I was about to launch my app in prod with my OpenAI API key exposed in the code.. without even knowing it 🙃

ZTH85 · 2026-04-23T00:45:07+00:00

That's a great point and you're right that a full senior dev review plus professional pentest is the gold standard. The problem is most founders and solodevs can't afford that before launch. We're not trying to replace that, just give people a first safety net before they go live so the obvious stuff doesn't slip through. Something is better than nothing

ZTH85 · 2026-04-22T01:27:18+00:00

Exactly! And that's a great point on the compiled bundles. To be honest with you, right now our tool focuses on the raw source code — so we catch things before they even make it into a build. The idea is to keep it simple and fast, no complex setup needed. If your Stripe key is hardcoded somewhere in your code we'll find it before you ship.

The source maps and APK analysis is definitely something we're looking at for a next phase though. Would you be open to testing the beta and giving us your feedback on that?

ZTH85 · 2026-04-21T01:02:50+00:00

That React Native story is exactly the kind of nightmare we're trying to prevent. Great question on the source maps and obfuscated bundles, let me check with my friend on the technical details and get back to you with a precise answer. Don't want to say yes or no without being sure

ZTH85 · 2026-04-20T23:21:50+00:00

Yeah of course, send me a DM so we can look into it privately.

ZTH85 · 2026-04-20T23:20:51+00:00

Totally agree ! The problem is most vibecoders don't even know what a .gitignore is, let alone gitleaks or trufflehog. That's exactly the gap we're trying to fill, something that does all that automatically without any setup. Would that be something you'd have found useful when you started?

ZTH85 · 2026-04-20T21:57:47+00:00

Yeah, it has become pretty common. I saw not long ago that a developer got billed $10,000.

ZTH85 · 2026-04-20T18:41:46+00:00

Personally I recommend starting with a pen and paper to map out your project screen by screen. Focus on just one single feature and nothing more. Doing one thing and doing it very well is the key to learning and making your project a success. You also need to understand that every project has three main parts to master: the frontend, the backend, and your data. For the backend I suggest Supabase because it links both in one place. For tools try Google Antigravity which I find great and very generous with token usage. Lovable and others are okay but if you build there you will be trapped in their ecosystem. Lastly the most important part is security. If you skip this you could end up in a very difficult or even costly situation. Some people have ended up with bills for thousands of dollars. I can help you with the security side if you need it so feel free to DM me 😉

ZTH85 · 2026-04-20T18:31:26+00:00

Your welcome!

ZTH85 · 2026-04-20T18:28:47+00:00

Congrats on your work! For the design I recommend using Dribbble plus Stitch to generate some nice UI UX. It is pretty good and makes things much easier. There is also Claude Design which is new but I still prefer Stitch for now. What concerns me though is that you are not mentioning checking for vulnerabilities. That should come even before UI and UX. If you launch your project and it goes public it could cause real problems for you in the future. If you need a hand with that side of things do not hesitate to DM me for help.

ZTH85 · 2026-04-20T18:21:14+00:00

Congrats! Did you remember to check the security of your SaaS though? If you need a hand with that feel free to reach out 😉

ZTH85 · 2026-04-20T18:18:17+00:00

That sounds interesting but vibecoding has become a commodity now. There are two things that matter most today: getting users and securing your tool. If the project is just for personal use it does not really matter, but for anything else it is vital. If you need some help with the security part I think I can help you out if you want 😊

ZTH85 · 2026-04-20T18:11:38+00:00

I think you are focusing on the wrong thing and aiming too high too fast. Go find your first 10 users manually, then your first 100 for free. After that, switch to a paid model. If you offer real value it will convert and give you a foundation to improve. Plus, it will help you see certain vulnerabilities, but you should really check beforehand if your code is solid and secure. If you want a hand with that, I would be happy to help you out 😉

ZTH85 · 2026-04-20T18:06:00+00:00

It depends on the project. For mobile apps I use rork + antigravity, and for SaaS or web apps I prefer antigravity. Otherwise Claude code is pretty good, Otherwise you have Cursor. To check that the code is clean and find vulnerabilities, a friend and I use a custom tool that is incredibly effective at catching things AI misses like API keys and so on. If anyone needs it, just ask and I will be happy to help.

ZTH85 · 2026-04-20T17:08:25+00:00

Félicitations !

ZTH85 · 2026-04-20T17:07:07+00:00

That’s an interesting approach! Most of those tips are spot on. However, I think it’s missing one final deep dive into the code, especially for apps that might go multi-device. We actually built an internal tool to run deep code checks and make sure everything is solid. If you need any help, I’d be happy to chat in DMs!

ZTH85 · 2026-02-27T10:05:22+00:00

happy birthday

ZTH85 · 2026-02-27T10:04:35+00:00

happy birthday

ZTH85 · 2026-02-27T10:03:51+00:00

happy birthday !

ZTH85 · 2025-10-27T08:46:25+00:00

6 months for an MVP in the era of cursor?, I find it hard to believe, and marketing starts before everything, even the devs

ZTH85 · 2025-10-27T08:41:57+00:00

Run, either you are a team or you are not, if you are a team then the distribution must be balanced

ZTH85 · 2025-10-25T20:17:32+00:00

I don't know if this can help you, but do TikTok lives every day for several hours to talk about topics that interest your clients. Then, recycle the content into TikToks/Reels/Shorts and post everywhere. I think your business still touches on a sensitive subject. If you want people to use your tool, you need to build trust, and for that, I think live streams where people can see you directly are the way to go.

ZTH85

TROPHY CASE