Introducing SecureCheck v1.0
I'm excited to share SecureCheck, an open-source security testing library I built to help developers identify common web vulnerabilities before they become problems.
The Problem
As developers, we often focus on features and performance, but security can fall through the cracks. Security audits are expensive, and many security tools are either too complex or require significant setup time.
I wanted something simple: a tool that could scan a website in under 2 minutes and tell me exactly what's wrong and how to fix it.
The Solution
SecureCheck is a lightweight Node.js library with zero dependencies that scans websites for:
- HTTP Security Headers - Missing CSP, HSTS, X-Frame-Options, etc.
- SSL/TLS Configuration - Certificate expiry, HTTPS enforcement
- Information Disclosure - Exposed .git, .env, config files
- Cookie Security - Missing Secure, HttpOnly, SameSite flags
- XSS Vulnerabilities - Basic detection of potential cross-site scripting
What Makes It Different?
1. Educational, Not Just Diagnostic
Each vulnerability includes:
- What's wrong
- Why it matters (real-world impact)
- How to fix it (specific recommendations)
Example output:
🟠 [HIGH] Missing Content Security Policy
Category: HTTP Headers
Issue: No Content-Security-Policy header found
Impact: Without CSP, your site is more vulnerable to XSS attacks.
Attackers can inject malicious scripts that steal user data,
hijack sessions, or deface your website.
Fix: Implement CSP to prevent XSS attacks.
Start with: Content-Security-Policy: default-src 'self'
2. Zero Dependencies
Built with pure Node.js. No bloated dependency chains or security vulnerabilities from third-party packages.
3. Beautiful Output
Color-coded severity levels make it easy to prioritize fixes at a glance.
4. Fast
Complete scan in under 2 minutes. Perfect for CI/CD pipelines.
Installation
npm install -g securecheck
**Usage**
# Basic scan
securecheck https://example.com
# Verbose output
securecheck https://example.com --verbose
# JSON output for CI/CD
securecheck https://example.com --json
**Use as a Library**
const SecureCheck = require('securecheck');
(async () => {
const scanner = new SecureCheck('https://example.com', {
verbose: true,
timeout: 10000
});
const results = await scanner.scan();
console.log(results);
})();
Real-World Example
I tested SecureCheck on a popular sports website and found:
- 23 medium severity issues
- 1 high severity issue (missing CSP)
- 2 low severity issues
- 1 informational finding
All in under 1 second.
What's Next?
Roadmap for v1.1:
- SQL injection detection
- CORS misconfiguration checks
- Subdomain enumeration
- HTML report generation
Roadmap for v2.0:
- Authenticated scanning
- API endpoint testing
- Web dashboard
Contributing
SecureCheck is open source (MIT license) and I'd love your contributions! Whether it's:
- Adding new security checks
- Improving documentation
- Reporting bugs
- Suggesting features
Check out the Contributing Guide.
Important Note
SecureCheck is designed for testing YOUR OWN websites or sites where you have explicit permission. Unauthorized security testing may be illegal in your jurisdiction.
Links
GitHub: github
NPM: npm
Issues: GitHub Issues
Conclusion
Security doesn't have to be complicated. With SecureCheck, you can catch common vulnerabilities in your development workflow and learn about security best practices along the way.
Give it a try and let me know what you think! Star the repo if you find it useful.
Top comments (0)