Home / renovatebot / renovate
Repository Analysis

renovatebot/renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

0.6 Likely human-written View on GitHub
0.6
Adjusted Score
0.6
Raw Score
100%
Time Factor
2026-05-30
Last Push
21,653
Stars
TypeScript
Language
599,649
Lines of Code
3287
Files
327
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 1MEDIUM 15LOW 311

Pattern Findings

327 matches across 8 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers256 hits · 264 pts
SeverityFileLineSnippet
LOWtools/sync-org-issue-fields.ts136export function getUpdateFieldOptionsCommand(
LOWtools/validate-schema.ts11async function validateFileAgainstSchema(
LOWtools/validate-schema.ts22async function validateFileAgainstSchemaFromFile(
LOWtools/validate-schema.ts76async function validateDataFilesAgainstSchemas(): Promise<void> {
LOWtools/test/utils.ts3export function getCoverageIgnorePatterns(): string[] {
LOWtools/utils/sync-module-labels.ts107export function formatCreateLabelCommands(
LOWtools/docs/schema.ts194function createSchemaForParentConfigs(
LOWtools/docs/schema.ts206function addChildrenArrayInParents(
LOWtools/docs/schema.ts267function createSchemaForChildConfigs(
LOWtools/docs/manager-asdf-supported-plugins.ts11export async function generateManagerAsdfSupportedPlugins(
LOWtools/docs/manager-mise-supported-plugins.ts125export async function generateManagerMiseSupportedPlugins(
LOWtools/docs/github-query-items.ts175export function generateFeatureAndBugMarkdown(
LOWtools/docs/config.ts297function generateCacheNamespacesList(): string {
LOWtools/docs/config.ts330function generateToolsForConstraints(): string {
LOWtools/docs/config.ts347function generateAdditionalConstraints(): string {
LOWtools/docs/config.ts362function generateToolsForInstallTools(): string {
LOWtest/http-mock.ts117function massageHttpMockStacktrace(err: Error): void {
LOWtest/graphql-snapshot.ts16function isOperationDefinitionNode(
LOWtest/graphql-snapshot.ts152function simplifyVariableDefinitions(
LOWtest/docs/documentation.spec.ts23 async function getConfigOptionSubHeaders(
LOWtest/docs/documentation.spec.ts98 function getRequiredConfigSubOptions(): string[] {
LOWtest/docs/documentation.spec.ts172 function getRequiredSelfHostedOptions(): string[] {
LOWtest/docs/documentation.spec.ts195 async function getSelfHostedExperimentalConfigHeaders(
LOWtest/docs/documentation.spec.ts219 async function getAdditionalHandlebarsHelpersHeaders(): Promise<
LOWlib/config-validator.ts39async function partiallyGlobalInitialize(): Promise<void> {
LOWlib/logger/bunyan.ts89function serializedSanitizedLogger(streams: BunyanStream[]): BunyanLogger {
LOWlib/logger/remap.ts53export function resetGlobalLogLevelRemaps(): void {
LOWlib/logger/remap.ts58export function setRepositoryLogLevelRemaps(
LOWlib/logger/remap.ts64export function resetRepositoryLogLevelRemaps(): void {
LOWlib/util/interpolator.ts17export function validateInterpolatedValues(
LOWlib/util/interpolator.ts53function replaceInterpolatedValuesInString(
LOWlib/util/interpolator.ts90export function replaceInterpolatedValuesInObject(
LOWlib/util/sanitize.ts64export function clearRepoSanitizedSecretsList(): void {
LOWlib/util/sanitize.ts68export function clearGlobalSanitizedSecretsList(): void {
LOWlib/util/check-token.ts65export function isGithubPersonalAccessToken(token: string): boolean {
LOWlib/util/check-token.ts69export function isGithubServerToServerToken(token: string): boolean {
LOWlib/util/check-token.ts73export function isGithubFineGrainedPersonalAccessToken(token: string): boolean {
LOWlib/util/check-token.ts83export function takePersonalAccessTokenIfPossible(
LOWlib/util/host-rules.ts106function fromShorterToLongerMatchHost(a: HostRule, b: HostRule): number {
LOWlib/util/unicode.ts15export function logWarningIfUnicodeHiddenCharactersInPackageFile(
LOWlib/util/cache/repository/impl/s3.spec.ts23function createGetObjectCommandInput(
LOWlib/util/cache/repository/impl/s3.spec.ts35function createPutObjectCommandInput(
LOWlib/util/http/rate-limits.ts71export function getConcurrentRequestsLimit(url: string): number | null {
LOWlib/util/exec/types.ts248export function isAdditionalConstraintName(
LOWlib/util/vulnerability/utils.ts19export function getFixedVersionConstraint(
LOWlib/util/vulnerability/utils.ts37export function getLastAffectedVersionConstraint(
LOWlib/util/git/instrument.ts34function gitOperationTypeForSubcommand(subcommand: string): GitOperationType {
LOWlib/util/git/update-date-cache.ts5export function getCachedUpdateDateResult(
LOWlib/util/git/update-date-cache.ts23export function setCachedUpdateDateResult(
LOWlib/util/git/behind-base-branch-cache.ts6export function getCachedBehindBaseResult(
LOWlib/util/git/behind-base-branch-cache.ts30export function setCachedBehindBaseResult(
LOWlib/util/git/semantic.ts39function detectSemanticCommitScore(commitMessages: string[]): number {
LOWlib/util/git/auth.ts24export function getGitAuthenticatedEnvironmentVariables(
LOWlib/util/git/auth.ts91function getAuthenticationRulesWithToken(
LOWlib/util/git/auth.ts172export function getGitEnvironmentVariables(
LOWlib/config/validation.ts111function getUnsupportedEnabledManagers(enabledManagers: string[]): string[] {
LOWlib/config/validation.ts1153function getPossibleConfigFileNames({
LOWlib/config/secrets.ts46export function validateConfigSecretsAndVariables(
LOWlib/config/secrets.ts64export function applySecretsAndVariablesToConfig(
LOWlib/config/validation-helpers/utils.ts98export function validateRegexManagerFields(
196 more matches not shown…
Self-Referential Comments11 hits · 32 pts
SeverityFileLineSnippet
MEDIUMtools/find-issues-with-missing-labels.sh29 # Create a list of issue numbers with authors
MEDIUMtools/find-issues-with-missing-labels.sh51 # Create a list of issue numbers with authors
MEDIUM…dules/manager/terraform/__fixtures__/rangeStrategy.hcl1# This file is maintained automatically by "terraform init".
