Home / pocketbase / pocketbase
Repository Analysis

pocketbase/pocketbase

Open Source realtime backend in 1 file

2.0 Likely human-written View on GitHub
2.0
Adjusted Score
2.0
Raw Score
100%
Time Factor
2026-05-30
Last Push
58,742
Stars
Go
Language
180,808
Lines of Code
713
Files
259
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 1HIGH 16MEDIUM 3LOW 239

Pattern Findings

259 matches across 8 categories. Click a row to expand file-level details.

Over-Commented Block185 hits · 160 pts
SeverityFileLineSnippet
LOWui/src/records/recordsList.js541 tabIndex: 0,
LOWui/src/fields/autodate/onrecordduplicate.js1// {
LOWui/src/fields/file/onrecordduplicate.js1// {
LOWtools/logger/batch_handler.go21 // BeforeAddFunc is optional function that is invoked every time
LOWtools/logger/batch_handler.go41//
LOWtools/template/registry.go1// Package template is a thin wrapper around the standard html/template
LOWtools/template/registry.go61//
LOWtools/mailer/smtp.go161
LOWtools/mailer/smtp.go181
LOWtools/filesystem/filesystem.go121}
LOWtools/filesystem/internal/s3blob/s3blob.go1// Package s3blob provides a blob.Bucket S3 driver implementation.
LOWtools/filesystem/internal/s3blob/s3blob.go401 return w.err
LOWtools/filesystem/internal/s3blob/s3/uploader.go41 // Metadata specifies the optional metadata to write with the object upload.
LOWtools/filesystem/internal/s3blob/s3/list_objects.go21 // For directory buckets, "/" is the only supported delimiter.
LOWtools/filesystem/internal/s3blob/s3/s3.go1// Package s3 implements a lightweight client for interacting with the
LOWtools/filesystem/internal/fileblob/attrs.go1package fileblob
LOWtools/filesystem/internal/fileblob/fileblob.go1// Package fileblob provides a blob.Bucket driver implementation.
LOWtools/filesystem/internal/fileblob/fileblob.go21// In either case, absent any stored metadata many `blob.Attributes` fields
LOWtools/filesystem/blob/bucket.go1// Package blob defines a lightweight abstration for interacting with
LOWtools/filesystem/blob/bucket.go61 // Delimiter sets the delimiter used to define a hierarchical namespace,
LOWtools/filesystem/blob/bucket.go81 // PageToken may be filled in with the NextPageToken from a previous
LOWtools/filesystem/blob/bucket.go201var FirstPageToken = []byte("first page")
LOWtools/filesystem/blob/bucket.go301
LOWtools/filesystem/blob/bucket.go481 //
LOWtools/filesystem/blob/bucket.go501 // displayed inline or as an attachment.
LOWtools/filesystem/blob/bucket.go521 // When true, if ContentType is the empty string, it will stay the empty
LOWtools/filesystem/blob/bucket.go541// NewWriter returns a Writer that writes to the blob stored at key.
LOWtools/filesystem/blob/writer.go21// https://www.apache.org/licenses/LICENSE-2.0
LOWtools/filesystem/blob/reader.go41 savedOffset int64 // Last relativeOffset for r, saved after relativeOffset is changed in Seek, or -1 if no Seek.
LOWtools/filesystem/blob/hex.go1package blob
LOWtools/filesystem/blob/hex.go21// distributed under the License is distributed on an "AS IS" BASIS,
LOWtools/filesystem/blob/driver.go41
LOWtools/filesystem/blob/driver.go61 // NewTypedWriter returns Writer that writes to an object associated with key.
LOWtools/filesystem/blob/driver.go81 // Copy copies the object associated with srcKey to dstKey.
LOWtools/subscriptions/client.go21}
LOWtools/search/simple_field_resolver.go21// ResolverResult defines a single FieldResolver.Resolve() successfully parsed result.
LOWtools/search/filter.go21//
LOWtools/search/token_functions.go61 // strftime(format, [timeValue, modifier1, modifier2, ...]) returns
LOWtools/hook/hook.go21 //
LOWtools/hook/hook.go41// hook.Event
LOWtools/cron/schedule.go81//
LOWtools/router/rereadable_read_closer.go21// NB! Make sure to call Close after done working with the reader.
LOWtools/router/event.go321
LOWtools/router/event.go341// - "form" (form data) - utilizes the custom [router.UnmarshalRequestData] method.
LOWtools/router/unmarshal_request_data.go21//
LOWtools/router/unmarshal_request_data.go41//
