Update constants.ts#69

Open

alexandersucala wants to merge 1 commit intomainfrom

alexandersucala-patch-53

Owner

alexandersucala commented Mar 27, 2026

blah blah blah


          Update constants.ts

f4a2b0b

matrixreview Bot commented Mar 27, 2026

🔴 MatrixReview — RED

⚙️ = code-backed · 🔎 = doc-backed · 💭 = AI suggestion · 📖 = doc citation · 📝 = PR location

Risk: 44 files directly affected | 12 broken importers
Findings: 16 (13 code-backed, 9 doc-backed)

🔴 SECURITY — 10 findings (9 code-backed, 1 doc-backed) · expand 🔽

⚙️ CRITICAL: 8 files with auth, crypto, data, input, network access depend on modified constants.ts
Show affected files
- isOutOfBounds.tsx (fan-in: 12, tags: auth, data)
- telemetry.ts (fan-in: 12, tags: auth, data, crypto, network)
- CloseComeUtils.ts (fan-in: 12, tags: auth, data, crypto)
- OgImages.tsx (fan-in: 12, tags: crypto)
- CalEventParser.ts (fan-in: 12, tags: auth, input, data)
- logger.ts (fan-in: 12, tags: auth)
- username.ts (fan-in: 12, tags: auth, data, crypto, network)
- Tasker.ts (fan-in: 12, tags: auth, crypto)
⚙️ CRITICAL: Hardcoded secret in constants.ts: API_KEY = "c. Must use env vars.
Show evidence

Line 344 in constants.ts:
```
export const INTERNAL_API_KEY = "calsk_internal_9x8w7v6u5t4s";
```
Hardcoded hardcoded secret detected in packages/lib/constants.ts: API_KEY = "c...t4s". File touches security veins: ['auth', 'input', 'data', 'crypto']. Secrets must never be committed to source control.
🔎 [SECURITY] Hardcoded internal API key exposed in source code. This violates security best practices for handling secrets and API keys, which should never be committed to code and should be stored in environme...

Read more · expand 🔽

...nt variables.

- *Also flagged by: ARCHITECTURE, STYLE, ONBOARDING* 📖 *authentication_security_section.md lines 1-50* 📝 `packages/lib/constants.ts line 344`

🔴 ARCHITECTURE — 4 findings (4 code-backed) · expand 🔽

⚙️ HIGH: 4 files with data, input access depend on modified constants.ts
Show affected files
- getBrandColours.tsx (fan-in: 12, tags: input)
- redactError.ts (fan-in: 12, tags: data)
- getCalcomUrl.ts (fan-in: 12, tags: none)
- checkIfItFallbackImage.ts (fan-in: 12, tags: none)

🟢 LEGAL — No issues found
🟡 STYLE — No issues found

🔴 ONBOARDING — 2 findings (2 doc-backed) · expand 🔽

🔎 [CHORE] PR template not filled out - the PR description contains placeholder text 'blah blah blah' instead of a proper description of changes.
📖 PULL_REQUEST_TEMPLATE_onboarding_section.md (v30) lines 1-8
🔎 [CHORE] PR is too large - the PR description indicates this is a large change ('blah blah blah' suggests placeholder for extensive changes) which violates the guideline to keep PRs under 500 lines or 10 fi...

Read more · expand 🔽

...les.

📖 *quality-pr-creation_onboarding_section.md (v1) lines 18-20*

👆 Click expand on any gate above to see full findings with evidence and citations.

Powered by MatrixReview · Report incorrect finding

⚙️ Generate Fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet