Unversioned API routes
Part of Architecture & Best Practices, which counts for 15% of the overall score. When this check fires it deducts 2 points from that category, once per scan, no matter how many places it turns up.
What it detects
API routes with no version prefix (/api/v1/...) make future breaking changes harder to roll out safely.
Why it matters
Once clients depend on /api/users, changing its response shape breaks them all at once, with no way to run old and new behavior side by side. A version prefix like /api/v1/ gives you a migration path: ship v2, move clients over, retire v1. This matters most when the API has consumers you do not control; for a private frontend-plus-backend pair it is a judgment call.
How to fix it
Decide whether the API has, or will have, consumers outside this repo. If so, mount routes under a versioned prefix (app.use('/api/v1', router) in Express, APIRouter(prefix='/api/v1') in FastAPI) and update client calls, keeping the old unversioned paths as aliases during the migration. If the API is purely internal, documenting that decision is a legitimate outcome.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo