About VibeAudit
The trust layer for AI-built software. VibeAudit audits AI-generated JavaScript/TypeScript projects for production readiness and generates remediation prompts you can paste right back into your AI coding agent.
The Problem
AI generates code but not production-grade software. Non-technical builders using Lovable, Bolt, Replit, and Cursor get apps that feel done but aren't — missing security, error handling, testing, and scalability. The result: insecure, fragile apps deployed to real users.
What We Check
29 checkers across three categories:
Security
- Hardcoded secrets
- SQL injection
- XSS vectors
- Missing CORS/Helmet
- Exposed routes
- Env file exposure
Error Handling
- Empty catch blocks
- Missing error boundaries
- Unhandled promises
- Missing global handler
Structure
- No tests
- No CI/CD
- No rate limiting
- No input validation
- No TypeScript
- Missing .gitignore
Plus framework-specific checks for Supabase (6 checkers) and Firebase (5 checkers).
Scoring
Every project starts at 100. Points are deducted by severity:
| Severity | Deduction | Max per checker |
|---|---|---|
| Critical | -15 | -30 |
| High | -8 | -20 |
| Medium | -4 | -12 |
| Low | -2 | -6 |
Grades: A (90+), B (75-89), C (50-74), D (25-49), F (0-24).
CLI
Run locally on any JS/TS project:
Same 29 checks, same scoring. Works offline. No data sent anywhere.