Yikes
Find auth gaps and leaked secrets in your vibe-coded app
Start new thread
Adam Balogun

Yikes - Find auth gaps and leaked secrets in your vibe-coded app

by
Stop shipping security holes. Yikes scans your Next.js + Supabase repo and tells you exactly how you'd get hacked — in plain English. → NEXT_PUBLIC_ secrets exposing your database to everyone → Supabase RLS disabled so users can read each other's data → API routes with no auth checks → Missing rate limits on login/signup Every finding includes a copy/paste fix. No security expertise needed.

Add a comment

Replies

Best
Adam Balogun
Maker
📌
Hey Product Hunt! 👋 I built Yikes because I kept seeing the same security mistakes in vibe-coded apps: NEXT_PUBLIC_ prefixed secrets that expose your entire database, Supabase tables with RLS disabled, API routes anyone can call without auth. These aren't edge cases. They're in almost every indie hacker project I've reviewed. Traditional security scanners give you a 40-page PDF full of CVE numbers. Yikes gives you 2-5 findings that say "here's exactly how someone would hack you" with the exact code to fix it. I'm a solo founder building this in public. The $49.99 tier is literally me reading your code and opening a PR: no AI middleman. Would love your feedback. Try scanning any public GitHub repo for free: https://yikes-security.vercel.app What security issues worry you most about AI-generated code?