The source code must not contain commented-out code when it is deployed to the production environment.
CWE-1085: Invokable Control Element with Excessive Volume of Commented-out Code. A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.
OWASP-ASVS v4.0.1 V14.2 Dependency.(14.2.2) Verify that all unneeded features, documentation, samples, configurations are removed, such as sample applications, platform documentation, and default or example users.