DEV Community

Cover image for So i built a Security Scanner in TS.
Josef Röyem
Josef Röyem

Posted on

So i built a Security Scanner in TS.

Hi everyone! I wanted to talk about something that's been on my mind for a while: I was thinking of making something similar to curl, but more towards security! I was inspired by curl just seemingly running in the terminal "No Strictly Required Dependencies"

The Problem

All of us have either heard or read the stories - data/api key leaks, system breaches/failed encryption, compromised applications. It's not just big companies (Crowdstrike) that get hit. Small projects, personal websites, and that is what matters! The most recent thing was a tweet starting something like "guys, i'm under attack". This was either funny or concerning if you are someone that has or is working/studying in tech.

Why I Built Vibe-Guard

After seeing other projects as well as the guy in the tweet getting compromised and voicing it in public, I realized something: security tools shouldn't be complicated (sorry SNYK). They should help you write better code, not get in your way. So I built Vibe-Guard - a security scanner that works most of the time, because sometimes it decides to be sensitive to certain patterns.

What It Does

Instead of worrying about security, you can focus on building. Vibe-Guard catches common issues before they become problems:

  • No more accidental API key leaks
  • No more forgotten security headers
  • No more SQL injection vulnerabilities

The scanner helps you write more secure code by:

  • Catching issues early in development
  • Providing clear, actionable feedback
  • Learning from real-world security incidents

How it can help you!

Development Workflow

npm install -g vibe-guard
vibe-guard scan /your/project
Enter fullscreen mode Exit fullscreen mode

That's it. No complex setup, no steep learning curve. Just clearer security.

In action it displays like this:

🔍 Security Scan Results
✅ No critical issues found
⚠️ 2 medium issues in auth.ts
   - Line 42: SQL injection risk
   - Line 156: Missing input check
Enter fullscreen mode Exit fullscreen mode

No cryptic messages. Just clear, actionable feedback.

Growing with Your Project

As your project grows, Vibe-Guard grows with you:

  • Handles projects of any size
  • Adapts to your tech stack
  • Learns from your codebase

Important Note

This doesn't mean it's ML or AI - it's just pattern matching and common sense rules.

Getting Started

  1. Install:
npm install -g vibe-guard
Enter fullscreen mode Exit fullscreen mode
  1. Scan:
vibe-guard scan --rules my-rules.json
Enter fullscreen mode Exit fullscreen mode
  1. Check Results:
vibe-guard report --format json
Enter fullscreen mode Exit fullscreen mode

What's Coming

  • More security checks
  • Support for more languages
  • Better IDE integration
  • Smarter detection
  • Uploading to more pkg-managers: currently only has a homebrew tap.

Contributing

It's open source on GitHub. If you find bugs or want to add features, PRs are welcome.

Final Thoughts

Security doesn't have to be complicated. Sometimes the simplest tools are the most useful. If you're tired of security tools that get in your way, maybe give this a look.

typescript #security #webdev #programming #opensource

Top comments (0)