VibeSafe Logo

    Ship Fast. Stay Safe.

    Secure your Ai-generated code in 60 seconds.

    Loading download stats...

    License: MITnpm version for vibesafe

    Supercharge any AI-enabled IDE

    VS Code icon
    VS Code
    Cursor icon
    Cursor
    v0.dev icon
    v0.dev
    Replit icon
    Replit
    Firebase Studio icon
    Firebase Studio
    Windsurf icon
    Windsurf

    The vibeSafe OSS Stack

    NPM Package

    View on GitHub

    PyPI Package

    MCP Server

    View on GitHub

    Developers ship faster than ever.
    Security hasn't kept up.

    AI-native Development

    Tools like Cursor, v0.dev, and Windsurf have dramatically changed how developers build applications, lowering barriers for entrepreneurs and hobbyists.

    Security Shortcuts

    In the rush to ship products, security best practices are often skipped or postponed, creating vulnerabilities that can be exploited.

    Knowledge Gap

    New developers lack security expertise, while AI coding agents remain too single-focused to suggest or properly implement security best practices.

    VibeSafe is here to close the gaps, and support the future of Development.

    What vibeSafe Detects

    Insecure HTTP Methods (e.g., open PUT, DELETE)
    Exposed Environment Variables
    Hardcoded Secrets (e.g., API keys, tokens)
    Missing HTTP Security Headers
    Directory Traversal Risks
    Open Debug Routes / Tools
    Outdated / Vulnerable Packages
    Weak JWT Secret Configs
    Improper Input Validation
    Sensitive Files in Public Repo (e.g., .env, .git, config.yml)
    🧠

    AI-Powered Fix Suggestions

    New

    Our newest feature provides intelligent remediation steps for detected issues, helping you fix vulnerabilities faster.

    10+

    Security checks

    100%

    Free to use

    50+

    JS Libraries Supported

    Built for What's Coming

    Top 10 Most Common Vulnerabilities

    Already scanned automatically

    • Insecure HTTP Methods (e.g., open PUT, DELETE)
    • Exposed Environment Variables
    • Hardcoded Secrets (e.g., API keys, tokens)
    • Missing HTTP Security Headers
    • Directory Traversal Risks
    • Open Debug Routes / Tools
    • Outdated / Vulnerable Packages
    • Weak JWT Secret Configs
    • Improper Input Validation
    • Sensitive Files in Public Repo (e.g., .env, .git, config.yml)
    Complete
    🧪

    Top 10 Most Dangerous Attack Vectors

    In development for next release

    • Phishing Attacks
    • Ransomware
    • Malware
    • Social Engineering
    • Credential Theft
    • Software Vulnerabilities
    • Denial-of-Service (DoS) and DDoS Attacks
    • Man-in-the-Middle (MitM) Attacks
    • Supply Chain Attacks
    • Insider Threats
    In Progress
    🧠

    Red Team AI Swarms

    Simulated attack agents that pressure-test your production code in real time.

    Coming Soon
    🔒

    Hacker KillBoxs

    AI-powered killzones that isolate threats, alert swarms, and trace intrusions.

    Coming Soon

    Latest from Vibe Coding 101

    Secure Your AI-Powered Installs: Introducing `secure-install` for VibeSafe MCP!

    VibeSafe MCP Server gets a powerful upgrade! `secure-install` analyzes npm packages *before* installation, protecting your AI coding agent from malicious or hallucinated packages.

    By Justin Mendez
    product-updates

    VibeSafe DevSecOps MCP is Here!

    Announcing the VibeSafe MCP Server! Seamlessly integrate real-time security scans into your AI-powered IDEs like Cursor, empowering your LLM to code securely.

    By Justin Mendez
    product-updates

    VibeSafe v1.3.0: Stop Slopsquatting with Secure Package Installation!

    VibeSafe v1.3.0 is here, introducing 'vibesafe install' to protect you from AI-hallucinated packages and slopsquatting attacks. Install npm packages with greater confidence!

    By Justin Mendez
    product-updates

    Quick Start

    npm i -g vibesafe
    vibesafe scan