Your vibe-coded app has hardcoded secrets, missing auth, and hallucinated imports. Find out in under a second.
This is a focused, pragmatic tool: 27 rules across security, reliability, performance and AI-quality pick up things TypeScript and ESLint miss (hallucinated imports, phantom-dependency, hardcoded secrets, missing rate limiting). It ships as an npx CLI with JSON output for CI, tests and GitHub Actions — small but practical feature set that makes it trivial to gate AI-generated code in pipelines. I'd like stronger editor/IDE integration and more ecosystem hooks, but for teams relying on LLMs this hits an important pain point cleanly.
JavaScript/TypeScript developers and engineering teams using AI code generation, security/reliability engineers, and CI maintainers
Catches AI-generated bugs TypeScript misses: hallucinated imports, unvalidated server actions, hardcoded secrets.
Catches hallucinated imports, hardcoded secrets, and missing auth that AI coding tools consistently write.
Client-side scanner catches hardcoded secrets in AI code—real problem, obvious solution.
It hooks into your build process, finds t(...) calls, and only generates missing translations via an LLM while preserving hand-edited entries — useful ergonomics many i18n tools skip. Comes with Vite/Webpack plugins, watch/batching modes and unused-key cleanup; the hard parts left to you are translation quality, API cost, and secrets management.
Purpose-built LLM security linter covers OWASP Top 10, but static analysis has inherent blind spots.
ESLint for system design: catch architecture violations in CI before code review becomes bottleneck.
