The Problem
I manage 30+ Node.js projects. When CVE-2025-64756 (glob vulnerability) dropped in November, I spent 2+ hours manually checking every project.
This happens every time a major CVE drops.
What I'm Building
A simple tool that:
- Connects to GitHub/GitLab
- Scans all your Node.js projects (package.json, Node version, dependencies)
- Monitors CVE feeds (NVD, OSV.dev)
- Alerts you: "⚠️ CVE-XXXXX affects 3 of your projects"
Target: Solo devs & small teams managing 10+ projects who can't afford Snyk ($300+/mo)
Pricing: $29/month
Questions for you:
- Do you manage multiple Node.js projects?
- How do you currently track CVEs?
- What would you pay for this?
- What am I missing?
Building the MVP this week. Ship fast, iterate faster.
Follow along: 0xPhileas
Top comments (0)