Code Vulnerabilities Guide

Detects hardcoded API keys, tokens, and secrets in your codebase that could be exploited by attackers.

Finds test, debug, and mock API routes that should not exist in production.

Detects usage of dangerouslySetInnerHTML which can lead to Cross-Site Scripting attacks.

Checks if .env files are properly excluded from git to prevent credential exposure.

Finds form inputs without proper validation attributes that could be exploited.

Detects links with target="_blank" that are missing rel="noopener noreferrer".

Checks for proper metadata exports in Next.js pages and layouts.

Checks for OpenGraph configuration for social media previews.

Finds images without alt attributes, which hurts accessibility and SEO.

Detects excessive div usage and missing semantic HTML elements.

Checks for essential SEO files that help search engines crawl your site.

Detects if the site is using the default Next.js/Vercel favicon.

Finds console.log statements that should be removed before production.

Detects imports that are defined but never used in the file.

Finds TODO, FIXME, and HACK comments that indicate incomplete work.

Finds hex color codes used directly instead of design tokens or Tailwind classes.

Detects usage of the "any" type which disables TypeScript safety.

Finds React components that return null or empty fragments.