Mostly safe — a couple of notes worth reading.
Scanned 5/7/2026, 5:18:42 AM·Cached result·Fast Scan·45 rules·View source ↗·How we decide ↗
AIVSS Score
Low
Severity Breakdown
0
critical
0
high
12
medium
24
low
MCP Server Information
Findings
This package earns a B grade with a safety score of 77/100 but has 12 medium-severity issues primarily around readiness gaps and potential resource exhaustion vulnerabilities. The 24 low-severity findings include 4 cases of ANSI escape injection risk, which could allow output manipulation in certain contexts. While no critical or high-severity flaws were detected, you should address the readiness issues and resource exhaustion concerns before deploying this to production.
No known CVEs found for this package or its dependencies.
Scan Details
Want deeper analysis?
Fast scan found 36 findings using rule-based analysis. Upgrade for LLM consensus across 5 judges, AI-generated remediation, and cross-file taint analysis.
Building your own MCP server?
Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.
Showing 1–30 of 36 findings
36 findings
User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.
Evidence
| 94 | console.error(`\nFAIL: ${failures} check(s) failed`); |
| 95 | process.exit(1); |
| 96 | } else { |
| 97 | console.log("\nPASS: Plugin registers service, commands, and event handlers correctly"); |
| 98 | } |
Remediation
Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.
User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.
Evidence
| 76 | const expectedEvents = ["before_agent_start", "tool_result_persist", "agent_end", "gateway_start"]; |
| 77 | for (const event of expectedEvents) { |
| 78 | if (!eventHandlers.has(event) || eventHandlers.get(event).length === 0) { |
| 79 | console.error(`FAIL: No handler registered for '${event}'`); |
| 80 | failures++; |
| 81 | } else { |
| 82 | console.log(`OK: Event handler registered for '${event}'`); |
Remediation
Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.
User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.
Evidence
| 79 | Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let i of t.seen.entries()){let a=i[1];if(e===i[0]){s(i);continue}if(t.external){let u=t.external.registry.get(i[0])?.id;if(e!==i[0]&&u){s(i);continue}}if(t.metadataRegistry.get(i[0])?.id){s(i);continue}if(a.cycle){s(i);continue}if(a.count>1&&t.reused==="ref"){s(i);continue}}}function gi(t,e){let r=t.seen.get(e);if(!r)throw new Error("Unprocessed schema. This is a bug in Zod.");let n=a=>{let c=t.seen.get(a);if( |
Remediation
Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.
User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.
Evidence
| 79 | console.error(`FAIL: No handler registered for '${event}'`); |
| 80 | failures++; |
| 81 | } else { |
| 82 | console.log(`OK: Event handler registered for '${event}'`); |
| 83 | } |
| 84 | } |
Remediation
Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 357 | ): Promise<string | null> { |
| 358 | if (!circuitAllow(logger)) return null; |
| 359 | try { |
| 360 | const response = await fetch(`${workerBaseUrl(port)}${path}`); |
| 361 | if (!response.ok) { |
| 362 | circuitOnFailure(logger); |
| 363 | logger.warn(`[claude-mem] Worker GET ${path} returned ${response.status}`); |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 9 | `).replace(Sy,"")}function i0(e,t){return t=hd(t),hd(e)===t}function te(e,t,l,n,a,u){switch(l){case"children":typeof n=="string"?t==="body"||t==="textarea"&&n===""||va(e,n):(typeof n=="number"||typeof n=="bigint")&&t!=="body"&&va(e,""+n);break;case"className":gi(e,"class",n);break;case"tabIndex":gi(e,"tabindex",n);break;case"dir":case"role":case"viewBox":case"width":case"height":gi(e,l,n);break;case"style":np(e,n,u);break;case"data":if(t!=="object"){gi(e,"data",n);break}case"src":case"href":if(n |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 8 | `+n.stack}}var oo=Object.prototype.hasOwnProperty,es=xe.unstable_scheduleCallback,Oc=xe.unstable_cancelCallback,x1=xe.unstable_shouldYield,z1=xe.unstable_requestPaint,vt=xe.unstable_now,H1=xe.unstable_getCurrentPriorityLevel,Xd=xe.unstable_ImmediatePriority,kd=xe.unstable_UserBlockingPriority,Ki=xe.unstable_NormalPriority,w1=xe.unstable_LowPriority,Vd=xe.unstable_IdlePriority,q1=xe.log,R1=xe.unstable_setDisableYieldValue,qu=null,yt=null;function Rl(e){if(typeof q1=="function"&&R1(e),yt&&typeof y |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 79 | Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let i of t.seen.entries()){let a=i[1];if(e===i[0]){s(i);continue}if(t.external){let u=t.external.registry.get(i[0])?.id;if(e!==i[0]&&u){s(i);continue}}if(t.metadataRegistry.get(i[0])?.id){s(i);continue}if(a.cycle){s(i);continue}if(a.count>1&&t.reused==="ref"){s(i);continue}}}function gi(t,e){let r=t.seen.get(e);if(!r)throw new Error("Unprocessed schema. This is a bug in Zod.");let n=a=>{let c=t.seen.get(a);if( |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 497 | setConnectionState("reconnecting"); |
| 498 | api.logger.info(`[claude-mem] Connecting to SSE stream at ${workerBaseUrl(port)}/stream`); |
| 499 | |
| 500 | const response = await fetch(`${workerBaseUrl(port)}/stream`, { |
| 501 | signal: abortController.signal, |
| 502 | headers: { Accept: "text/event-stream" }, |
| 503 | }); |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 330 | logger: PluginLogger |
| 331 | ): void { |
| 332 | if (!circuitAllow(logger)) return; |
| 333 | fetch(`${workerBaseUrl(port)}${path}`, { |
| 334 | method: "POST", |
| 335 | headers: { "Content-Type": "application/json" }, |
| 336 | body: JSON.stringify(body), |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 301 | ): Promise<Record<string, unknown> | null> { |
| 302 | if (!circuitAllow(logger)) return null; |
| 303 | try { |
| 304 | const response = await fetch(`${workerBaseUrl(port)}${path}`, { |
| 305 | method: "POST", |
| 306 | headers: { "Content-Type": "application/json" }, |
| 307 | body: JSON.stringify(body), |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 232 | \`get_observations(ids=[...])\` # ALWAYS batch for 2+ items |
| 233 | Returns: Complete details (~500-1000 tokens/result) |
| 234 | |
| 235 | **Why:** 10x token savings. Never fetch full details without filtering first.`}]})},{name:"search",description:"Step 1: Search memory. Returns index with IDs. Params: query, limit, project, type, obs_type, dateStart, dateEnd, offset, orderBy",inputSchema:{type:"object",properties:{query:{type:"string",description:"Search query"},limit:{type:"number",description:"Max results (defau |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 16 | `)}debug(e,r,n,o){this.log(0,e,r,n,o)}info(e,r,n,o){this.log(1,e,r,n,o)}warn(e,r,n,o){this.log(2,e,r,n,o)}error(e,r,n,o){this.log(3,e,r,n,o)}dataIn(e,r,n,o){this.info(e,`\u2192 ${r}`,n,o)}dataOut(e,r,n,o){this.info(e,`\u2190 ${r}`,n,o)}success(e,r,n,o){this.info(e,`\u2713 ${r}`,n,o)}failure(e,r,n,o){this.error(e,`\u2717 ${r}`,n,o)}timing(e,r,n,o){this.info(e,`\u23F1 ${r}`,o,{duration:`${n}ms`})}happyPathError(e,r,n,o,s=""){let u=((new Error().stack||"").split(` |
| 17 | `)[2]||"").match(/at\s+(?:.*\s+)?\ |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 538 | req.on("data", (chunk) => { body += chunk.toString(); }); |
| 539 | req.on("end", () => { |
