Node.Security

Security Audit of React

ISGroup SRL performed an automated Code Review (not a real Static Analysis, more a grep-on-steroid) of this NodeJS project in order to identify potential security vulnerabilities. We do not guarantee that all the findings are valid, and for sure there are plenty of false-positives and false-negatives (undetected issues) but it's free and your project could benefit from this security analisys. The following data is also available in JSON format!

Possible Security Issues
Issue Description Line File
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 98 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 108 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 261 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 302 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 510 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1529 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1532 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1541 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1545 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1599 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1646 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 1710 docs/js/codemirror.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 2425 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3424 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3577 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3598 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3610 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3649 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3777 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3780 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 3881 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4059 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4222 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4243 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 4258 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8213 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8270 docs/js/codemirror.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 8490 docs/js/codemirror.js
Key Hardcoded A hardcoded key in plain text was identified. 4042 docs/js/react.js
Key Hardcoded A hardcoded key in plain text was identified. 8017 docs/js/react.js
Key Hardcoded A hardcoded key in plain text was identified. 10620 docs/js/react.js
Key Hardcoded A hardcoded key in plain text was identified. 10730 docs/js/react.js
Key Hardcoded A hardcoded key in plain text was identified. 18149 docs/js/react.js
Key Hardcoded A hardcoded key in plain text was identified. 131 docs/_js/live_editor.js
Key Hardcoded A hardcoded key in plain text was identified. 141 docs/_js/live_editor.js
Server Side Injection(SSI) - eval() User controlled data in eval() can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 211 docs/_js/live_editor.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 214 docs/_js/live_editor.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 10 docs/_js/examples/timer.js
Key Hardcoded A hardcoded key in plain text was identified. 155 src/renderers/dom/client/ReactBrowserEventEmitter.js
Key Hardcoded A hardcoded key in plain text was identified. 78 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 79 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 85 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 86 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 92 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 98 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 99 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 105 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 106 src/renderers/dom/client/__tests__/ReactDOM-test.js
Key Hardcoded A hardcoded key in plain text was identified. 105 src/renderers/dom/client/__tests__/ReactMount-test.js
Key Hardcoded A hardcoded key in plain text was identified. 111 src/renderers/dom/client/__tests__/ReactMount-test.js
Key Hardcoded A hardcoded key in plain text was identified. 117 src/renderers/dom/client/__tests__/ReactMount-test.js
Key Hardcoded A hardcoded key in plain text was identified. 428 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 429 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 430 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 442 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 443 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 453 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 454 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 455 src/renderers/dom/client/wrappers/__tests__/ReactDOMSelect-test.js
Key Hardcoded A hardcoded key in plain text was identified. 28 src/renderers/dom/client/utils/getTextContentAccessor.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 467 src/renderers/dom/server/__tests__/ReactServerRendering-test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 493 src/renderers/dom/server/__tests__/ReactServerRendering-test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 519 src/renderers/dom/server/__tests__/ReactServerRendering-test.js
Key Hardcoded A hardcoded key in plain text was identified. 595 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 596 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 598 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 599 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 607 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 608 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 610 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 611 src/renderers/dom/shared/__tests__/ReactDOMComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 70 src/renderers/art/__tests__/ReactART-test.js
Key Hardcoded A hardcoded key in plain text was identified. 79 src/renderers/art/__tests__/ReactART-test.js
Key Hardcoded A hardcoded key in plain text was identified. 89 src/renderers/art/__tests__/ReactART-test.js
Key Hardcoded A hardcoded key in plain text was identified. 141 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 142 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 143 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 158 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 159 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 160 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 189 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 190 src/renderers/testing/__tests__/ReactTestRenderer-test.js
Key Hardcoded A hardcoded key in plain text was identified. 218 src/renderers/shared/__tests__/ReactPerf-test.js
Key Hardcoded A hardcoded key in plain text was identified. 220 src/renderers/shared/__tests__/ReactPerf-test.js
Key Hardcoded A hardcoded key in plain text was identified. 261 src/renderers/shared/__tests__/ReactPerf-test.js
Key Hardcoded A hardcoded key in plain text was identified. 262 src/renderers/shared/__tests__/ReactPerf-test.js
Key Hardcoded A hardcoded key in plain text was identified. 440 src/renderers/shared/stack/reconciler/__tests__/ReactUpdates-test.js
