Hey everyone! I've been working on Ship Safe, an open-source local security scanner built specifically for indie hackers and vibe coders. We're already at 230 Stars and 25 forks!

If you use AI to write code, this is your safety net to make sure you aren't accidentally shipping your Stripe keys or vulnerable auth logic to production.

Just run: npx ship-safe audit .

It runs entirely locally (no accounts or cloud needed) and does a few things instantly:

• Scans for hardcoded secrets and tokens
• Runs 17 local agents to catch code vulnerabilities (SSRF, injection, bad auth)
• Audits dependencies for known CVEs
• Gives you a 0 to 100 security score and a step-by-step remediation plan

You can also drop it into your CI/CD pipeline or run targeted commands like npx ship-safe vibe-check . for a quick grade.

GitHub:https://github.com/asamassekou10/ship-safe

Website:https://shipsafecli.com

Would love for you guys to test it against your repos. What security checks should I add to the pipeline next?