Hi HN, we ran jq (github.com/jqlang/jq) through our static analysis tool.
It's a fantastic, mature project (13 yrs, 230+ authors, Grade A avg. complexity). However, we found some serious concerns: multiple potential buffer overflows (Red Flags in 9 core files), path traversal issues, and a very low test health score (2.9/100).
Given its widespread use, these findings are pretty significant for anyone relying on it, especially in production pipelines. Full breakdown and data in the post. Curious about your thoughts/experiences.
cranberryturkey•6h ago
vibe code that shit into 100% test coverage than. You can do it!
cpachmann•6h ago
It's a fantastic, mature project (13 yrs, 230+ authors, Grade A avg. complexity). However, we found some serious concerns: multiple potential buffer overflows (Red Flags in 9 core files), path traversal issues, and a very low test health score (2.9/100).
Given its widespread use, these findings are pretty significant for anyone relying on it, especially in production pipelines. Full breakdown and data in the post. Curious about your thoughts/experiences.