MEDIUM…/__fixtures__/flux-system-invalid/gotk-components.yaml1# This file is missing the required Flux Version header
MEDIUMlib/modules/manager/pip-compile/artifacts.spec.ts40# This file is autogenerated by pip-compile with Python 3.11
MEDIUMlib/modules/manager/pip-compile/artifacts.spec.ts402 # This file is autogenerated by pip-compile
MEDIUMlib/modules/manager/pip-compile/common.spec.ts17# This file is autogenerated by pip-compile with Python 3.11
MEDIUMlib/modules/manager/pip-compile/common.ts295 /^(#.*?\r?\n)*# This file is autogenerated by pip-compile with Python (?<pythonVersion>\d+(\.\d+)*)\s/,
MEDIUMlib/modules/manager/pip-compile/extract.spec.ts21# This file is autogenerated by pip-compile with Python 3.11
MEDIUMlib/modules/manager/gradle-wrapper/util.spec.ts45 #This file is generated by updateDaemonJvm
MEDIUMlib/modules/manager/gradle-wrapper/util.spec.ts65 #This file is generated by updateDaemonJvm
Fake / Example Data24 hits · 26 pts
SeverityFileLineSnippet
LOWlib/util/common.spec.ts10 "name": "John Doe",
LOWlib/util/common.spec.ts36 "name": "John Doe",
LOWlib/util/common.spec.ts125 name: 'John Doe',
LOWlib/util/common.spec.ts181 name: 'John Doe',
LOWlib/util/git/index.spec.ts1048 await fs.writeFile(`${base.path}/test`, 'lorem ipsum');
LOWlib/util/git/index.spec.ts1078 await fs.writeFile(`${base.path}/test`, 'lorem ipsum');
LOWlib/workers/repository/update/pr/labels.spec.ts91 'Torem ipsum dolor sit amet, consectetur adipiscing elit. Sed fringilla erat eu lectus gravida varius. Maecenas
LOWlib/workers/repository/update/pr/labels.spec.ts98 'Torem ipsum dolor sit amet, consectetur adipiscing', // len: 50
LOWlib/workers/repository/update/pr/labels.spec.ts111 'Torem ipsum dolor sit amet, consectetur adipiscing elit. Sed fringilla erat eu lectus gravida varius. Maecena
LOWlib/workers/repository/update/pr/labels.spec.ts119 'Torem ipsum dolor sit amet, consectetur adipiscing', // len: 50
LOWlib/modules/platform/utils/pr-body.spec.ts56 const body = smartTruncate('Lorem ipsum dolor sit amet', 10);
LOWlib/modules/platform/utils/pr-body.spec.ts56 const body = smartTruncate('Lorem ipsum dolor sit amet', 10);
LOWlib/modules/platform/gitea/gitea-helper.spec.ts62 email: 'admin@example.com',
LOWlib/modules/platform/gitea/gitea-helper.spec.ts120 body: 'Lorem ipsum dolor sit amet',
LOWlib/modules/platform/gitea/gitea-helper.spec.ts120 body: 'Lorem ipsum dolor sit amet',
LOWlib/modules/platform/scm-manager/utils.spec.ts95 contact: 'test@test.com',
LOWlib/modules/platform/scm-manager/index.spec.ts26 contact: 'test@test.com',
LOW…odules/platform/scm-manager/scm-manager-helper.spec.ts25 contact: 'test@test.com',
LOWlib/modules/platform/bitbucket-server/index.spec.ts1055 q.filter === 'test@test.com' &&
LOWlib/modules/platform/bitbucket-server/index.spec.ts1065 emailAddress: 'test@test.com',
LOWlib/modules/platform/bitbucket-server/index.spec.ts1070 bitbucket.addReviewers(5, ['name', 'userName2', 'test@test.com']),
LOWlib/modules/platform/forgejo/forgejo-helper.spec.ts63 email: 'admin@example.com',
LOWlib/modules/platform/forgejo/forgejo-helper.spec.ts121 body: 'Lorem ipsum dolor sit amet',
LOWlib/modules/platform/forgejo/forgejo-helper.spec.ts121 body: 'Lorem ipsum dolor sit amet',
Over-Commented Block22 hits · 22 pts
SeverityFileLineSnippet
LOWtools/mkdocs/mkdocs.yml101 features:
LOWtools/mkdocs/mkdocs.yml141markdown_extensions:
LOWlib/util/exec/docker/index.spec.ts321 );
LOWlib/util/git/private-key.ts121
LOWlib/modules/datasource/jsr/common.ts1export const defaultRegistryUrls = [
LOWlib/modules/datasource/aws-machine-image/readme.md101This would match every file, and would recognize the following lines:
LOW…ource/golang-version/__fixtures__/releases-invalid3.go1// Copyright 2020 The Go Authors. All rights reserved.
