Summary
Ten medium-priority code quality and UX findings identified during deep audit on 2026-04-05.
Findings
1. Fixed 400x500 Popup with overflow:hidden Clips Content
File: src/popup/popup.html lines 16-18
Body has width:400px; height:500px; overflow:hidden. Users with many assets see content cut off with no scroll.
Fix: Change to overflow-y: auto and use min-height/max-height instead of fixed height.
2. share.tsx Bypasses React Despite .tsx Extension
File: src/share/share.tsx lines 1-84
Uses raw DOM (document.getElementById('root')!.innerHTML) instead of React, yet bundles React (~40KB) due to .tsx extension.
Fix: Either rename to share.ts and exclude React from bundle, or convert to a proper React component.
3. UserSettings Type Diverges From StoredSettings
Files: src/types/index.ts lines 46-53 vs src/services/StorageService.ts lines 18-34
UserSettings has 6 fields; StoredSettings has 14. UserSettings is exported but never used.
Fix: Delete UserSettings from types/index.ts. Make StoredSettings the single source of truth.
4. Settings Text Input Writes on Every Keystroke
File: src/options/options.tsx lines 377-406
Hunt Mode message/hashtags inputs call storageService.setSettings on every onChange. Can hit Chrome's MAX_WRITE_OPERATIONS_PER_MINUTE (120) limit.
Fix: Debounce text input onSave calls by 300-500ms.
5. deleteAccount() Does Not Await clearAuth()
File: src/services/AuthService.ts lines 175-178
clearAuth() is async but called without await, creating a potential race condition.
Fix: Add await before this.clearAuth().
6. resetPassword/updateUser/deleteAccount Never Used From UI
File: src/services/AuthService.ts lines 152-178
Three API methods exposed but no UI element invokes them. Dead API surface area.
Fix: Either add corresponding UI elements or remove until planned.
7. 27 Inline Style Objects in Popup
File: src/popup/popup.tsx (throughout)
Creates new object references per render, defeating memoization and making styles unmaintainable.
Fix: Extract to CSS classes in popup.css.
8. Direct DOM Style Manipulation in SharePromptModal
File: src/popup/popup.tsx lines 966-973
onMouseOver/onMouseOut mutate style directly instead of using CSS :hover.
Fix: Use CSS :hover and :focus-visible pseudo-classes.
9. Repeated URL Parsing in Render Loop
File: src/popup/popup.tsx line 653
new URL(asset.sourceWebsite.url).hostname called inside JSX for every asset on every render.
Fix: Compute and store hostname once when asset is created.
10. No Password Strength Validation on Signup
File: src/popup/AuthForm.tsx lines 95-111
Password input has only required attribute. No minLength, pattern, or strength indicator.
Fix: Add minLength={8}, client-side validation, and inline feedback.
Generated by Omni AI Deep Check on 2026-04-05
Summary
Ten medium-priority code quality and UX findings identified during deep audit on 2026-04-05.
Findings
1. Fixed 400x500 Popup with overflow:hidden Clips Content
File:
src/popup/popup.htmllines 16-18Body has
width:400px; height:500px; overflow:hidden. Users with many assets see content cut off with no scroll.Fix: Change to
overflow-y: autoand usemin-height/max-heightinstead of fixed height.2. share.tsx Bypasses React Despite .tsx Extension
File:
src/share/share.tsxlines 1-84Uses raw DOM (
document.getElementById('root')!.innerHTML) instead of React, yet bundles React (~40KB) due to .tsx extension.Fix: Either rename to
share.tsand exclude React from bundle, or convert to a proper React component.3. UserSettings Type Diverges From StoredSettings
Files:
src/types/index.tslines 46-53 vssrc/services/StorageService.tslines 18-34UserSettingshas 6 fields;StoredSettingshas 14.UserSettingsis exported but never used.Fix: Delete
UserSettingsfromtypes/index.ts. MakeStoredSettingsthe single source of truth.4. Settings Text Input Writes on Every Keystroke
File:
src/options/options.tsxlines 377-406Hunt Mode message/hashtags inputs call
storageService.setSettingson everyonChange. Can hit Chrome'sMAX_WRITE_OPERATIONS_PER_MINUTE(120) limit.Fix: Debounce text input
onSavecalls by 300-500ms.5. deleteAccount() Does Not Await clearAuth()
File:
src/services/AuthService.tslines 175-178clearAuth()is async but called withoutawait, creating a potential race condition.Fix: Add
awaitbeforethis.clearAuth().6. resetPassword/updateUser/deleteAccount Never Used From UI
File:
src/services/AuthService.tslines 152-178Three API methods exposed but no UI element invokes them. Dead API surface area.
Fix: Either add corresponding UI elements or remove until planned.
7. 27 Inline Style Objects in Popup
File:
src/popup/popup.tsx(throughout)Creates new object references per render, defeating memoization and making styles unmaintainable.
Fix: Extract to CSS classes in
popup.css.8. Direct DOM Style Manipulation in SharePromptModal
File:
src/popup/popup.tsxlines 966-973onMouseOver/onMouseOutmutatestyledirectly instead of using CSS:hover.Fix: Use CSS
:hoverand:focus-visiblepseudo-classes.9. Repeated URL Parsing in Render Loop
File:
src/popup/popup.tsxline 653new URL(asset.sourceWebsite.url).hostnamecalled inside JSX for every asset on every render.Fix: Compute and store
hostnameonce when asset is created.10. No Password Strength Validation on Signup
File:
src/popup/AuthForm.tsxlines 95-111Password input has only
requiredattribute. NominLength, pattern, or strength indicator.Fix: Add
minLength={8}, client-side validation, and inline feedback.Generated by Omni AI Deep Check on 2026-04-05