| 540 | let parsedBody: any = null; |
| 541 | try { parsedBody = JSON.parse(body); } catch {} |
| 542 | |
| 543 | receivedRequests.push({ |
| 544 | method: req.method || "GET", |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 187 | } |
| 188 | |
| 189 | try { child.stdin.end(); } catch {} |
| 190 | try { child.kill(); } catch {} |
| 191 | process.exit(0); |
| 192 | } |
| 193 | } |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 581 | const paths = c?.plugins?.load?.paths || []; |
| 582 | const p = paths.find(p => p.endsWith('/claude-mem')); |
| 583 | if (p) console.log(p); |
| 584 | } catch {} |
| 585 | " 2>/dev/null)" || true |
| 586 | if [[ -n "$load_path" ]]; then |
| 587 | echo "$load_path" |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 6 | || ${i} === "boolean" || ${o} === null`).assign(a,(0,I._)`[${o}]`)}}}function Bb({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,I._)`${e} !== undefined`,()=>t.assign((0,I._)`${e}[${r}]`,n))}function ma(t,e,r,n=gr.Correct){let o=n===gr.Correct?I.operators.EQ:I.operators.NEQ,s;switch(t){case"null":return(0,I._)`${e} ${o} null`;case"array":s=(0,I._)`Array.isArray(${e})`;break;case"object":s=(0,I._)`${e} && typeof ${e} == "object" && !Array.isArray(${e})`;break;case"integer":s=i((0,I._)`!(${e} |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 797 | for (const res of serverResponses) { |
| 798 | try { |
| 799 | res.end(); |
| 800 | } catch {} |
| 801 | } |
| 802 | server?.close(); |
| 803 | }); |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 2 | import{existsSync as w,readFileSync as rt,writeFileSync as nt,unlinkSync as st,mkdirSync as $}from"fs";import{createWriteStream as ot}from"fs";import{join as S}from"path";import{spawn as it,spawnSync as at}from"child_process";import{homedir as ct}from"os";import{join as E,dirname as q,basename as Lt}from"path";import{homedir as z}from"os";import{fileURLToPath as Q}from"url";import{readFileSync as V,writeFileSync as j,existsSync as X}from"fs";import{join as Y}from"path";import{homedir as J}from"o |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 77 | `)}f.write("payload.value = newResult;"),f.write("return payload;");let w=f.compile();return(v,x)=>w(p,v,x)},s,i=Zt,a=!rr.jitless,u=a&&js.value,l=e.catchall,d;t._zod.parse=(p,f)=>{d??(d=n.value);let m=p.value;return i(m)?a&&u&&f?.async===!1&&f.jitless!==!0?(s||(s=o(e.shape)),p=s(p,f),l?ad([],m,p,f,d,t):p):r(p,f):(p.issues.push({expected:"object",code:"invalid_type",input:m,inst:t}),p)}});function El(t,e,r,n){for(let s of t)if(s.issues.length===0)return e.value=s.value,e;let o=t.filter(s=>!kt(s)) |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 1591 | local file_pid |
| 1592 | file_pid="$(INSTALLER_PID_FILE="$pid_file" node -e " |
| 1593 | try { process.stdout.write(String(JSON.parse(require('fs').readFileSync(process.env.INSTALLER_PID_FILE, 'utf8')).pid || '')); } |
| 1594 | catch(e) {} |
| 1595 | " 2>/dev/null)" || true |
| 1596 | if [[ -n "$file_pid" ]]; then |
| 1597 | kill "$file_pid" 2>/dev/null || true |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 1 | "use strict";(()=>{var e1=Object.create;var Hf=Object.defineProperty;var t1=Object.getOwnPropertyDescriptor;var l1=Object.getOwnPropertyNames;var n1=Object.getPrototypeOf,a1=Object.prototype.hasOwnProperty;var je=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var u1=(e,t,l,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of l1(t))!a1.call(e,a)&&a!==l&&Hf(e,a,{get:()=>t[a],enumerable:!(n=t1(t,a))||n.enumerable});return e};var ce=(e,t,l)=>(l=e!