LOWlib/modules/platform/codecommit/codecommit-client.ts121// sourceCommitSpecifier: string,
LOWlib/modules/platform/codecommit/index.ts461 logger.debug(`mergePr(${prNo}, ${branchName!})`);
LOWlib/modules/platform/codecommit/index.ts481 //
LOWlib/modules/platform/codecommit/index.ts501 // logger.debug({ err }, `PR merge error`);
LOW…/modules/manager/bazel-module/parser/extension-tags.ts1import { query as q } from '@renovatebot/good-enough-parser';
LOWlib/modules/manager/cargo/__fixtures__/Cargo.1.toml61[dev-dependencies]
LOW…pile/__fixtures__/requirementsWithUnknownArguments.txt1#
LOW…pip-compile/__fixtures__/requirementsCustomCommand.txt1#
LOW…e/__fixtures__/requirementsWithExploitingArguments.txt1#
LOWlib/modules/manager/kustomize/extract.spec.ts1001 packageName: 'ssh://alice@example.com/path/to/repo',
LOW…elm-values/__fixtures__/default_chart_init_values.yaml41 # kubernetes.io/ingress.class: nginx
LOWlib/modules/versioning/rez/pattern.ts1// Regular Expressions have been copied from, some more work were necessary to make it work:
LOWlib/modules/versioning/rez/pattern.ts21// " ^(?P<lower_bound>"
LOWlib/modules/versioning/rez/pattern.ts41// " (?P<range_upper_asc_prefix><(?={version_group})|<=)" # <= only if followed by a version group
LOWlib/modules/versioning/regex/index.ts21 // config is expected to be overridden by a user-specified RegExp value
Slop Phrases5 hits · 7 pts
SeverityFileLineSnippet
MEDIUM…workers/repository/process/lookup/__fixtures__/01.json1{"_id":"q","_rev":"630-d7fce0e6c70f098394f2354b47a5d56a","name":"q","description":"A library for promises (CommonJS/Prom
MEDIUM…rkers/repository/process/lookup/__fixtures__/next.json1{"_id":"next","_rev":"268-a36e4644c508821b322a115415ac0a22","name":"next","dist-tags":{"latest":"4.2.3","beta":"4.0.0-be
LOW…rkers/repository/process/lookup/__fixtures__/next.json1{"_id":"next","_rev":"268-a36e4644c508821b322a115415ac0a22","name":"next","dist-tags":{"latest":"4.2.3","beta":"4.0.0-be
LOW…sitory/process/lookup/__fixtures__/vue-test-utils.json1{"_id":"vue-test-utils","_rev":"22-66ccf0fa49e20a73a70fbe8379efde72","name":"vue-test-utils","description":"Utilities fo
LOW…orkers/repository/process/lookup/__fixtures__/vue.json1{"_id":"vue","_rev":"638-dc9984a3a413fdba4589a021d11f2548","name":"vue","description":"Reactive, component-oriented view
Overly Generic Function Names6 hits · 6 pts
SeverityFileLineSnippet
LOWlib/logger/once.spec.ts63 function doSomething() {
LOWlib/logger/once.spec.ts77 function doSomething() {
LOWlib/logger/once.spec.ts92 function doSomething() {
LOWlib/logger/once.spec.ts109 function doSomething(s: string) {
LOWlib/logger/once.spec.ts127 function doSomething() {
LOWlib/logger/once.spec.ts149 function doSomething() {
AI Slop Vocabulary2 hits · 5 pts
SeverityFileLineSnippet
MEDIUMlib/modules/datasource/repology/__fixtures__/nginx.json1[{"repo":"parabola","subrepo":"extra","srcname":"nginx","binname":"nginx","visiblename":"nginx","version":"1.18.0","lice
MEDIUMlib/modules/manager/gleam/extract.ts13// this allows us to leverage renovate built-in configurations and presets
Cross-Language Confusion (JS/TS)1 hit · 5 pts
SeverityFileLineSnippet
HIGHlib/modules/manager/pep723/utils.spec.ts105 print("requires-python>=3.11")