mihilmy/fixmywording

https://github.com/mihilmy/fixmywording

Scanned on Mar 18, 2026

7 Medium
18 Low

AI Assessment

VERDICT

Based on automated scanner findings, this project is not production-ready. While security scanning found no vulnerabilities, the codebase has dependency vulnerabilities, missing essential project files, code quality issues, and no test coverage.

TOP RISKS

→ CVE-2026-25727 detected in time@0.3.39 dependency (src-tauri/Cargo.lock). Scanner flagged a known vulnerability in a transitive or direct dependency that requires updating.

→ GHSA-wrw7-89jp-8q8g flagged in glib@0.18.5 dependency (src-tauri/Cargo.lock). Another medium-severity dependency vulnerability was detected in the Cargo.lock file.

→ No LICENSE file detected. The project lacks a license declaration, which is critical for open-source distribution and legal clarity.

→ No tests detected in the codebase. Complete absence of test coverage creates risk for regression and maintenance.

→ High cyclomatic complexity flagged in two functions: run function in src-tauri/src/lib.rs (line 36) with CCN 15, and a function in src-tauri/src/hotkey.rs (line 114). Both indicate overly complex control flow.

WHAT TO FIX FIRST

Update the time dependency in src-tauri/Cargo.lock to address CVE-2026-25727. This is a concrete, verifiable fix that will immediately improve the security score and remove a known vulnerability.

Secondary priority: Add a LICENSE file and establish basic test infrastructure to address the two medium-severity best practices gaps.

Verify the flagged complexity issues in lib.rs and hotkey.rs against your actual code—these may be false positives depending on implementation details.

fix-prompt.md

Category Breakdown

Security0%Secrets & Credentials0%Dependencies0%Code Quality0%Best Practices0%
300/300
Security
200/200
Secrets & Credentials
139/150
Dependencies2 findings
92/100
Code Quality17 findings
87/100
Best Practices6 findings

Findings(25 in 14 groups)

Biome rule: lint/a11y/noSvgWithoutTitle

Affected files

unknown
unknown
unknown

Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter` | Fix available: 0.20.0 | Package: glib (cargo) | https://github.com/advisories/GHSA-wrw7-89jp-8q8g

Affected files

src-tauri/Cargo.lock

time: time affected by a stack exhaustion denial of service attack | Fix available: 0.3.47 | Package: time (cargo) | https://avd.aquasec.com/nvd/cve-2026-25727

Affected files

src-tauri/Cargo.lock

This repository has no LICENSE file. Without a license, the code is technically all-rights-reserved by default, which prevents others from using it.

Affected files

unknown

No test directory or test files were found. Automated tests are critical for maintaining code quality and preventing regressions.

Affected files

unknown

Biome rule: format

Affected files

unknown
unknown
unknown
unknown
unknown
unknown
unknown
unknown

Function "run" has a cyclomatic complexity of 15 (94 lines, 0 parameters). Consider simplifying this function to improve readability and testability.

Affected files

src-tauri/src/lib.rsL36
src-tauri/src/hotkey.rsL114

Biome rule: lint/style/useTemplate

Affected files

unknown
unknown

Duplicate found between src-tauri/src/hotkey.rs:102 and src-tauri/src/hotkey.rs:85. Consider extracting shared logic into a reusable function or module.

Affected files

src-tauri/src/hotkey.rsL102

No CI/CD configuration was found (GitHub Actions, GitLab CI, CircleCI, etc.). Continuous integration helps catch issues before they reach production.

Affected files

unknown

Share your ShipScanner

Show the world your code quality. Your report has a beautiful preview image built in.

LinkedInTwitter / X

Embed Trust Badge

Show your code quality score in your README. The badge updates automatically every time you re-scan.

README.md
ShipScanner: B 633
[![ShipScanner: B 633](https://shipscanner.dev/api/badge/cmmw75b6q0001jx04y207xrn0)](https://shipscanner.dev/report/cmmw75b6q0001jx04y207xrn0)