Hi everyone! I wanted to talk about something that's been on my mind for a while: I was thinking of making something similar to curl, but more towards security! I was inspired by curl just seemingly running in the terminal "No Strictly Required Dependencies"
The Problem
All of us have either heard or read the stories - data/api key leaks, system breaches/failed encryption, compromised applications. It's not just big companies (Crowdstrike) that get hit. Small projects, personal websites, and that is what matters! The most recent thing was a tweet starting something like "guys, i'm under attack". This was either funny or concerning if you are someone that has or is working/studying in tech.
Why I Built Vibe-Guard
After seeing other projects as well as the guy in the tweet getting compromised and voicing it in public, I realized something: security tools shouldn't be complicated (sorry SNYK). They should help you write better code, not get in your way. So I built Vibe-Guard - a security scanner that works most of the time, because sometimes it decides to be sensitive to certain patterns.
What It Does
Instead of worrying about security, you can focus on building. Vibe-Guard catches common issues before they become problems:
- No more accidental API key leaks
- No more forgotten security headers
- No more SQL injection vulnerabilities
The scanner helps you write more secure code by:
- Catching issues early in development
- Providing clear, actionable feedback
- Learning from real-world security incidents
How it can help you!
Development Workflow
npm install -g vibe-guard
vibe-guard scan /your/project
That's it. No complex setup, no steep learning curve. Just clearer security.
In action it displays like this:
🔍 Security Scan Results
✅ No critical issues found
⚠️ 2 medium issues in auth.ts
- Line 42: SQL injection risk
- Line 156: Missing input check
No cryptic messages. Just clear, actionable feedback.
Growing with Your Project
As your project grows, Vibe-Guard grows with you:
- Handles projects of any size
- Adapts to your tech stack
- Learns from your codebase
Important Note
This doesn't mean it's ML or AI - it's just pattern matching and common sense rules.
Getting Started
- Install:
npm install -g vibe-guard
- Scan:
vibe-guard scan --rules my-rules.json
- Check Results:
vibe-guard report --format json
What's Coming
- More security checks
- Support for more languages
- Better IDE integration
- Smarter detection
- Uploading to more pkg-managers: currently only has a homebrew tap.
Contributing
It's open source on GitHub. If you find bugs or want to add features, PRs are welcome.
Final Thoughts
Security doesn't have to be complicated. Sometimes the simplest tools are the most useful. If you're tired of security tools that get in your way, maybe give this a look.
Top comments (0)