Home / sahat / hackathon-starter
Repository Analysis

sahat/hackathon-starter

A boilerplate for Node.js web applications

1.4 Likely human-written View on GitHub
1.4
Adjusted Score
1.4
Raw Score
100%
Time Factor
2026-05-29
Last Push
35,210
Stars
JavaScript
Language
29,243
Lines of Code
68
Files
34
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 1LOW 33

Pattern Findings

34 matches across 3 categories. Click a row to expand file-level details.

Fake / Example Data23 hits · 25 pts
SeverityFileLineSnippet
LOWtest/user.test.js215 body: { email: 'user@example.com', password: '' },
LOWtest/user.test.js238 req.body.email = 'user@example.com';
LOWtest/user.test.js250 req.body.email = 'user@example.com';
LOWtest/user.test.js281 req.body.email = 'user@example.com';
LOWtest/user.test.js294 req.body.email = 'user@example.com';
LOWtest/user.test.js307 req.body.email = 'user@example.com';
LOWtest/user.test.js319 req.body.email = 'user@example.com';
LOWtest/passport.test.js142 const fakeUser = new User({ email: 'user@example.com', password: 'hashedpass' });
LOWtest/passport.test.js145 invokeLocal('user@example.com', 'wrongpass', (err, user, info) => {
LOWtest/passport.test.js154 const fakeUser = new User({ email: 'user@example.com', password: 'correcthash' });
LOWtest/passport.test.js157 invokeLocal('user@example.com', 'correctpass', (err, user) => {
LOWtest/passport.test.js173 const fakeUser = new User({ email: 'user@example.com', password: 'hash' });
LOWtest/passport.test.js177 invokeLocal('user@example.com', 'pass', (err) => {
LOWtest/passport.test.js779 name: 'John Doe',
LOWtest/passport.test.js832 name: 'John Doe',
LOWtest/passport.test.js861 name: 'John Doe',
LOWtest/passport.test.js878 name: 'John Doe',
LOWtest/passport.test.js918 name: 'John Doe',
LOWtest/passport.test.js1171 email: 'user@example.com',
LOWtest/passport.test.js1196 email: 'user@example.com',
LOWtest/passport.test.js1221 email: 'user@example.com',
LOWcontrollers/api.js1053 recipientName = 'John Doe';
LOWcontrollers/api.js1057 address_line1: '123 Main Street',
Hyper-Verbose Identifiers10 hits · 12 pts
SeverityFileLineSnippet
LOWtest/tools/server-axios-fixtures.js33function installServerAxiosFixtures({ mode = process.env.API_MODE } = {}) {
LOWtest/e2e-nokey/github-api.e2e.test.js19async function gotoGithubWithRateLimitRetry(sharedPage, request) {
LOWmodels/User.js86userSchema.virtual('isPasswordResetExpired').get(function checkPasswordResetExpiration() {
LOWmodels/User.js90userSchema.virtual('isEmailVerificationExpired').get(function checkEmailVerificationExpiration() {
LOWmodels/User.js94userSchema.virtual('isLoginExpired').get(function checkLoginTokenExpiration() {
LOWmodels/User.js159userSchema.pre('save', function updateGravatarOnEmailChange() {
LOWcontrollers/ai.js58function initializeEmbeddingCaches(mongoUri) {
LOWcontrollers/ai.js152async function createCollectionForVectorSearch(db, collectionName, indexes) {
LOWcontrollers/user.js166async function sendPasswordlessLoginLinkIfUserExists(user, req) {
LOWcontrollers/user.js202async function sendPasswordlessSignupLink(user, req) {
Slop Phrases1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMapp.js38 * This is a basic rate limiting configuration. You may want to adjust the settings