I built a PR merge gate for NestJS backends — scanned a 137-star ecommerce repo and found 58 violations including a silent authorization bypass

🔗 technicaldebtradar.com I built Technical Debt Radar — a tool that blocks PR merges when it finds dangerous patterns in NestJS backends. Not a linter. Actual enforcement. To validate it, I scanned a real 137-star NestJS + Mongoose ecommerce project. Results 58 violations — 8 blocking the merge gate: Architecture: 9 (circular deps, cross-module violations) Reliability: 22 (missing error handling) Performance: 7 (unbounded queries, no pagination) Runtime Risk: 4 (fetch without