Skip to content

security: 166 Critical/High panic-attack findings need human triage (Track C) #83

Open
Open
security: 166 Critical/High panic-attack findings need human triage (Track C)#83
@hyperpolymath

Description

@hyperpolymath
hyperpolymath
opened on May 26, 2026

panic-attack estate sweep — Track C tracking issue

panic-attack assail flagged the findings below in this repo on 2026-05-26. They are aggregated here for human triage rather than as individual PRs because each requires judgement (supply-chain pin choice, schema-design call, mutation-test gap, etc.).

PA001/PA007 UnsafeCode/UnsafeFFI findings are NOT in this list. Findings already suppressed in audits/assail-classifications.a2ml are also excluded.

Estate tracker: hyperpolymath/panic-attack#32.

AtomExhaustion (1 findings)

file:line list
### `CommandInjection` (5 findings)
file:line list 
Critical  asdf-augmenters/asdf-security-plugin/lib/utils.bash:?  eval usage in asdf-augmenters/asdf-security-plugin/lib/utils.bash
Critical  asdf-augmenters/asdf-plugin-collection/plugins/security/lib/utils.bash:?  eval usage in asdf-augmenters/asdf-plugin-collection/plugins/security/lib/utils.bash
Critical  rescript-ecosystem/rescript-string-power/tests/validate_structure.sh:?  eval usage in rescript-ecosystem/rescript-string-power/tests/validate_structure.sh
Critical  rescript-ecosystem/packages/core/compiler-source/.devcontainer/postCreate.sh:?  eval usage in rescript-ecosystem/packages/core/compiler-source/.devcontainer/postCreate.sh
### `CryptoMisuse` (2 findings)
file:line list 
High  rescript-ecosystem/packages/core/compiler-source/cli/common/minisocket.js:?  crypto.createHash('sha1') in rescript-ecosystem/packages/core/compiler-source/cli/common/minisocket.js — use 'sha256' or stronger
### `DynamicCodeExecution` (14 findings)
file:line list 
Critical  rescript-ecosystem/rescript/tests/tests/src/bdd.mjs:?  eval() usage in rescript-ecosystem/rescript/tests/tests/src/bdd.mjs
Critical  rescript-ecosystem/rescript/analysis/examples/larger-project/src/res_core.js:?  eval() usage in rescript-ecosystem/rescript/analysis/examples/larger-project/src/res_core.js
Critical  rescript-ecosystem/rescript/analysis/examples/larger-project/src/res_js_ffi.js:?  eval() usage in rescript-ecosystem/rescript/analysis/examples/larger-project/src/res_js_ffi.js
Critical  rescript-ecosystem/rescript/.yarn/releases/yarn-4.12.0.cjs:?  eval() usage in rescript-ecosystem/rescript/.yarn/releases/yarn-4.12.0.cjs
High  rescript-ecosystem/rescript/.yarn/releases/yarn-4.12.0.cjs:?  DOM manipulation (innerHTML/document.write) in rescript-ecosystem/rescript/.yarn/releases/yarn-4.12.0.cjs
High  rescript-ecosystem/rescript-tea/src/tea/Tea_Render.res.js:?  DOM manipulation (innerHTML/document.write) in rescript-ecosystem/rescript-tea/src/tea/Tea_Render.res.js
High  rescript-ecosystem/rescript-tea/lib/bs/src/tea/Tea_Render.res.js:?  DOM manipulation (innerHTML/document.write) in rescript-ecosystem/rescript-tea/lib/bs/src/tea/Tea_Render.res.js
Critical  rescript-ecosystem/packages/core/compiler-source/tests/tests/src/bdd.mjs:?  eval() usage in rescript-ecosystem/packages/core/compiler-source/tests/tests/src/bdd.mjs
Critical  rescript-ecosystem/packages/core/compiler-source/analysis/examples/larger-project/src/res_core.js:?  eval() usage in rescript-ecosystem/packages/core/compiler-source/analysis/examples/larger-project/src/res_core.js
Critical  rescript-ecosystem/packages/core/compiler-source/analysis/examples/larger-project/src/res_js_ffi.js:?  eval() usage in rescript-ecosystem/packages/core/compiler-source/analysis/examples/larger-project/src/res_js_ffi.js
Critical  rescript-ecosystem/packages/core/compiler-source/.yarn/releases/yarn-4.12.0.cjs:?  eval() usage in rescript-ecosystem/packages/core/compiler-source/.yarn/releases/yarn-4.12.0.cjs
High  rescript-ecosystem/packages/core/compiler-source/.yarn/releases/yarn-4.12.0.cjs:?  DOM manipulation (innerHTML/document.write) in rescript-ecosystem/packages/core/compiler-source/.yarn/releases/yarn-4.12.0.cjs
High  rescript-ecosystem/packages/bindings/tauri/examples/opsm-shell/app.js:?  DOM manipulation (innerHTML/document.write) in rescript-ecosystem/packages/bindings/tauri/examples/opsm-shell/app.js
### `HardcodedSecret` (11 findings)
file:line list 
Critical  v-ecosystem/v-api-interfaces/v-vpn/src/vpn.v:?  Possible hardcoded secret in v-ecosystem/v-api-interfaces/v-vpn/src/vpn.v
Critical  rescript-ecosystem/idaptik-rescript13-staging/src/app/tools/PasswordCracker.res:?  Possible hardcoded secret in rescript-ecosystem/idaptik-rescript13-staging/src/app/tools/PasswordCracker.res
