Medical data breach checker

[harsh-hak]

The Medical Data Breach Checker is a privacy-focused tool that helps users protect their medical identity. By leveraging the Have I Been Pwned API, it scans for public data breaches specifically involving healthcare, insurance, or medical records. Searches are performed anonymously without logging any user data, and identified breaches are automatically categorized by risk level to help users prioritize their security actions.

[elanlaw1206]

Hi Harsh,

CI is currently failing because the workflow expects Vulnerability_Scanner_V1.4.py and the file is missing. I’d prefer to keep Vulnerability_Scanner_V1.4.py as it is currently referenced by the CI workflow, and removing it causes the checks to fail.

To avoid breaking the pipeline for this multi-trimester project, please restore/revert the deletion of Vulnerability_Scanner_V1.4.py. Once checks are green, I’m happy to approve.

Thanks
King Hei

[elanlaw1206]

Hi Harsh,
Thanks for adding the Medical Data Breach checker and improving the security scan workflow, the security intent here is good 👍

However, this PR cannot be merged at the moment due to an unresolved conflict, and I need a bit more clarification before proceeding.

Merge conflict in server.js (blocking issue)
This PR currently has a merge conflict in server.js, specifically around the CORS origin configuration.
Since this directly affects runtime behaviour (API accessibility from the frontend), the conflict needs to be clearly resolved before merging.

Could you please:

Explain which CORS behaviour is intended after the merge (single FRONTEND_ORIGIN vs function-based allowlist), and

Resolve the conflict accordingly and push the updated version?

CI safety for the vulnerability scanner
The scanner imports docx (python-docx). Please confirm the workflow installs all required Python dependencies, or update the workflow to do so, to avoid CI failures on a clean runner.

Scan output safety (logs/artifacts)
Since scan results are printed to logs and uploaded as artifacts, please confirm that no real sensitive values (tokens/secrets) are exposed, or consider masking/limiting output to rule names and file paths only.

Core file changes verification
As this PR updates core files (package.json / package-lock.json), please share a quick test execution result (CI screenshot or local test output) to confirm nothing breaks at runtime.

Once the conflict is resolved and the above points are clarified, I’ll be happy to continue the review. Thanks!

King Hei