Full-codebase-audit 2026-05-30 outputs: - Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md - 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer). - Scanner docs from scratch (was zero): architecture, data model, API ref, payment flow, operations runbook + repo README. - Doc-sync updates across API reference, data models, flows, design system. - Secret Rotation Runbook (08 - Operations) for the exposed credentials. - Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js. Issues remain status:open intentionally — the code fixes are uncommitted-then-committed working-tree changes per repo and aren't "resolved" until merged/deployed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.4 KiB
1.4 KiB
issue, title, severity, domain, labels, status, created, source
| issue | title | severity | domain | labels | status | created | source | |||
|---|---|---|---|---|---|---|---|---|---|---|
| 070 | Backend: notifyAllSellersAboutNewRequest unbounded fan-out — N DB writes + N socket emits per new request | high | Marketplace |
|
open | 2026-05-30 | Full Codebase Audit 2026-05-30 |
Backend: notifyAllSellersAboutNewRequest unbounded fan-out — N DB writes + N socket emits per new request
Severity: high Domain: Marketplace Labels: performance, backend, scalability
Description
PurchaseRequestService.ts:196 loops over every seller and issues one Notification.insertOne and one socket.emit per seller, wrapped in setTimeout. With hundreds of sellers this creates hundreds of sequential DB writes and socket emits, blocking the event loop and risking OOM.
Options
- Batch with
insertManyfor notifications and a single room/broadcast emit instead of per-sellersetTimeout. - Move to a queue/worker that processes seller notifications asynchronously with concurrency limits.
- Fan out via a topic/room subscription rather than per-seller writes.
Recommendation
Use insertMany + a single broadcast/room emit, or offload to a queue with bounded concurrency. This is an architectural change.
Affected Files
backend/src/services/marketplace/PurchaseRequestService.ts:196
References
- Full Codebase Audit 2026-05-30 — DEC-40