=null?e1(n1(e)):{},u1(t||!e||!e. |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 1 | "use strict";(()=>{var e1=Object.create;var Hf=Object.defineProperty;var t1=Object.getOwnPropertyDescriptor;var l1=Object.getOwnPropertyNames;var n1=Object.getPrototypeOf,a1=Object.prototype.hasOwnProperty;var je=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports);var u1=(e,t,l,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let a of l1(t))!a1.call(e,a)&&a!==l&&Hf(e,a,{get:()=>t[a],enumerable:!(n=t1(t,a))||n.enumerable});return e};var ce=(e,t,l)=>(l=e!=null?e1(n1(e)):{},u1(t||!e||!e. |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 194 | (class_definition name: (identifier) @name) @cls |
| 195 | (import_statement) @imp |
| 196 | (import_declaration) @imp |
| 197 | `};function kx(t){switch(t){case"javascript":case"typescript":case"tsx":return"jsts";case"python":return"python";case"go":return"go";case"rust":return"rust";case"ruby":return"ruby";case"java":return"java";case"kotlin":return"kotlin";case"swift":return"swift";case"php":return"php";case"elixir":return"generic";case"lua":return"lua";case"scala":return"scala";case"bash":return"bash";case"haskell":retur |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 9 | 2. Verify port ${e} is not in use: netstat -ano | findstr ${e} |
| 10 | 3. Check worker logs in ~/.claude-mem/logs/ |
| 11 | 4. See GitHub issues: #363, #367, #371, #373 |
| 12 | 5. Docs: https://docs.claude-mem.ai/troubleshooting/windows-issues`:"Process died during startup"};try{if((await fetch(`http://127.0.0.1:${e}/api/readiness`,{signal:AbortSignal.timeout(1e3)})).ok)return{success:!0,pid:t}}catch{}await new Promise(c=>setTimeout(c,200))}return{success:!1,error:s?`Worker failed to start on Windows (readiness check ti |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 233 | req.on("data", (chunk) => { body += chunk.toString(); }); |
| 234 | req.on("end", () => { |
| 235 | let parsedBody: any = null; |
| 236 | try { parsedBody = JSON.parse(body); } catch {} |
| 237 | |
| 238 | receivedRequests.push({ |
| 239 | method: req.method || "GET", |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 6 | `,"utf8")}catch(E){process.stderr.write(`[LOGGER] Failed to write to log file: ${E instanceof Error?E.message:String(E)} |
| 7 | `)}else process.stderr.write(p+` |
| 8 | `)}debug(e,t,s,n){this.log(0,e,t,s,n)}info(e,t,s,n){this.log(1,e,t,s,n)}warn(e,t,s,n){this.log(2,e,t,s,n)}error(e,t,s,n){this.log(3,e,t,s,n)}dataIn(e,t,s,n){this.info(e,`\u2192 ${t}`,s,n)}dataOut(e,t,s,n){this.info(e,`\u2190 ${t}`,s,n)}success(e,t,s,n){this.info(e,`\u2713 ${t}`,s,n)}failure(e,t,s,n){this.error(e,`\u2717 ${t}`,s,n)}timing(e,t,s, |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 79 | Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let i of t.seen.entries()){let a=i[1];if(e===i[0]){s(i);continue}if(t.external){let u=t.external.registry.get(i[0])?.id;if(e!==i[0]&&u){s(i);continue}}if(t.metadataRegistry.get(i[0])?.id){s(i);continue}if(a.cycle){s(i);continue}if(a.count>1&&t.reused==="ref"){s(i);continue}}}function gi(t,e){let r=t.seen.get(e);if(!r)throw new Error("Unprocessed schema. This is a bug in Zod.");let n=a=>{let c=t.seen.get(a);if( |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 8 | `+n.stack}}var oo=Object.prototype.hasOwnProperty,es=xe.unstable_scheduleCallback,Oc=xe.unstable_cancelCallback,x1=xe.unstable_shouldYield,z1=xe.unstable_requestPaint,vt=xe.unstable_now,H1=xe.unstable_getCurrentPriorityLevel,Xd=xe.unstable_ImmediatePriority,kd=xe.unstable_UserBlockingPriority,Ki=xe.unstable_NormalPriority,w1=xe.unstable_LowPriority,Vd=xe.unstable_IdlePriority,q1=xe.log,R1=xe.unstable_setDisableYieldValue,qu=null,yt=null;function Rl(e){if(typeof q1=="function"&&R1(e),yt&&typeof y |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 6 | `+c[n].replace(" at new "," at ");return e.displayName&&h.includes("<anonymous>")&&(h=h.replace("<anonymous>",e.displayName)),h}while(1<=n&&0<=a);break}}}finally{Ac=!1,Error.prepareStackTrace=l}return(l=e?e.displayName||e.name:"")?gn(l):""}function U1(e,t){switch(e.tag){case 26:case 27:case 5:return gn(e.type);case 16:return gn("Lazy");case 13:return e.child!==t&&t!==null?gn("Suspense Fallback"):gn("Suspense");case 19:return gn("SuspenseList");case 0:case 15:return Mc(e.type,!1);case 11:return M |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 12 | const scriptDir = dirname(fileURLToPath(import.meta.url)); |
| 13 | const candidate = dirname(scriptDir); |
| 14 | if (existsSync(join(candidate, 'package.json'))) return candidate; |
| 15 | } catch {} |
| 16 | return null; |
| 17 | } |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 1551 | if [[ -n "$CLAUDE_MEM_INSTALL_DIR" ]] || find_claude_mem_install_dir; then |
| 1552 | expected_version="$(INSTALLER_PKG="${CLAUDE_MEM_INSTALL_DIR}/package.json" node -e " |
| 1553 | try { process.stdout.write(JSON.parse(require('fs').readFileSync(process.env.INSTALLER_PKG, 'utf8')).version || ''); } |
| 1554 | catch(e) {} |
| 1555 | " 2>/dev/null)" || true |
| 1556 | fi |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 5 | `);for(a=n=0;n<c.length&&!c[n].includes("DetermineComponentFrameRoot");)n++;for(;a<f.length&&!f[a].includes("DetermineComponentFrameRoot");)a++;if(n===c.length||a===f.length)for(n=c.length-1,a=f.length-1;1<=n&&0<=a&&c[n]!==f[a];)a--;for(;1<=n&&0<=a;n--,a--)if(c[n]!==f[a]){if(n!==1||a!==1)do if(n--,a--,0>a||c[n]!==f[a]){var h=` |
| 6 | `+c[n].replace(" at new "," at ");return e.displayName&&h.includes("<anonymous>")&&(h=h.replace("<anonymous>",e.displayName)),h}while(1<=n&&0<=a);break}}}finally{Ac=!1,Err |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 568 | const c = require('$oc_config'); |
| 569 | const p = c?.plugins?.installs?.['claude-mem']?.installPath; |
| 570 | if (p) console.log(p); |
| 571 | } catch {} |
| 572 | " 2>/dev/null)" || true |
| 573 | if [[ -n "$existing_path" ]]; then |
| 574 | echo "$existing_path" |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 186 | console.error(`[bun-runner] failed to persist diagnostic: ${writeErr && writeErr.message ? writeErr.message : writeErr}`); |
| 187 | } |
| 188 | |
| 189 | try { child.stdin.end(); } catch {} |
| 190 | try { child.kill(); } catch {} |
| 191 | process.exit(0); |
| 192 | } |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
Silent error swallowing detected. An except clause that does pass or ... discards the exception with no log, no metric, and no trace. This blinds incident response and hides real failures.
Evidence
| 236 | `);return{content:[{type:"text",text:`Symbol "${t.symbol_name}" not found in ${t.file_path}. |
| 237 | |
| 238 | Available symbols: |
| 239 | ${s}`}]}}return{content:[{type:"text",text:`Could not parse ${t.file_path}. File may be unsupported or empty.`}]}}},{name:"smart_outline",description:"Get structural outline of a file \u2014 shows all symbols (functions, classes, methods, types) with signatures but bodies folded. Much cheaper than reading the full file.",inputSchema:{type:"object",properties:{file_path:{type:"string", |
Remediation
Log the exception at minimum (`logger.exception(e)`), emit a metric, or re-raise if the error is not recoverable. If you genuinely want to ignore an exception, say so with a comment.
ZodEncodeError
ZodError
+1 more — click to filter
thedotmack
+2 more — click to filter
smart_outline
search