Critical  rescript-ecosystem/idaptik-rescript13-staging/src/app/devices/GlobalNetworkData.res:?  Possible hardcoded secret in rescript-ecosystem/idaptik-rescript13-staging/src/app/devices/GlobalNetworkData.res
Critical  rescript-ecosystem/rescript/tests/syntax_tests/data/idempotency/wildcards-world-ui/Config.res:?  Possible hardcoded secret in rescript-ecosystem/rescript/tests/syntax_tests/data/idempotency/wildcards-world-ui/Config.res
Critical  rescript-ecosystem/rescript/.yarn/releases/yarn-4.12.0.cjs:?  Possible hardcoded secret in rescript-ecosystem/rescript/.yarn/releases/yarn-4.12.0.cjs
Critical  rescript-ecosystem/packages/core/compiler-source/tests/syntax_tests/data/idempotency/wildcards-world-ui/Config.res:?  Possible hardcoded secret in rescript-ecosystem/packages/core/compiler-source/tests/syntax_tests/data/idempotency/wildcards-world-
Critical  rescript-ecosystem/packages/core/compiler-source/scripts/npmRelease.js:?  Possible hardcoded secret in rescript-ecosystem/packages/core/compiler-source/scripts/npmRelease.js
Critical  rescript-ecosystem/packages/core/compiler-source/.yarn/releases/yarn-4.12.0.cjs:?  Possible hardcoded secret in rescript-ecosystem/packages/core/compiler-source/.yarn/releases/yarn-4.12.0.cjs
Critical  rescript-ecosystem/packages/bindings/openapi/src/codegen/client.rs:?  Possible hardcoded secret in rescript-ecosystem/packages/bindings/openapi/src/codegen/client.rs
Critical  scaffoldia/registry/elixir/phoenix-service.ncl:?  Possible hardcoded secret in scaffoldia/registry/elixir/phoenix-service.ncl
### `SupplyChain` (45 findings)
file:line list 
High  v-ecosystem/v-grpc/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-g
High  v-ecosystem/v_api_interfaces/v_rest/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v_a
High  v-ecosystem/v_api_interfaces/v_grpc/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v_a
High  v-ecosystem/v_api_interfaces/v_graphql/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v_a
High  v-ecosystem/v-validator/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-v
High  v-ecosystem/v-middleware/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-m
High  v-ecosystem/v-telemetry/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-t
High  v-ecosystem/v-rest/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-r
High  v-ecosystem/v-benchmarks/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-b
High  v-ecosystem/v-graphql/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-g
High  v-ecosystem/v-idris-abi/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-i
High  v-ecosystem/v-zig-ffi/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in v-ecosystem/v-z
High  affinescript-ecosystem/rattlescript/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in affinescript-ec
High  affinescript-ecosystem/affinescript-vite/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in affinescript-ec
High  affinescript-ecosystem/affinescriptiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in affinescript-ec
High  aggregate-library/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in aggregate-libra
High  rescript-ecosystem/idaptik-rescript13-staging/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in rescript-ecosys
High  rescript-ecosystem/rescript-evangeliser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in rescript-ecosys
High  rescript-ecosystem/rescript-vite/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in rescript-ecosys
High  rescript-ecosystem/rescript-tea/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in rescript-ecosys
High  czech-file-knife/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in czech-file-knif
High  iser-tools/idrisiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/idri
High  iser-tools/lustreiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/lust
High  iser-tools/otpiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/otpi
High  iser-tools/anvomidaviser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/anvo
High  iser-tools/halideiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/hali
High  iser-tools/wokelangiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/woke
High  iser-tools/bqniser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/bqni
High  iser-tools/oblibeniser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/obli
High  iser-tools/betlangiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/betl
High  iser-tools/mylangiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/myla
High  iser-tools/atsiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/atsi
High  iser-tools/ponyiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/pony
High  iser-tools/phronesiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/phro
High  iser-tools/ephapaxiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/epha
