Badges

Tastemaker
Tastemaker
Gone streaking
Gone streaking

Maker History

Forums

What should a passive vibe coding security scan actually prove?

We re launching Check My Vibe as a deliberately limited first-pass security tool for AI-built and vibe-coded websites.

The design constraint is simple: no login, no exploit attempts, no recursive crawling, and no stored scan history. The automated pass checks the public response, selected same-origin JavaScript, security headers, HTTPS behavior, source maps, credential-shaped strings, and a fixed set of sensitive public paths. It then hands off to a separate 36-point manual checklist for authorization, database access, dependencies, and deployment controls that a passive scanner cannot prove.

That separation matters because a clean automated result should never be presented as proof that an application is secure.

What would make this kind of first-pass report more useful without turning it into intrusive testing?

4d ago

Check My Vibe - Free vibe coding security checklist and passive scanner

Run a free passive security scan and work through a practical checklist for websites built with AI and vibe coding tools.

30d ago

JS to DOCX Converter - Convert JS to DOCX or generate Word with JavaScript

jstodocx.com is a browser-based JS to DOCX tool for two workflows: run restricted Docx.js-style document examples to preview and download real Word DOCX output, or use Archive JS Source mode to save ordinary JavaScript source as a readable Word document without executing it. It also supports basic HTML to DOCX with JavaScript. Not a JSON converter, PDF converter, generic file converter, official Docx.js editor, or arbitrary JavaScript runner.
View more