BETA · GateTest is in active polish ahead of public launch. Some flows are rough. Found a bug? hello@gatetest.ai — we're reading every message.
Developer hygiene module

Hardcoded Url

localhost / 127.0.0.1 / RFC1918 / internal TLDs / non-TLS URLs leaking into production.

One of 104 modules in the GateTest scan suite. Catches the issue before it reaches code review, and on paid tiers opens a pull request with the fix already written.

Example finding from the hardcodedUrl module

A dev URL (loop-back, RFC1918, internal TLD) shipped into the production bundle

Why we catch it

Pulls bad-process bugs out of CI before they cost a 90-minute review.

The Hardcoded Url module sits in this category alongside 6 related modules. Together they form one of the layers of a GateTest scan — checks fire in parallel, findings cluster by root cause, and on paid tiers the AI auto-fix loop reads each finding, writes the fix, validates against the scanner, and opens a PR.

How GateTest covers hardcoded url

  • Runs in every scan. Included on the Full ($99), Scan + Fix ($199), and Forensic Scan ($399) tiers. No additional configuration.
  • Free CLI. npm i -g gatetest && gatetest --module hardcodedUrl against any local repo. No paywall on the scanning itself.
  • AI auto-fix PR. Scan + Fix tier opens a pull request with the fix, a regression test, and a pair-review by a second Claude. Forensic Scan tier adds per-finding diagnosis and cross-finding attack-chain correlation.
  • Honest confidence rating. Findings come with high / medium / low confidence so noisy patterns don't block the gate. The confidence-calibrator trainer reads customer suppressions and tightens rules over time.

Scan your repo for hardcoded url

Free preview of the headline findings. Pay per scan — no subscription.

Run a scan — from $29See all 104 modules

Frequently asked questions

What does the Hardcoded Url module catch?

localhost / 127.0.0.1 / RFC1918 / internal TLDs / non-TLS URLs leaking into production. Example finding: A dev URL (loop-back, RFC1918, internal TLD) shipped into the production bundle

Does GateTest fix Hardcoded Url issues automatically?

Yes — on the Scan + Fix tier ($199) and Forensic Scan tier ($399), Claude reads the finding, writes the fix, validates against the scanner, writes a regression test, and opens a pull request for your review.

Which tiers include the Hardcoded Url module?

The Full tier ($99), Scan + Fix tier ($199), and Forensic Scan tier ($399) include all 104 modules including Hardcoded Url. The Quick tier ($29) only includes 4 essential modules.

Can I run the Hardcoded Url module from the CLI for free?

Yes — install with `npm i -g gatetest` and run `gatetest --module hardcodedUrl` against any local repository. Paid tiers add AI auto-fix and the cross-finding correlation work.

Related modules in Developer hygiene

Pr Size
Blocks unreviewably-large pull requests (files / lines / sprawl across top-level dirs).
Pr Quality
Weak commit messages, missing tests, mixed deps+code.
Flaky Tests
Committed .only/.skip, real clock/network/timers, env leaks, self-admitted flakes.
Fake Fix Detector
AI-generated symptom patches — skipped tests, swallowed errors, dead code.
Openapi Drift
Routes defined in code missing from openapi.yaml, and spec paths with no matching handler.
Trpc Contract
tRPC procedure definitions vs frontend call sites.

Comparing GateTest to another tool?

vs. Snykvs. Sonarqubevs. Semgrepvs. Codeqlvs. Deepsourcevs. Eslintvs. Github Code Scanning