issues Search Results · language:Dune language:HTML language:JavaScript language:JavaScript language:JavaScript linked:pr
Filter by
2.2M results
Implements: ROADMAP V4.0 item 3 — Custom monitoring: watch a specific app across all countries, get alerts on version
bumps, price changes, or chart rank changes
Goal
When a user re-searches an app they ...
hoshino-yuki-dev
Implements: ROADMAP V4.0 item 2 — Market gap scanner: category + country matrix highlighting underserved markets
Goal
After searching an app, show a collapsible Chart Penetration panel that visualises ...
Summary
GET /api/messages in apps/api/src/routes/messageRoutes.js has no authMiddleware. Any unauthenticated client can read all
messages in the system.
Impact
- All private user messages are publicly ...
XananasX7
Summary
GET /api/proposals in apps/api/src/routes/proposalRoutes.js has no authMiddleware. Any unauthenticated client can fetch
all proposals in the system.
Impact
- Proposals (including sensitive ...
Summary
In apps/api/src/routes/uploadRoutes.js, multer is configured with only multer.memoryStorage() and no limits option. This
means clients can upload files of unlimited size, buffering the entire ...
Summary
Set up minimum-viable CI, a pre-commit hook, and branch protection for this TypeScript/Node repo.
Changes
- CI (.github/workflows/ci.yml): runs the CI-parity trio — npm test, npm run typecheck, ...
mault-agent
michelle-villegass
Summary
express.json() in apps/api/src/app.js is called without a limit option. Express s default body size limit is 100 KB, but
with older or misconfigured setups the limit can be effectively unbounded. ...
Summary
In apps/api/src/app.js, app.use(express.json()) is registered before app.use(apiLimiter). This means body parsing
happens before rate limiting, so a client can send many large or malformed JSON ...
Summary
loginUser in apps/api/src/services/authService.js hardcodes role: client in the JWT and does not return a user id in
the response. The login response shape is incomplete.
Impact
- All authenticated ...
Summary
GET /api/users in apps/api/src/routes/userRoutes.js has no authMiddleware. Any unauthenticated client can enumerate all
user records.
Impact
- Full user list (emails, roles, IDs) is publicly ...
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.