corporation.
LOWtools/IndexComparisonTool/pch.h21#include <string>
LOWtools/IndexComparisonTool/pch.cpp1// Copyright (c) Microsoft Corporation.
LOWsamples/ConnectionValidationSample/Program.cs1// Copyright (c) Microsoft Corporation.
LOWsamples/WinGetUWPCaller/WinGetUWPCaller/pch.h1// Copyright (c) Microsoft Corporation.
LOWsamples/WinGetUWPCaller/WinGetUWPCaller/pch.h21#include <mutex>
LOWsamples/WinGetUWPCaller/WinGetUWPCaller/MainPage.cpp841 else if (uninstallResult)
LOWsamples/WinGetUWPCaller/WinGetUWPCaller/App.cpp101/// <summary>
LOW.github/workflows/spelling3.yml1# spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p
LOW.github/workflows/spelling3.yml21#
LOW.github/workflows/spelling3.yml41# Access to SARIF reports is generally restricted (by GitHub) to members of the repository.
LOW.github/actions/spelling/patterns.txt81
LOWdoc/specs/#888 - Com Api.md441 /// SAMPLE VALUES: For OpenWindowsCatalog "Microsoft.Winget.Source_8wekyb3d8bbwe"
LOWdoc/specs/#888 - Com Api.md661 FindPackagesOptions();
LOWsrc/binver/binver/version.h1#define STRINGIZE2(s) #s
LOWsrc/binver/binver/version.h21#define VER_COPYRIGHT_STR "Copyright (c) Microsoft Corporation"
LOWsrc/binver/binver/resource.h1//{{NO_DEPENDENCIES}}
LOW…nitTests/ManifestUnitTest/ManifestEqualityUnitTests.cs121 /// Manifest with all properties that provide equality.
LOW…terop.UnitTests/ManifestUnitTest/V1ManifestReadTest.cs541#pragma warning disable SA1310 // FieldNamesMustNotContainUnderscore
LOW…terop.UnitTests/ManifestUnitTest/V1ManifestReadTest.cs561
LOWsrc/AppInstallerTestExeInstaller/main.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/ComInprocTestbed/pch.h1// Copyright (c) Microsoft Corporation.
LOWsrc/ComInprocTestbed/pch.h21#include <string_view>
LOWsrc/ComInprocTestbed/Tests.h1// Copyright (c) Microsoft Corporation.
LOWsrc/ComInprocTestbed/pch.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/Dependencies.cpp1#include "pch.h"
LOWsrc/AppInstallerCLITests/PinFlow.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/pch.h1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/pch.h21#include <catch2/reporters/catch_reporter_registrars.hpp>
LOWsrc/AppInstallerCLITests/pch.h41#include <fstream>
LOWsrc/AppInstallerCLITests/WorkFlow.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/WorkflowCommon.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/TestCommon.h1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/CustomHeader.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/PortableInstaller.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/Command.cpp181
LOWsrc/AppInstallerCLITests/WorkflowGroupPolicy.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/PreIndexedPackageSource.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/UserSettings.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/RestClient.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/TestHooks.h1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/CompositeSource.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/InstallDependenciesFlow.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/ARPChanges.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/RestInterface_1_7.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/HttpClientHelper.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/InstallFlow.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/RestInterface_1_0.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/main.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/WorkflowCommon.h1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/Sources.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/ResumeFlow.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/AppInstallerCLITests/SQLiteIndex.cpp1// Copyright (c) Microsoft Corporation.
LOWsrc/WinGetUtilInterop/Manifest/ManifestVersion.cs1// -----------------------------------------------------------------------------
LOWsrc/WinGetUtilInterop/Manifest/ManifestVersion.cs21 /// <summary>
LOWsrc/WinGetUtilInterop/Manifest/ManifestVersion.cs41 /// <summary>
LOWsrc/WinGetUtilInterop/Manifest/V1/MinManifestInfo.cs41 public string ManifestType { get; set; }
748 more matches not shown…
Decorative Section Separators21 hits · 68 pts
SeverityFileLineSnippet
MEDIUMtools/WinGetLogViewer/media/viewer.js10 // ── State ────────────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js46 // ── DOM refs ─────────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js66 // ── Helpers ──────────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js153 // ── Filter logic ─────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js213 // ── Sidebar builder ──────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js353 // ── Virtual scroll renderer ───────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js452 // ── Scroll handler (virtual scroll repaint) ───────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js474 // ── Error navigation ─────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js497 // ── Option toggles ────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js513 // ── Search ────────────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js523 // ── Level / Channel / Subchannel "All / None" buttons ────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js567 // ── Export ────────────────────────────────────────────────────────
MEDIUMtools/WinGetLogViewer/media/viewer.js577 // ── Message handler (from extension host) ─────────────────────────
MEDIUMtools/WinGetLogViewer/src/logViewerProvider.ts21 // ── CustomReadonlyEditorProvider ────────────────────────────────
MEDIUMtools/WinGetLogViewer/src/logViewerProvider.ts97 // ── Public: open any log file in a new panel ─────────────────────
MEDIUMtools/WinGetLogViewer/src/logViewerProvider.ts166 // ── HTML builder ─────────────────────────────────────────────────
MEDIUMsrc/AppInstallerCLICore/Commands/DebugCommand.cpp399// ── LogViewerTestCommand ─────────────────────────────────────────────────────
MEDIUMsrc/AppInstallerCLICore/Commands/DebugCommand.cpp430 // ── All five levels on CLI ────────────────────────────────────────────
MEDIUMsrc/AppInstallerCLICore/Commands/DebugCommand.cpp437 // ── One Info entry on every channel ──────────────────────────────────
MEDIUMsrc/AppInstallerCLICore/Commands/DebugCommand.cpp447 // ── Subchannel simulation (sub-component logs routed through CLI) ─────
MEDIUMsrc/AppInstallerCLICore/Commands/DebugCommand.cpp471 // ── Follow mode: stream log lines every 3 seconds ────────────────────
Synthetic Comment Markers6 hits · 45 pts
SeverityFileLineSnippet
HIGH…ryCore/Microsoft/Schema/1_0/SearchResultsTable_1_0.cpp78 // Create an insert statement to select values into the table as requested.
HIGH…ryCore/Microsoft/Schema/2_0/SearchResultsTable_2_0.cpp80 // Create an insert statement to select values into the table as requested.
HIGHsrc/AppInstallerRepositoryCore/Rest/RestClient.cpp170 // Cache the information value as requested
HIGH…et.SharedLib/Resources/GroupPolicyResource.Designer.cs3// This code was generated by a tool.
HIGH…t.Configuration.Engine/Resources/Resources.Designer.cs3// This code was generated by a tool.
HIGH….WinGet.Client.Engine/Properties/Resources.Designer.cs3// This code was generated by a tool.
Hallucination Indicators3 hits · 30 pts
SeverityFileLineSnippet
CRITICAL…c/AppInstallerCLIE2ETests/PowerShell/PowerShellHost.cs65 var newModulePath = this.PowerShell.Runspace.SessionStateProxy.PSVariable.GetValue("env:PSModulePath") + $";
CRITICAL…c/AppInstallerCLIE2ETests/PowerShell/PowerShellHost.cs66 this.PowerShell.Runspace.SessionStateProxy.PSVariable.Set("env:PSModulePath", newModulePath);
CRITICAL…nitTests/Tests/ConfigurationProcessorTelemetryTests.cs189 Assert.Equal(testObjects.GetResult.ResultInformation.ResultCode.HResult.ToString(), runEvent.Properties[Tele
Slop Phrases4 hits · 9 pts
SeverityFileLineSnippet
LOWsrc/AppInstallerCLITests/RestClient.cpp65 // Update this test to next version so that we don't forget to add to supported versions before rest e2e tests are a
LOWsrc/AppInstallerCLITests/TestHooks.h29 // Don't forget to clear the overrides after use!
MEDIUMsrc/AppInstallerCLICore/Argument.cpp336 // Used for demonstration purposes
MEDIUMsrc/AppInstallerCLICore/ExecutionArgs.h196 // Used for demonstration purposes
AI Slop Vocabulary3 hits · 9 pts
SeverityFileLineSnippet
MEDIUM…oryCore/Microsoft/PredefinedInstalledSourceFactory.cpp320 // TODO: To support servicing, the initial implementation of update will simply leverage
MEDIUM…sitoryCore/Microsoft/ConfigurableTestSourceFactory.cpp30 // TODO: If this becomes more dynamic, refactor the UserSettings code to make it easier to leverage
MEDIUM…nstallerCLICore/ConfigurationDynamicRuntimeFactory.cpp44 // have this implementation leverage that one with an event handler for the packaged specifics.
Example Usage Blocks1 hit · 2 pts
SeverityFileLineSnippet
LOW…stallerRepositoryCore/Public/winget/RepositorySearch.h376 // Example usage:
Hyper-Verbose Identifiers1 hit · 1 pts
SeverityFileLineSnippet
LOWsrc/AppInstallerCLITests/TestRestRequestHandler.h6class TestRestRequestHandler : public web::http::http_pipeline_stage