Vibe Coding Security, Handled – SafeVibe.dev

Home Screen
Check you code for security issues - Github / ZIP upload
Security check results
Fix Security Issues with AI
Past Scans
Blog
Bug Reports
Profile

Inspiration

As vibe coding tools empower more non-technical founders to ship apps at lightning speed, I saw a growing risk: shipping features without security checks can lead to leaked API keys, exposed user data, and surprise bills. I experienced this firsthand when my first “vibe-coded” project ran up thousands of dollars in unauthorized API charges overnight. That wake-up call inspired me to build a simple, zero-install way for creators to scan their apps before going live.

What I Built

SafeVibe.dev is a browser-based security scanner that:

Accepts vibe-code project's GitHub repos, or ZIP
Strips it of sensitive files like .env
Runs entirely in browser
Highlights OWASP issues (CORS, CSP, environment leaks, outdated deps)
Produces a security assessment and returns to you a bolt.new prompt of which files need security fixes/privacy pathces.

How I Built It

Bolt.new scaffolded the UI and frontend components—GPT-4 prompted Bolt to spin up the initial pages.
I hand-wrote some of the backend and spun up GPT Assistants.
Tried to do all of the Supabase Edge Functions in bolt but gave up because i could not make secure scanning and avoid logging secrets.
Integrated Stripe payment flows in prod (OAuth, webhooks, CORS), which turned out to be surprisingly intricate.
Deployed styling with Tailwind, continuous deployment via Netlify, and polished my demo videos in Descript.

Challenges & Learnings

Security mindset: Treat security as your launch gate, not an afterthought—every release needs a pulse check.
Edge debugging: Wiring up Supabase Edge Functions and keeping file-watch triggers from overwriting my code was a deep dive.
Payments in production: Getting Stripe’s webhooks, secret rotation, and header rules just right took dedicated late-night sessions.