LOWtools/router/router.go21type EventFactoryFunc[T hook.Resolver] func(w http.ResponseWriter, r *http.Request) (T, EventCleanupFunc)
LOWapis/record_auth_with_oauth2_redirect.go121 // fallback if UI is not bundled
LOWapis/serve.go41 //
LOWapis/record_crud.go101 return firstApiError(err, e.InternalServerError("Failed to enrich records", err))
LOWapis/middlewares_gzip.go41 //
LOWapis/middlewares_gzip.go221 }
LOWapis/middlewares_cors.go1package apis
LOWapis/middlewares_cors.go41 //
LOWapis/middlewares_cors.go61 // accessing the resource. This is used in response to a preflight request.
LOWapis/middlewares_cors.go81 // response to a preflight request, this indicates whether or not the actual
LOWapis/middlewares_cors.go101 UnsafeWildcardOriginWithAllowCredentials bool
LOWapis/record_auth_with_oauth2.go341 // prevent pre-hijacking with password auth
LOWapis/base.go101// - if "path" is a file that ends in index.html, it is redirected to its non-index.html version (eg. /test/index.html
LOWcore/field_number.go21var (
125 more matches not shown…
Cross-Language Confusion (JS/TS)16 hits · 120 pts
SeverityFileLineSnippet
HIGHui/src/apiPreview/docsAuthWithOAuth2.js135 print(pb.authStore.isValid);
HIGHui/src/apiPreview/docsAuthWithOAuth2.js136 print(pb.authStore.token);
HIGHui/src/apiPreview/docsAuthWithOAuth2.js137 print(pb.authStore.record.id);
HIGHui/src/apiPreview/docsAuthRefresh.js113 print(pb.authStore.isValid);
HIGHui/src/apiPreview/docsAuthRefresh.js114 print(pb.authStore.token);
HIGHui/src/apiPreview/docsAuthRefresh.js115 print(pb.authStore.record.id);
HIGHui/src/apiPreview/docsAuthWithPassword.js114 print(pb.authStore.isValid);
HIGHui/src/apiPreview/docsAuthWithPassword.js115 print(pb.authStore.token);
HIGHui/src/apiPreview/docsAuthWithPassword.js116 print(pb.authStore.record.id);
HIGHui/src/apiPreview/docsAuthWithOTP.js98 print(pb.authStore.isValid);
HIGHui/src/apiPreview/docsAuthWithOTP.js99 print(pb.authStore.token);
HIGHui/src/apiPreview/docsAuthWithOTP.js100 print(pb.authStore.record.id);
HIGHui/src/apiPreview/docsRealtime.js108 print(e.action);
HIGHui/src/apiPreview/docsRealtime.js109 print(e.record);
HIGHui/src/apiPreview/docsRealtime.js114 print(e.action);
HIGHui/src/apiPreview/docsRealtime.js115 print(e.record);
Fake / Example Data27 hits · 33 pts
SeverityFileLineSnippet
LOWCHANGELOG_16_22.md566 app.Logger().Info("Example message", "total", 123, "details", "lorem ipsum...")
LOWCHANGELOG_16_22.md569 $app.logger().info("Example message", "total", 123, "details", "lorem ipsum...")
LOWCHANGELOG_16_22.md1044 app.Dao().FindRecordsByFilter("posts", "title ~ 'lorem ipsum' && visible = true", "-created", 10)
LOWui/src/fields/editor/init.js17 return "Lorem ipsum dolor sit amet...";
LOWui/src/fields/editor/init.js17 return "Lorem ipsum dolor sit amet...";
LOWui/src/apiPreview/docsAuthWithOAuth2.js21 "name": "John Doe",
LOWtools/logger/batch_handler.go52// l.Info("Example message", "title", "lorem ipsum")
LOWtools/inflector/inflector_test.go128 {"John Doe", "john_doe"},
LOWtools/mailer/html2text_test.go74 <p>Lorem ipsum</p>
LOWtools/mailer/html2text_test.go75 <p>Dolor sit amet</p>
LOWtools/mailer/html2text_test.go117 "Lorem ipsum \r\nDolor sit amet \r\n[Verify](a/b/c) \r\n[Verify2.1 Verify2.2](a/b/c) \r\n\r\n- ul.test1 \r\n- ul.te
LOWtools/mailer/html2text_test.go117 "Lorem ipsum \r\nDolor sit amet \r\n[Verify](a/b/c) \r\n[Verify2.1 Verify2.2](a/b/c) \r\n\r\n- ul.test1 \r\n- ul.te
LOWtools/mailer/mailer_test.go21 []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Name: "Jane Doe", Address: "test2@example.com"}},
LOWtools/mailer/mailer_test.go21 []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Name: "Jane Doe", Address: "test2@example.com"}},
LOWtools/mailer/mailer_test.go22 []string{`"John Doe" <test1@example.com>`, `"Jane Doe" <test2@example.com>`},
LOWtools/mailer/mailer_test.go22 []string{`"John Doe" <test1@example.com>`, `"Jane Doe" <test2@example.com>`},
LOWtools/mailer/mailer_test.go26 []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Address: "test2@example.com"}},
LOWtools/mailer/mailer_test.go27 []string{`"John Doe" <test1@example.com>`, `test2@example.com`},
