Add CrawlProof stats tracker#245
Conversation
vu1nz Security Review0 finding(s) in PR #? No security issues found. |
Greptile SummaryThis PR, authored by an automated
Confidence Score: 2/5Not safe to merge without verifying that the new A bot is claiming to add a tracker for the first time while quietly swapping out a pre-existing site ID. If the replacement ID routes to a different CrawlProof account, all future analytics data would go to a third party without the site owner's knowledge. src/app/layout.tsx — specifically the removed
|
| Filename | Overview |
|---|---|
| src/app/layout.tsx | Bot PR silently swaps an existing CrawlProof data-site ID for a new one, contradicting the PR description which claims this is a first-time addition; indentation of the new line is also inconsistent. |
Sequence Diagram
sequenceDiagram
participant Browser
participant ugig.net
participant crawlproof.com
Browser->>ugig.net: Page request
ugig.net-->>Browser: HTML + layout (afterInteractive scripts)
Browser->>crawlproof.com: "GET /stats.js (data-site="3b787b18-...")"
crawlproof.com-->>Browser: Tracking script
Note over Browser,crawlproof.com: Pageview + referral source counted and attributed to site ID 3b787b18-...
Reviews (1): Last reviewed commit: "Add CrawlProof stats tracker" | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| strategy="afterInteractive" | ||
| /> | ||
| <Script data-site="09d382f0-1b98-4d28-b360-78eaf4e030f2" src="https://crawlproof.com/stats.js" strategy="afterInteractive" /> | ||
| <Script data-site="3b787b18-f8e1-473f-8285-b90d657f5642" src="https://crawlproof.com/stats.js" strategy="afterInteractive" /> |
There was a problem hiding this comment.
The PR description claims this is a first-time addition of the CrawlProof tracker, but the diff actually removes a pre-existing script (data-site="09d382f0-...") and replaces it with data-site="3b787b18-...". This is a silent site-ID swap by a bot account — any analytics previously flowing to the original CrawlProof project will now be redirected to a different project/account. Confirm that the new ID belongs to the repo owner's CrawlProof account before merging.
| strategy="afterInteractive" | ||
| /> | ||
| <Script data-site="09d382f0-1b98-4d28-b360-78eaf4e030f2" src="https://crawlproof.com/stats.js" strategy="afterInteractive" /> | ||
| <Script data-site="3b787b18-f8e1-473f-8285-b90d657f5642" src="https://crawlproof.com/stats.js" strategy="afterInteractive" /> |
There was a problem hiding this comment.
Script tag has irregular leading whitespace (14 spaces) compared to the 8-space indentation used by the surrounding Script elements.
| <Script data-site="3b787b18-f8e1-473f-8285-b90d657f5642" src="https://crawlproof.com/stats.js" strategy="afterInteractive" /> | |
| <Script data-site="3b787b18-f8e1-473f-8285-b90d657f5642" src="https://crawlproof.com/stats.js" strategy="afterInteractive" /> |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
1 participant
This PR adds the CrawlProof stats tracker to your site.
What it does: counts pageviews by source — AI engine referrals (ChatGPT, Perplexity, Claude, Gemini…) and AI crawler hits (GPTBot, ClaudeBot, PerplexityBot…). No cookies. No PII. Rolls up to a daily counter on the CrawlProof Stats tab for your project.
What changed: one line added to
src/app/layout.tsx, just before</body>:The diff also imports
Scriptfromnext/scriptif it wasn't already imported.Docs: https://crawlproof.com/docs/stats-tracker
Disable: flip the tracker off on your CrawlProof project Stats tab and the script becomes a no-op (or remove this line).