HexaScan:Open-Source Monitoring(PageSpeed,Critical Flows,SEO,Security)

Name: HexaScan:Open-Source Monitoring(PageSpeed,Critical Flows,SEO,Security)
Availability: InStock
Author: paimpozhil

by paimpozhil·Feb 21, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemSlick

Combines uptime, PageSpeed, agent metrics, and Playwright flows—but UptimeRobot, Datadog, and New Relic already bundle these.

Strengths

•Critical Flow testing via Playwright scripts for real user journeys (checkout, signup) integrated directly into monitoring—not a separate tool.
•Dedicated Magento 2 and WordPress health checks (orders, patches, plugins, WooCommerce stats) built-in, not grafted on as afterthoughts.
•Lightweight Python agent for internal metrics avoids heavyweight APM bloat; escalation matrix handles real on-call workflows (L1 → L2 → L3).

Weaknesses

•Directly competes with established monitoring stacks (UptimeRobot + Google PageSpeed + Datadog); bundling alone doesn't differentiate in a crowded category.
•No evidence of better data, cheaper pricing, or novel architectural insight compared to incumbents; feels like a well-built internal tool open-sourced.

Post Description

Hi HN,

We manage monitoring for a bunch of client websites, mostly Magento and WordPress stores, and got frustrated juggling UptimeRobot, Google PageSpeed, SSL checkers, and custom Playwright scripts. Everything lived in different tabs with different logins. So we built one tool that does all of it.

HexaScan monitors uptime and response times, PageSpeed and Core Web Vitals via Google's API, SSL certificate expiry, and server metrics through a lightweight Python agent. It has dedicated Magento 2 monitoring (orders, version, security patches, database size, customers, disk) and WordPress monitoring (version, plugins, themes, security, cache, WooCommerce stats) built in, not bolted on as an afterthought.

The part we're most excited about is Critical Flow testing. You can write Playwright scripts that test actual user journeys like checkout, signup, and login, and run them on a schedule alongside everything else. Most monitoring stops at "is the site up" but doesn't tell you if your checkout is broken.

We also have a repo security scanner that checks public Git repos for hardcoded secrets, backdoors, injection vulnerabilities, and dependency issues via the OSV database.

There's a built-in escalation matrix with three levels that auto-escalates if issues aren't acknowledged, with public issue pages for each incident. Notifications go to Telegram and email, with more channels planned.

Other stuff: filesystem integrity monitoring with Git status integration, log monitoring, custom script execution with sandboxing, and a health scoring system that weights critical monitors higher so you get a real picture of site health at a glance.

Built with Fastify 5, TypeScript, Prisma, PostgreSQL, Redis, BullMQ on the backend. React 18, Vite, Tailwind on the frontend. Python agent for server-side metrics and Playwright flows.

Self-hostable, doesn't phone home. We also offer a managed version for teams who'd rather not deal with the infrastructure.

Would love feedback, especially on what you'd prioritize next.

GitHub: https://github.com/BlazeHexaScan/HexaScan

Website: https://www.hexascan.app (https://www.hexascan.app/)