LOWtools/mailer/mailer_test.go31 []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Name: "Jane Doe", Address: "test2@example.com"}},
LOWtools/mailer/mailer_test.go31 []mail.Address{{Name: "John Doe", Address: "test1@example.com"}, {Name: "Jane Doe", Address: "test2@example.com"}},
LOWcore/record_query.go364// dbx.Params{"title": "lorem ipsum", "visible": true}
LOWcore/app.go629 // dbx.Params{"title": "lorem ipsum", "visible": true}
LOWplugins/jsvm/binds_test.go930 if (result.name != "John Doe") {
LOWplugins/jsvm/binds_test.go931 throw new Error("Expected result.name 'John Doe', got " + result.name)
LOWplugins/jsvm/binds_test.go942 if (result.name != "John Doe") {
LOWplugins/jsvm/binds_test.go943 throw new Error("Expected result.name 'John Doe', got " + result.name)
LOWplugins/jsvm/internal/types/types.go391 * title: "Lorem ipsum"
Hyper-Verbose Identifiers16 hits · 16 pts
SeverityFileLineSnippet
LOWui/src/records/recordUpsertModal.js865function resetTokenKeyDropdownItem(collection, data, modalSettings) {
LOWui/src/records/recordUpsertModal.js934function sendPasswordResetEmailDropdownItem(collection, data, modalSettings) {
LOWui/src/records/recordUpsertModal.js979function sendVerificationDropdownItem(collection, data, modalSettings) {
LOWui/src/records/recordSummary.js117function hideRecordSummaryDropdown(target, delay = 150) {
LOWui/src/records/recordSummary.js134function showRecordSummaryDropdown(target, record, delay = 150) {
LOWui/src/auth/pageRequestSuperuserPasswordReset.js1export function pageRequestSuperuserPasswordReset(route) {
LOWui/src/apiPreview/docsCreate.js365export function replaceDummyPayloadPlaceholder(payloadStr) {
LOWui/src/collections/collectionsOverviewModal.js125 function sortSystemUnderscoredLast(a, b) {
LOWui/src/collections/collectionUpsertModal.js715function syncFieldsAndIndexesWithScaffold(collection) {
LOW…/src/collections/collectionChangesConfirmationModal.js109 async function detectConflictingOIDCProviders() {
LOWui/src/collections/autocomplete.utils.js67function collectionFieldsAutocomplete(word, collections, collection, prefix = "", level = 0) {
LOWui/src/collections/autocomplete.utils.js156function requestFieldsAutocomplete(word, collections, baseCollection) {
LOWui/src/collections/autocomplete.utils.js216function collectionJoinAutocomplete(word, collections) {
LOWui/src/collections/oauth2/appleOptions.js47function appleSecretGeneratorModal(modalSettings = {}) {
LOWui/src/base/tinymce.js88 function triggerOnchangeWithDebounce(debounce = 150) {
LOWui/src/base/codeEditor.js110 function closeAutocompleteDropdown() {
Example Usage Blocks9 hits · 14 pts
SeverityFileLineSnippet
LOWcore/mfa_model.go34// Example usage:
LOWcore/auth_origin_model.go29// Example usage:
LOWcore/external_auth_model.go28// Example usage:
LOWcore/otp_model.go28// Example usage:
LOWcore/record_model.go1354// Example usage:
LOWplugins/migratecmd/migratecmd.go6// Example usage:
LOWplugins/migratecmd/migratecmd.go51// Example usage:
LOWplugins/ghupdate/ghupdate.go4// Example usage:
LOWplugins/jsvm/jsvm.go113// Example usage:
Hallucination Indicators1 hit · 10 pts
SeverityFileLineSnippet
CRITICALui/public/libs/tinymce/themes/silver/theme.min.js1!function(){"use strict";const e=Object.getPrototypeOf,t=(e,t,o)=>{var n;return!!o(e,t.prototype)||(null===(n=e.construc
AI Slop Vocabulary3 hits · 7 pts
SeverityFileLineSnippet
MEDIUMui/public/libs/tinymce/tinymce.min.js13!function(){"use strict";var e=function(e){if(null===e)return"null";if(void 0===e)return"undefined";var t=typeof e;retur
MEDIUMui/public/libs/tinymce/tinymce.min.js13!function(){"use strict";var e=function(e){if(null===e)return"null";if(void 0===e)return"undefined";var t=typeof e;retur
MEDIUMplugins/jsvm/jsvm.go5// can utilize them as part of their own custom goja runtime setup.
Slop Phrases2 hits · 3 pts
SeverityFileLineSnippet
LOWtools/filesystem/internal/s3blob/s3/s3.go112// Note: Don't forget to call resp.Body.Close() after done with the result.
LOWtools/search/provider_test.go749// NB! Don't forget to call `db.Close()` at the end of the test.