High  iser-tools/dafniser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/dafn
High  iser-tools/futharkiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/futh
High  iser-tools/julianiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/juli
High  iser-tools/nimiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/nimi
High  iser-tools/iseriser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/iser
High  iser-tools/tlaiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/tlai
High  iser-tools/alloyiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/allo
High  iser-tools/eclexiaiser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/ecle
High  iser-tools/chapeliser/flake.nix:?  flake.nix declares inputs without narHash, rev pinning, or sibling flake.lock — dependency revision is unpinned in iser-tools/chap
### `UnboundedAllocation` (52 findings)
file:line list 
Critical  affinescript-ecosystem/rattlescript/affinescript/tools/affine-pkg/src/lockfile.rs:?  Potential unbounded allocation pattern detected in affinescript-ecosystem/rattlescript/affinescript/tools/affine-pkg/src/lockfile.
Critical  affinescript-ecosystem/rattlescript/affinescript/tools/affine-pkg/src/manifest.rs:?  Potential unbounded allocation pattern detected in affinescript-ecosystem/rattlescript/affinescript/tools/affine-pkg/src/manifest.
Critical  affinescript-ecosystem/rattlescript/affinescript/tools/affine-pkg/src/config.rs:?  Potential unbounded allocation pattern detected in affinescript-ecosystem/rattlescript/affinescript/tools/affine-pkg/src/config.rs
Critical  affinescript-ecosystem/affinescriptiser/src/codegen/parser.rs:?  Potential unbounded allocation pattern detected in affinescript-ecosystem/affinescriptiser/src/codegen/parser.rs
Critical  asdf-augmenters/asdf-plugin-configurator/src/config.rs:?  Potential unbounded allocation pattern detected in asdf-augmenters/asdf-plugin-configurator/src/config.rs
Critical  rescript-ecosystem/idaptik-rescript13-staging/idaptik-ums/src-gossamer/main.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/idaptik-rescript13-staging/idaptik-ums/src-gossamer/main.rs
Critical  rescript-ecosystem/rescript-string-power/tools/string-union-gen/src/main.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/rescript-string-power/tools/string-union-gen/src/main.rs
Critical  rescript-ecosystem/rescript/rewatch/src/helpers.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/rescript/rewatch/src/helpers.rs
Critical  rescript-ecosystem/rescript/rewatch/src/format.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/rescript/rewatch/src/format.rs
Critical  rescript-ecosystem/rescript/rewatch/src/config.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/rescript/rewatch/src/config.rs
Critical  rescript-ecosystem/rescript/rewatch/src/lock.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/rescript/rewatch/src/lock.rs
Critical  rescript-ecosystem/packages/core/compiler-source/rewatch/src/helpers.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/core/compiler-source/rewatch/src/helpers.rs
Critical  rescript-ecosystem/packages/core/compiler-source/rewatch/src/format.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/core/compiler-source/rewatch/src/format.rs
Critical  rescript-ecosystem/packages/core/compiler-source/rewatch/src/config.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/core/compiler-source/rewatch/src/config.rs
Critical  rescript-ecosystem/packages/core/compiler-source/rewatch/src/lock.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/core/compiler-source/rewatch/src/lock.rs
Critical  rescript-ecosystem/packages/bindings/openapi/src/parser.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/bindings/openapi/src/parser.rs
Critical  rescript-ecosystem/packages/bindings/openapi/src/codegen/mod.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/bindings/openapi/src/codegen/mod.rs
Critical  rescript-ecosystem/packages/bindings/grpc/protoc-gen-rescript/src/main.rs:?  Potential unbounded allocation pattern detected in rescript-ecosystem/packages/bindings/grpc/protoc-gen-rescript/src/main.rs
Critical  czech-file-knife/cfk-providers/src/local.rs:?  Potential unbounded allocation pattern detected in czech-file-knife/cfk-providers/src/local.rs
Critical  czech-file-knife/cfk-ios/src/domain.rs:?  Potential unbounded allocation pattern detected in czech-file-knife/cfk-ios/src/domain.rs
Critical  iser-tools/idrisiser/src/codegen/parser.rs:?  Potential unbounded allocation pattern detected in iser-tools/idrisiser/src/codegen/parser.rs
Critical  iser-tools/idrisiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/idrisiser/src/manifest/mod.rs
Critical  iser-tools/lustreiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/lustreiser/src/manifest/mod.rs
Critical  iser-tools/otpiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/otpiser/src/manifest/mod.rs
Critical  iser-tools/anvomidaviser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/anvomidaviser/src/manifest/mod.rs
Critical  iser-tools/halideiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/halideiser/src/manifest/mod.rs
Critical  iser-tools/wokelangiser/src/codegen/parser.rs:?  Potential unbounded allocation pattern detected in iser-tools/wokelangiser/src/codegen/parser.rs
Critical  iser-tools/wokelangiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/wokelangiser/src/manifest/mod.rs
Critical  iser-tools/bqniser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/bqniser/src/manifest/mod.rs
Critical  iser-tools/oblibeniser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/oblibeniser/src/manifest/mod.rs
Critical  iser-tools/betlangiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/betlangiser/src/manifest/mod.rs
Critical  iser-tools/mylangiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/mylangiser/src/manifest/mod.rs
Critical  iser-tools/atsiser/src/codegen/parser.rs:?  Potential unbounded allocation pattern detected in iser-tools/atsiser/src/codegen/parser.rs
Critical  iser-tools/atsiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/atsiser/src/manifest/mod.rs
Critical  iser-tools/ponyiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/ponyiser/src/manifest/mod.rs
Critical  iser-tools/phronesiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/phronesiser/src/manifest/mod.rs
Critical  iser-tools/ephapaxiser/src/codegen/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/ephapaxiser/src/codegen/mod.rs
Critical  iser-tools/ephapaxiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/ephapaxiser/src/manifest/mod.rs
Critical  iser-tools/dafniser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/dafniser/src/manifest/mod.rs
Critical  iser-tools/futharkiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/futharkiser/src/manifest/mod.rs
Critical  iser-tools/julianiser/src/codegen/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/julianiser/src/codegen/mod.rs
Critical  iser-tools/julianiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/julianiser/src/manifest/mod.rs
Critical  iser-tools/nimiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/nimiser/src/manifest/mod.rs
Critical  iser-tools/iseriser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/iseriser/src/manifest/mod.rs
Critical  iser-tools/iseriser/src/scan/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/iseriser/src/scan/mod.rs
Critical  iser-tools/tlaiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/tlaiser/src/manifest/mod.rs
Critical  iser-tools/alloyiser/src/codegen/parser.rs:?  Potential unbounded allocation pattern detected in iser-tools/alloyiser/src/codegen/parser.rs
Critical  iser-tools/alloyiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/alloyiser/src/manifest/mod.rs
Critical  iser-tools/eclexiaiser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/eclexiaiser/src/manifest/mod.rs
Critical  iser-tools/chapeliser/src/codegen/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/chapeliser/src/codegen/mod.rs
Critical  iser-tools/chapeliser/src/manifest/mod.rs:?  Potential unbounded allocation pattern detected in iser-tools/chapeliser/src/manifest/mod.rs
### `UncheckedAllocation` (1 findings)
file:line list
### `UnsafeDeserialization` (21 findings)
file:line list 
High  rescript-ecosystem/idaptik-rescript13-staging/src/engine/utils/Storage.res:?  1 JSON.parseExn calls in rescript-ecosystem/idaptik-rescript13-staging/src/engine/utils/Storage.res (use JSON.parse for safe Resul
High  rescript-ecosystem/idaptik-rescript13-staging/src/shared/DLCLoader.res:?  1 JSON.parseExn calls in rescript-ecosystem/idaptik-rescript13-staging/src/shared/DLCLoader.res (use JSON.parse for safe Result)
High  rescript-ecosystem/idaptik-rescript13-staging/src/shared/UmsLevelLoader.res:?  1 JSON.parseExn calls in rescript-ecosystem/idaptik-rescript13-staging/src/shared/UmsLevelLoader.res (use JSON.parse for safe Resu
Critical  rescript-ecosystem/rescript/analysis/src/Cache.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/rescript/analysis/src/Cache.ml
Critical  rescript-ecosystem/rescript/analysis/reanalyze/src/ReanalyzeServer.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/rescript/analysis/reanalyze/src/ReanalyzeServer.ml
Critical  rescript-ecosystem/rescript/compiler/ext/ext_marshal.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/rescript/compiler/ext/ext_marshal.ml
Critical  rescript-ecosystem/rescript/compiler/core/js_cmj_format.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/rescript/compiler/core/js_cmj_format.ml
