AhmedAliAbdAlMowla/quran-cairo-fm
https://github.com/AhmedAliAbdAlMowla/quran-cairo-fmScanned on Mar 29, 2026
AI Assessment
VERDICT
Based on automated scanner analysis, this repository is reasonably ready for production from a security and credentials perspective, but has notable gaps in dependency licensing compliance and code quality maintenance that should be addressed before wide distribution.
TOP RISKS
→ The scanner flagged restrictive LGPL-3.0-or-later and Apache-2.0 licenses across multiple Sharp image processing dependencies (detected in package-lock.json). These copyleft licenses may impose redistribution obligations on your project depending on how these libraries are used.
→ Code quality issues were detected across multiple file patterns: 17 instances of unused variables flagged, 16 formatting violations, 11 missing style rules, and 10 unused imports. These span the codebase but concentrate in build and configuration files.
→ No test suite was detected by the scanner, indicating gaps in test coverage verification.
→ Missing CI/CD configuration and CODEOWNERS file were flagged, which limits automated quality gates and code review accountability.
WHAT TO FIX FIRST
Review the LGPL-3.0-or-later license implications in package-lock.json for the Sharp image processing dependencies. This is the highest-impact finding because restrictive licenses can create legal compliance risk at distribution time. Verify whether your project's license is compatible with these dependencies or whether alternatives with permissive licenses exist.
Note: Some findings may be false positives. Verify the license compatibility assessment against your actual project's license and usage model before making changes.
Category Breakdown
Findings(79 in 12 groups)
Tip: 58 low-severity findings are style suggestions, not security risks.
A dependency (@img/sharp-libvips-darwin-arm64) uses a license with partial copyleft obligations. You may need to disclose modifications or include license notices.
The dependency @img/sharp-libvips-darwin-arm64 in package-lock.json uses a restrictive license. Fix it: 1. Check if you actually need this package — can you remove it? 2. Look for an alternative package with a permissive license (MIT, Apache-2.0, BSD) 3. Search npmjs.com or libraries.io for replacements with the same functionality 4. If you must keep it, consult a lawyer about your obligations under its license
A dependency (@img/sharp-win32-arm64) uses a license with partial copyleft obligations. You may need to disclose modifications or include license notices.
The dependency @img/sharp-win32-arm64 in package-lock.json uses a restrictive license. Fix it: 1. Check if you actually need this package — can you remove it? 2. Look for an alternative package with a permissive license (MIT, Apache-2.0, BSD) 3. Search npmjs.com or libraries.io for replacements with the same functionality 4. If you must keep it, consult a lawyer about your obligations under its license
A dependency (@img/sharp-wasm32) uses a license with partial copyleft obligations. You may need to disclose modifications or include license notices.
The dependency @img/sharp-wasm32 in package-lock.json uses a restrictive license. Fix it: 1. Check if you actually need this package — can you remove it? 2. Look for an alternative package with a permissive license (MIT, Apache-2.0, BSD) 3. Search npmjs.com or libraries.io for replacements with the same functionality 4. If you must keep it, consult a lawyer about your obligations under its license
A code quality issue was found. It may not be a security risk, but fixing it makes your code more reliable and easier to work with.
In your project, there's a code quality issue: "No Duplicate Properties". Please review and fix this according to best practices. The linter rule lint/suspicious/noDuplicateProperties this as a problem — look up the rule for guidance on the correct fix.
Your app has no automated tests. You won't know if a code change breaks something until real users complain. This is the #1 reason apps break after updates.
Your project has no test files. Add basic tests: 1. Install a test framework: npm install -D vitest (or jest) 2. Create a __tests__ folder or add .test.ts files next to your source files 3. Start by writing tests for your most important functions — the ones that handle money, auth, or user data 4. Add a "test" script to your package.json: "test": "vitest" 5. Run tests with: npm test
There's code that's not being used anywhere. It won't cause security issues but makes your app harder to understand and maintain.
In your project, there are unused variables or imports. Clean them up: 1. Remove any variables, functions, or imports that are highlighted as unused 2. If you plan to use them later, add a TODO comment explaining why they're there 3. Check if removing them causes any issues by running your app
A code quality issue was found. It may not be a security risk, but fixing it makes your code more reliable and easier to work with.
In your project, there's a code quality issue: "Format". Please review and fix this according to best practices. The linter rule format this as a problem — look up the rule for guidance on the correct fix.
A code quality issue was found. It may not be a security risk, but fixing it makes your code more reliable and easier to work with.
In your project, there's a code quality issue: "No Important Styles". Please review and fix this according to best practices. The linter rule lint/complexity/noImportantStyles this as a problem — look up the rule for guidance on the correct fix.
There's code that's not being used anywhere. It won't cause security issues but makes your app harder to understand and maintain.
In your project, there are unused variables or imports. Clean them up: 1. Remove any variables, functions, or imports that are highlighted as unused 2. If you plan to use them later, add a TODO comment explaining why they're there 3. Check if removing them causes any issues by running your app
A code quality issue was found. It may not be a security risk, but fixing it makes your code more reliable and easier to work with.
In your project, there's a code quality issue: "Organize Imports". Please review and fix this according to best practices. The linter rule assist/source/organizeImports this as a problem — look up the rule for guidance on the correct fix.
Share your ShipScanner
Show the world your code quality. Your report has a beautiful preview image built in.
Embed Trust Badge
Show your code quality score in your README. The badge updates automatically every time you re-scan.
[](https://shipscanner.dev/report/cmnbds6d0000bif04yd074bdb)