Reading Your Results·Intermediate
Finding Categories
What each category of FinishKit findings means and why it matters.
FinishKit organizes findings into six categories, each covering a different risk area for your app.
Blockers
Issues that will actively break your app in production. Examples:
- Missing authentication on protected routes
- Broken API routes that return 500s
- Database queries that will fail without certain env vars set
- Hardcoded development URLs (
localhost:3000) in production code
Fix these before anything else.
Security
Vulnerabilities that put your users or data at risk. Examples:
- API keys or secrets committed to the repo
- Missing Row Level Security on Supabase tables
- SQL injection risks in raw queries
- CORS configured to allow all origins (
*) in a production API - Unvalidated user input passed to dangerous functions
Deploy
Configuration problems that will prevent your app from deploying or running correctly. Examples:
- Missing environment variables that the code references
- Incorrect build configuration
- Missing
startscript inpackage.json - Static files referenced that don't exist in the build output
Stability
Code patterns that will cause unexpected crashes or poor behaviour at runtime. Examples:
- Unhandled promise rejections
- Missing error boundaries in React components
- API calls with no timeout or retry logic
- Race conditions in async code
Tests
Missing or inadequate test coverage for critical paths. Examples:
- No tests for authentication flows
- No tests for payment/billing logic
- Missing test for a form that validates user-submitted data
UI
User-facing issues that will hurt the experience. Examples:
- Pages with no loading state (blank screen while data loads)
- Forms that don't show validation errors
- Components that break on mobile screen sizes
- Missing empty states when lists have no data