Home / parse-community / parse-server
Repository Analysis

parse-community/parse-server

Parse Server for Node.js / Express

4.5 Likely human-written View on GitHub
4.5
Adjusted Score
4.5
Raw Score
100%
Time Factor
2026-05-27
Last Push
21,390
Stars
JavaScript
Language
178,132
Lines of Code
451
Files
175
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 71HIGH 0MEDIUM 1LOW 103

Pattern Findings

175 matches across 6 categories. Click a row to expand file-level details.

Hallucination Indicators71 hits · 688 pts
SeverityFileLineSnippet
CRITICALspec/ParseGraphQLServer.spec.js4054 result.data.createClass.class.schemaFields = result.data.createClass.class.schemaFields.sort(
CRITICALspec/ParseGraphQLServer.spec.js4057 result.data.updateClass.class.schemaFields = result.data.updateClass.class.schemaFields.sort(
CRITICALspec/ParseGraphQLServer.spec.js4392 result.data.createClass.class.schemaFields = result.data.createClass.class.schemaFields.sort(
CRITICALspec/ParseGraphQLServer.spec.js4395 result.data.deleteClass.class.schemaFields = result.data.deleteClass.class.schemaFields.sort(
CRITICALspec/ParseGraphQLServer.spec.js5115 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js5118 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js5161 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js5164 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js5207 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js5210 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6095 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6098 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6139 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6142 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6185 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6188 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6242 if (call.object.s.namespace.collection.indexOf('GraphQLClass') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6245 } else if (call.object.s.namespace.collection.indexOf('_User') >= 0) {
CRITICALspec/ParseGraphQLServer.spec.js6341 result.data.parentClass.graphQLClasses.edges.map(edge => edge.node.objectId)
CRITICALspec/Auth.spec.js37 const firstSet = config.cacheController.role.set.calls.first();
CRITICALspec/Auth.spec.js40 const firstGet = config.cacheController.role.get.calls.first();
CRITICALspec/Auth.spec.js59 expect(config.cacheController.role.get.calls.count()).toEqual(1);
CRITICALspec/Auth.spec.js62 const firstGet = config.cacheController.role.get.calls.first();
CRITICALspec/ReadPreferenceOption.spec.js727 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js730 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js733 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js778 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js781 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js784 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js831 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js834 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js837 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js885 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js888 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js891 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js936 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js939 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js942 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js988 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js991 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js994 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1040 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1043 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1046 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1093 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1096 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1099 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1161 if (call.object.s.namespace.collection.indexOf('MyObject0') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1164 if (call.object.s.namespace.collection.indexOf('MyObject1') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js1167 if (call.object.s.namespace.collection.indexOf('MyObject2') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js32 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js75 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js107 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js139 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js171 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js207 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js242 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js273 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js304 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