High  rescript-ecosystem/rescript-tea/src/tea/Tea_Json.res:?  1 JSON.parseExn calls in rescript-ecosystem/rescript-tea/src/tea/Tea_Json.res (use JSON.parse for safe Result)
High  rescript-ecosystem/rescript-tea/lib/bs/src/tea/Tea_Json.res:?  1 JSON.parseExn calls in rescript-ecosystem/rescript-tea/lib/bs/src/tea/Tea_Json.res (use JSON.parse for safe Result)
High  rescript-ecosystem/rescript-tea/lib/ocaml/Tea_Json.res:?  1 JSON.parseExn calls in rescript-ecosystem/rescript-tea/lib/ocaml/Tea_Json.res (use JSON.parse for safe Result)
High  rescript-ecosystem/packages/web/tea/src/Tea_Json.res:?  1 JSON.parseExn calls in rescript-ecosystem/packages/web/tea/src/Tea_Json.res (use JSON.parse for safe Result)
Critical  rescript-ecosystem/packages/core/compiler-source/analysis/src/Cache.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/packages/core/compiler-source/analysis/src/Cache.ml
Critical  rescript-ecosystem/packages/core/compiler-source/analysis/reanalyze/src/ReanalyzeServer.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/packages/core/compiler-source/analysis/reanalyze/src/ReanalyzeServer.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/ext/ext_marshal.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/packages/core/compiler-source/compiler/ext/ext_marshal.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/core/js_cmj_format.ml:?  Unsafe Marshal deserialization in rescript-ecosystem/packages/core/compiler-source/compiler/core/js_cmj_format.ml
High  rescript-ecosystem/packages/bindings/redis/src/Redis.res:?  1 JSON.parseExn calls in rescript-ecosystem/packages/bindings/redis/src/Redis.res (use JSON.parse for safe Result)
High  rescript-ecosystem/packages/bindings/redis/examples/basic_usage.res:?  1 JSON.parseExn calls in rescript-ecosystem/packages/bindings/redis/examples/basic_usage.res (use JSON.parse for safe Result)
High  rescript-ecosystem/packages/bindings/gossamer/src/bindings/Gossamer_Fs.res:?  1 JSON.parseExn calls in rescript-ecosystem/packages/bindings/gossamer/src/bindings/Gossamer_Fs.res (use JSON.parse for safe Resul
High  rescript-ecosystem/packages/bindings/tauri/src/bindings/Tauri_Fs.res:?  1 JSON.parseExn calls in rescript-ecosystem/packages/bindings/tauri/src/bindings/Tauri_Fs.res (use JSON.parse for safe Result)
High  deno-ecosystem/projects/deno-bunbridge/src/BunFile.res:?  1 JSON.parseExn calls in deno-ecosystem/projects/deno-bunbridge/src/BunFile.res (use JSON.parse for safe Result)
### `UnsafeTypeCoercion` (14 findings)
file:line list 
Critical  rescript-ecosystem/rescript/compiler/frontend/external_ffi_types.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/rescript/compiler/frontend/external_ffi_types.ml
Critical  rescript-ecosystem/rescript/compiler/ml/typedecl.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/rescript/compiler/ml/typedecl.ml
Critical  rescript-ecosystem/rescript/compiler/ml/ast_untagged_variants.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/rescript/compiler/ml/ast_untagged_variants.ml
Critical  rescript-ecosystem/rescript/compiler/ml/ctype.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/rescript/compiler/ml/ctype.ml
Critical  rescript-ecosystem/rescript/compiler/core/lam_compile.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/rescript/compiler/core/lam_compile.ml
Critical  rescript-ecosystem/rescript/compiler/core/lam.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/rescript/compiler/core/lam.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/ext/ext_obj.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/ext/ext_obj.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/frontend/external_ffi_types.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/frontend/external_ffi_types.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/ml/typedecl.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/ml/typedecl.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/ml/ast_untagged_variants.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/ml/ast_untagged_variants.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/ml/ctype.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/ml/ctype.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/core/lam_compile.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/core/lam_compile.ml
Critical  rescript-ecosystem/packages/core/compiler-source/compiler/core/lam.ml:?  Obj.magic (unsafe type coercion) in rescript-ecosystem/packages/core/compiler-source/compiler/core/lam.ml

🤖 Discovered during the panic-attack estate sweep (2026-05-26). See hyperpolymath/panic-attack#32 for campaign tracker.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions