HN Showcase
Back to browse
GitHub Repository

Your vibe-coded app has hardcoded secrets, missing auth, and hallucinated imports. Find out in under a second.

15 starsTypeScript

Prodlint – Static analysis for the bugs AI coding tools write

by AMARCOVECCHIO99·Feb 21, 2026·1 point·3 comments
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemSlick

Catches hallucinated imports, hardcoded secrets, and missing auth that AI coding tools consistently write.

Strengths
  • Addresses a genuine pain point (AI-generated code shipping with security/reliability issues) with 52 targeted rules
  • Zero-config, no LLM, sub-100ms execution means it fits into CI/CD without friction
  • Clear scoring breakdown (security, reliability, performance, ai-quality) gives developers actionable prioritization
Weaknesses
  • Rules are pattern-matching, not semantic—will miss context-dependent bugs (e.g., logic errors in validation logic)
  • No LSP/editor integration shown; CLI-only limits developer feedback loop during coding
Target Audience

Teams using Cursor, v0, Bolt, Copilot; developers shipping AI-generated code to production

Similar To

ESLint security plugins (eslint-plugin-security) · SonarQube · Snyk code scanning

Similar Projects

Developer Tools●●●Banger

AISlop, a CLI for catching AI generated code smells

Catches AI slop patterns like empty catches and narrative comments that tests and lint miss.

Solve My ProblemShip ItDark Horse
Heavykenny
736516d ago