CRITICALspec/ReadPreferenceOption.spec.js335 if (call.object.s.namespace.collection.indexOf('MyObject') >= 0) {
11 more matches not shown…
Fake / Example Data45 hits · 52 pts
SeverityFileLineSnippet
LOWspec/EmailVerificationToken.spec.js242 user.set('email', 'user@example.com');
LOWspec/EmailVerificationToken.spec.js322 user.set('email', 'user@example.com');
LOWspec/EmailVerificationToken.spec.js387 user.set('email', 'user@example.com');
LOWspec/EmailVerificationToken.spec.js567 newUser.set('email', 'user@example.com');
LOWspec/EmailVerificationToken.spec.js569 await Parse.User.requestEmailVerification('user@example.com');
LOWspec/EmailVerificationToken.spec.js602 user.setEmail('user@example.com');
LOWspec/EmailVerificationToken.spec.js1025 user.set('email', 'user@example.com');
LOWspec/EmailVerificationToken.spec.js1043 email: 'user@example.com',
LOWspec/PasswordPolicy.spec.js142 user.set('email', 'user@example.com');
LOWspec/PasswordPolicy.spec.js144 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/PasswordPolicy.spec.js145 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/PasswordPolicy.spec.js171 user.set('email', 'user@example.com');
LOWspec/PasswordPolicy.spec.js173 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/PasswordPolicy.spec.js174 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/UserPII.spec.js8const EMAIL = 'foo@bar.com';
LOWspec/ProtectedFields.spec.js1852 user1.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js1868 expect(response.data.phone).toBe('555-1234');
LOWspec/ProtectedFields.spec.js1897 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js1919 expect(masterResponse.data.phone).toBe('555-1234');
LOWspec/ProtectedFields.spec.js1960 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js1987 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js2017 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js2045 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js2058 expect(response.data.phone).toBe('555-1234');
LOWspec/ProtectedFields.spec.js2074 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js2087 expect(response.data.phone).toBe('555-1234');
LOWspec/ProtectedFields.spec.js2101 user.set('phone', '555-1234');
LOWspec/ProtectedFields.spec.js2114 expect(response.data.phone).toBe('555-1234');
LOWspec/ProtectedFields.spec.js2129 user.set('phone', '555-1234');
LOWspec/ParseQuery.spec.js2891 new PostObject({ author: postAuthor, title: 'Lorem ipsum' }),
LOWspec/index.spec.js792 user.setEmail('user@example.com');
LOWspec/index.spec.js797 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/index.spec.js805 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/ValidationAndPasswordsReset.spec.js329 user.set('email', 'user@example.com');
LOWspec/ValidationAndPasswordsReset.spec.js1185 user.set('email', 'user@example.com');
LOWspec/ValidationAndPasswordsReset.spec.js1187 await Parse.User.requestPasswordReset('user@example.com');
LOWspec/ParseUser.spec.js2378 user.set('email', 'test@test.com');
LOWspec/ParseUser.spec.js2385 user2.set('email', 'test@test.com');
LOWspec/ParseUser.spec.js2488 user.set('email', 'test@test.com');
LOWspec/ParseUser.spec.js2498 user2.set('email', 'test@test.com');
LOWspec/ParseUser.spec.js2516 user.set('email', 'test@test.com');
LOWspec/support/lorem.txt1Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus lobortis semper diam, ac euismod diam pharetra sed. Eti
LOWspec/support/lorem.txt1Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus lobortis semper diam, ac euismod diam pharetra sed. Eti
LOWspec/support/lorem.txt3Sed porttitor commodo orci, ut pretium eros convallis eget. Curabitur pretium velit in odio dictum luctus. Vivamus ac tr
LOWspec/support/lorem.txt3Sed porttitor commodo orci, ut pretium eros convallis eget. Curabitur pretium velit in odio dictum luctus. Vivamus ac tr
Hyper-Verbose Identifiers43 hits · 43 pts
SeverityFileLineSnippet
LOWbenchmark/performance.js493async function benchmarkQueryWithIncludeParallel(name) {
LOWbenchmark/performance.js556async function benchmarkQueryWithIncludeNested(name) {
LOWbenchmark/performance.js642async function benchmarkLargeResultMemory(name) {
LOWbenchmark/performance.js678async function benchmarkConcurrentQueryMemory(name) {
LOWbenchmark/performance.js807async function benchmarkObjectCreateNestedDenylist(name) {
LOWspec/PagesRouter.spec.js169 async function reconfigureServerWithPagesConfig(pagesConfig) {
LOWspec/ParseInstallation.spec.js1307 async function reconfigureWithInstallationOptions(installationOpts) {
LOWspec/ParseInstallation.spec.js1480 async function reconfigureWithInstallationOptions(installationOpts) {
LOWspec/ParseInstallation.spec.js1586 async function reconfigureWithInstallationOptions(installationOpts) {
LOWspec/OAuth1.spec.js80 function validateCannotAuthenticateError(data, done) {
LOWspec/SecurityCheck.spec.js21 async function reconfigureServerWithSecurityConfig(security) {
LOWspec/AuthenticationAdapters.spec.js254 function validateAuthenticationHandler(authenticationHandler) {
LOWspec/AuthenticationAdapters.spec.js260 function validateAuthenticationAdapter(authAdapter) {
LOWspec/Schema.spec.js1383 function validateSchemaDataStructure(schemaData) {
LOWspec/helper.js383function mockFacebookAuthenticator(id, token) {
LOWsrc/rest.js320function handleSessionMissingError(error, className, auth, config) {
LOWsrc/batch.js23function makeBatchRoutingPathFunction(originalUrl, serverURL, publicServerURL) {
LOWsrc/TestUtils.js8export function destroyAllDataPermanently(fast) {
LOWsrc/Auth.js78function shouldUpdateSessionExpiry(config, session) {
LOWsrc/AuthDataLock.js15export function applyAuthDataOptimisticLock(query, originalAuthData, newAuthData) {
LOWsrc/triggers.js66function validateClassNameForTriggers(className, type) {
LOWsrc/triggers.js438function logTriggerSuccessBeforeHook(triggerType, className, input, result, auth, logLevel) {
LOWsrc/triggers.js456function logTriggerErrorBeforeHook(triggerType, className, input, auth, error, logLevel) {
LOWsrc/triggers.js1035export function runLiveQueryEventHandlers(data, applicationId = Parse.applicationId) {
LOWsrc/triggers.js1113export async function maybeRunGlobalConfigTrigger(triggerType, auth, configObject, originalConfigObject, config, context
LOWsrc/InstallationDedup.js65export async function removeConflictingDeviceToken({
LOWsrc/InstallationDedup.js117export async function applyDuplicateDeviceTokenMerge({
LOWsrc/middlewares.js522function normalizeRouteAllowListPath(path, mount) {
LOWsrc/middlewares.js634export function promiseEnforceMasterKeyAccess(request) {
LOWsrc/ParseServerRESTController.js32function ParseServerRESTController(applicationId, router) {
LOWsrc/Routers/IAPValidationRouter.js46function getFileForProductIdentifier(productIdentifier, req) {
LOWsrc/Routers/SchemasRouter.js10function classNameMismatchResponse(bodyClass, pathClass) {
LOWsrc/Adapters/Storage/Postgres/PostgresConfigParser.js2function getDatabaseOptionsFromURI(uri) {
LOWsrc/Adapters/Storage/Postgres/PostgresStorageAdapter.js2756function isAnyValueRegexStartsWith(values) {
LOWsrc/Adapters/Storage/Mongo/MongoSchemaCollection.js4function mongoFieldToParseSchemaField(type) {
LOWsrc/Adapters/Storage/Mongo/MongoSchemaCollection.js43function mongoSchemaFieldsToParseSchemaFields(schema) {
LOWsrc/Adapters/Storage/Mongo/MongoSchemaCollection.js126function parseFieldTypeToMongoFieldType({ type, targetClass }) {
LOWsrc/Push/utils.js43export function transformPushBodyForLocale(body, locale) {
LOWsrc/GraphQL/helpers/queryComplexity.js74function createComplexityValidationPlugin(getConfig) {
LOWsrc/Controllers/SchemaController.js237function validateProtectedFieldsKey(key, userIdRegExp) {
LOWsrc/Controllers/SchemaController.js422function validatePointerPermission(fieldName: string, fields: Object, operation: string) {
LOWsrc/Controllers/SchemaController.js1544function thenValidateRequiredColumns(schemaPromise, className, object, query) {
LOWsrc/Controllers/index.js119export function getParseGraphQLController(
Over-Commented Block14 hits · 14 pts
SeverityFileLineSnippet
LOWci/CiVersionCheck.js121 * @param {String} versionComponent The latest version component.
LOWspec/ParseObject.spec.js1'use strict';
LOWsrc/AuthDataLock.js1// Apply optimistic locking for authData provider field changes. For each lockable
LOWsrc/RestQuery.js861 const findOptions = Object.assign({}, this.findOptions);
LOWsrc/Adapters/Auth/OAuth1Client.js81OAuth.encode = function (str) {
LOWsrc/Adapters/Storage/Postgres/PostgresStorageAdapter.js1301 debug(`deleteAllClasses done in ${new Date().getTime() - now}`);
LOWsrc/Adapters/Storage/Mongo/MongoStorageAdapter.js501 // attempts to delete non-existent fields is the responsibility of Parse Server.
LOWsrc/Adapters/Storage/Mongo/MongoStorageAdapter.js1021 // For dates, the driver expects a Date object, but we have a string coming in. So we'll convert
LOWsrc/Adapters/Push/PushAdapter.js1/* eslint-disable unused-imports/no-unused-vars */
LOWsrc/Adapters/Files/FilesAdapter.js1/* eslint-disable unused-imports/no-unused-vars */
LOWsrc/Adapters/WebSocketServer/WSSAdapter.js21 constructor(options) {
LOWsrc/Controllers/SchemaController.js1// @flow
LOWsrc/Controllers/DatabaseController.js41 _password_changed_at: { clientRead: false, masterRead: true, masterWrite: true },
LOWsrc/Controllers/DatabaseController.js1241 // Options:
AI Slop Vocabulary1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMsrc/GraphQL/loaders/filesMutations.js9// `createFile` is not directly called by Parse Server to leverage standard file upload mechanism
Overly Generic Function Names1 hit · 1 pts
SeverityFileLineSnippet
LOWsrc/ParseServerRESTController.js33 function handleRequest(method, path, data = {}, options = {}, config) {