Key Hardcoded A hardcoded key in plain text was identified. 1095 src/renderers/shared/stack/reconciler/__tests__/ReactCompositeComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 1096 src/renderers/shared/stack/reconciler/__tests__/ReactCompositeComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 1102 src/renderers/shared/stack/reconciler/__tests__/ReactCompositeComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 1103 src/renderers/shared/stack/reconciler/__tests__/ReactCompositeComponent-test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 78 src/renderers/shared/stack/reconciler/__tests__/refs-destruction-test.js
Key Hardcoded A hardcoded key in plain text was identified. 61 src/renderers/shared/stack/reconciler/__tests__/ReactIdentity-test.js
Key Hardcoded A hardcoded key in plain text was identified. 65 src/renderers/shared/stack/reconciler/__tests__/ReactIdentity-test.js
Key Hardcoded A hardcoded key in plain text was identified. 242 src/renderers/shared/stack/reconciler/__tests__/ReactIdentity-test.js
Key Hardcoded A hardcoded key in plain text was identified. 243 src/renderers/shared/stack/reconciler/__tests__/ReactIdentity-test.js
Key Hardcoded A hardcoded key in plain text was identified. 264 src/renderers/shared/stack/reconciler/__tests__/ReactIdentity-test.js
Key Hardcoded A hardcoded key in plain text was identified. 37 src/renderers/shared/stack/reconciler/__tests__/ReactChildReconciler-test.js
Key Hardcoded A hardcoded key in plain text was identified. 54 src/renderers/shared/stack/reconciler/__tests__/ReactChildReconciler-test.js
Key Hardcoded A hardcoded key in plain text was identified. 144 src/renderers/shared/stack/reconciler/__tests__/ReactMultiChild-test.js
Key Hardcoded A hardcoded key in plain text was identified. 149 src/renderers/shared/stack/reconciler/__tests__/ReactMultiChild-test.js
Key Hardcoded A hardcoded key in plain text was identified. 179 src/renderers/shared/stack/reconciler/__tests__/ReactMultiChild-test.js
Key Hardcoded A hardcoded key in plain text was identified. 184 src/renderers/shared/stack/reconciler/__tests__/ReactMultiChild-test.js
Key Hardcoded A hardcoded key in plain text was identified. 287 src/renderers/shared/stack/reconciler/__tests__/ReactEmptyComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 288 src/renderers/shared/stack/reconciler/__tests__/ReactEmptyComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 289 src/renderers/shared/stack/reconciler/__tests__/ReactEmptyComponent-test.js
Key Hardcoded A hardcoded key in plain text was identified. 702 src/renderers/shared/hooks/__tests__/ReactHostOperationHistoryHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 706 src/renderers/shared/hooks/__tests__/ReactHostOperationHistoryHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 719 src/renderers/shared/hooks/__tests__/ReactHostOperationHistoryHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 723 src/renderers/shared/hooks/__tests__/ReactHostOperationHistoryHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 786 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.native.js
Key Hardcoded A hardcoded key in plain text was identified. 787 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.native.js
Key Hardcoded A hardcoded key in plain text was identified. 815 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.native.js
Key Hardcoded A hardcoded key in plain text was identified. 816 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.native.js
Key Hardcoded A hardcoded key in plain text was identified. 864 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 865 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 887 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.js
Key Hardcoded A hardcoded key in plain text was identified. 888 src/renderers/shared/hooks/__tests__/ReactComponentTreeHook-test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 97 src/addons/transitions/ReactCSSTransitionGroupChild.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 112 src/addons/transitions/ReactCSSTransitionGroupChild.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 55 src/addons/transitions/ReactTransitionEvents.js
Key Hardcoded A hardcoded key in plain text was identified. 304 src/addons/transitions/__tests__/ReactTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 24 src/addons/transitions/__tests__/ReactTransitionChildMapping-test.js
Key Hardcoded A hardcoded key in plain text was identified. 25 src/addons/transitions/__tests__/ReactTransitionChildMapping-test.js
Key Hardcoded A hardcoded key in plain text was identified. 26 src/addons/transitions/__tests__/ReactTransitionChildMapping-test.js
Key Hardcoded A hardcoded key in plain text was identified. 27 src/addons/transitions/__tests__/ReactTransitionChildMapping-test.js
Key Hardcoded A hardcoded key in plain text was identified. 42 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 59 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 74 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 88 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 96 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 116 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 123 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 138 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 148 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 158 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 186 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 213 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 233 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 246 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 247 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 263 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 287 src/addons/transitions/__tests__/ReactCSSTransitionGroup-test.js
Key Hardcoded A hardcoded key in plain text was identified. 30 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 41 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 56 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 64 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 71 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 80 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 101 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 114 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 116 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 118 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 121 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 125 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 169 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 170 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 171 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 172 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 176 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 178 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 180 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 181 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 188 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 190 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 247 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 248 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 249 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 250 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 254 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 255 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 258 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 293 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 334 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 362 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 369 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 371 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 373 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 389 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 391 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 393 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 394 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 430 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 431 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 439 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 440 src/isomorphic/children/__tests__/ReactChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 28 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 29 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 30 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 34 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 35 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 36 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 42 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 43 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 44 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 48 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 49 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 55 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 56 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 57 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 58 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 62 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 74 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 80 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 82 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 83 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 85 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 89 src/isomorphic/children/__tests__/sliceChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 217 src/isomorphic/classic/element/ReactElement.js
Key Hardcoded A hardcoded key in plain text was identified. 349 src/isomorphic/classic/element/ReactElement.js
Key Hardcoded A hardcoded key in plain text was identified. 197 src/isomorphic/classic/element/__tests__/ReactElementClone-test.js
Key Hardcoded A hardcoded key in plain text was identified. 274 src/isomorphic/classic/element/__tests__/ReactElementClone-test.js
Key Hardcoded A hardcoded key in plain text was identified. 72 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 73 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 74 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 102 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 103 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 104 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 122 src/isomorphic/classic/element/__tests__/ReactElement-test.js
Key Hardcoded A hardcoded key in plain text was identified. 111 src/isomorphic/modern/element/__tests__/ReactJSXElementValidator-test.js
Key Hardcoded A hardcoded key in plain text was identified. 79 src/isomorphic/modern/element/__tests__/ReactJSXElement-test.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 106 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 189 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 194 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - new Function() User controlled data in 'new Function()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 199 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5258 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 5821 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6263 src/shared/vendor/third_party/webcomponents.js
Server Side Injection(SSI) - setTimeout() User controlled data in 'setTimeout()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 6324 src/shared/vendor/third_party/webcomponents.js
Key Hardcoded A hardcoded key in plain text was identified. 39 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 94 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 96 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 98 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 137 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 138 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 139 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 170 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 173 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 196 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 198 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 200 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 201 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 232 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 238 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 244 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 250 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 256 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 257 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 488 src/shared/utils/__tests__/traverseAllChildren-test.js
Key Hardcoded A hardcoded key in plain text was identified. 489 src/shared/utils/__tests__/traverseAllChildren-test.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14 examples/basic-jsx-external/example.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 19 examples/basic-commonjs/index.js
Server Side Injection(SSI) - setInterval() User controlled data in 'setInterval()' can result in Server Side Injection (SSI) or Remote Code Execution (RCE). 14 examples/basic-jsx-precompile/example.js
Missing Security Features
Issue Description
Missing Security Header - X-Frame-Options (XFO) X-Frame-Options (XFO) header provides protection against Clickjacking attacks.
Missing Security Header - Content-Security-Policy (CSP) Content Security Policy (CSP), a mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS). CSP Header was not found.
Missing Security Header - Strict-Transport-Security (HSTS) Strict-Transport-Security (HSTS) header enforces secure (HTTP over SSL/TLS) connections to the server.
Missing 'httpOnly' in Cookie JavaScript can access Cookies if they are not marked httpOnly.
Infromation Disclosure - X-Powered-By Remove the X-Powered-By header to prevent information gathering.
Missing Security Header - X-Content-Type-Options X-Content-Type-Options header prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type.
Missing Security Header - X-Download-Options: noopen X-Download-Options header set to noopen prevents IE users from directly opening and executing downloads in your site's context.
Missing Security Header - X-XSS-Protection:1 X-XSS-Protection header set to 1 enables the Cross-site scripting (XSS) filter built into most recent web browsers.
Missing Security Header - Public-Key-Pins (HPKP) Public-Key-Pins (HPKP) ensures that certificate is Pinned.
Outdated Libraries
File Library Reference