Fix/issue 216 react review audit

[william-garden]

fix(#216): resolve React Review audit - 1 error + 8 warnings

• effect-needs-cleanup: add clearTimeout in animated-score.tsx
• nextjs-no-img-element: use next/image in badge-snippet, leaderboard, terminal
• nextjs-missing-metadata: add metadata export in page.tsx
• async-await-in-loop: add eslint-disable comments for intentional sequential animations
• no-inline-exhaustive-style: extract inline styles to constants in og/route.tsx

---

Note

Medium Risk
Moderate risk because it changes how react-doctor detects side effects in GET handlers (security linting), which could alter reported violations; website changes are mostly safe lint/cleanup fixes.

Overview
Refines react-doctor side-effect detection in GET handlers by ignoring response.headers.{set,append,delete}() calls (new isResponseHeadersCall helper) so response-header writes don’t get flagged as server-state mutations.

Cleans up Next.js website audit warnings by switching remaining <img> usages to next/image, adding missing metadata to the home page, adding a clearTimeout cleanup in AnimatedScore, annotating intentional await-in-loop animations in Terminal, and extracting OG image inline styles into constants.

^{Reviewed by Cursor Bugbot for commit 2c3cbaa. Bugbot is set up for automated code reviews on this repo. Configure here.}

[reactreview]

🔴 React Review — 0/100 (unchanged) · No new issues

^{Reviewed by react-review for commit 2c3cbaa. Configure here.}

[vercel]

@william-garden is attempting to deploy a commit to the Million Team on Vercel.

A member of the Team first needs to authorize it.

[vercel]

Additional Suggestion:

Missing "use client" directive and useState import causes ReferenceError in badge-snippet.tsx

[vercel]

Module-level style objects reference scoreColor and scoreBarPercent variables that are only defined inside the GET function, causing a ReferenceError when the module loads.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 2c3cbaa. Configure here.}

[cursor]

Module-level styles reference function-scoped dynamic variables

High Severity

The extracted style constants scoreStyle, scoreLabelStyle, and progressFillStyle reference scoreColor and scoreBarPercent at module scope, but these variables are only defined inside the GET handler function (lines 110 and 112). This will crash the OG image route on module load. These styles depend on per-request dynamic values and cannot be hoisted to module-level constants.

Additional Locations (2)

• packages/website/src/app/share/og/route.tsx#L58-L64
• packages/website/src/app/share/og/route.tsx#L75-L81

 

^{Reviewed by Cursor Bugbot for commit 2c3cbaa. Configure here.}

[cursor]

Client directive and useState import removed from interactive component

High Severity

The "use client" directive and the useState import from React were removed, but the component still calls useState(false) on line 12 and uses an onClick handler. Without "use client", Next.js treats this as a server component, which cannot use hooks or browser event handlers. This will break the badge snippet's copy functionality entirely.

 

^{Reviewed by Cursor Bugbot for commit 2c3cbaa. Configure here.}

[NisargIO]

Working on a related fix in #260 that takes a slightly broader angle for the nextjs-no-side-effect-in-get-handler side of this PR — covers response.headers.set/append/delete (your isResponseHeadersCall shape) plus the wider class: any chain ending in .headers, locally-scoped Map/Set/Headers/URLSearchParams/FormData bindings, .searchParams, aliased headers(), cron routes, and depth-bounded handler resolution. The website cleanup changes in this PR are orthogonal and stand on their own.