VibeSec is a local-first, framework-aware security scanner that starts with modern JavaScript/TypeScript apps. It's designed to think like a developer. It runs locally on your machine, fitting into your CLI workflow and gating your CI pipelines without ever requiring you to upload your source code.
Why VibeSec?
In a world where AI-assisted development (Cursor, Gemini, Claude, Codex etc) allows us to ship code faster than ever, the risk of introducing critical security vulnerabilities increases. VibeSec provides an instant safety net that:
- Runs Locally: Your code never leaves your machine. Analysis is performed by a native engine.
- Framework Aware: Automatically detects Next.js, Astro, SvelteKit, and more to apply specialized rules.
- Developer Centric: Outputs readable CLI findings and integrates directly with your existing tools.
- Zero Friction: No accounts or cloud configuration required to start scanning.
VibeSec never executes repository code. Scans are passive and read-only.
Installation
Global install (Recommended)
Install the CLI globally to use the vibesec command from any project.
npm install -g @reliabilityworks/vibesecProject-level install
Alternatively, add it to your project's development dependencies.
npm install -D @reliabilityworks/vibesecThen run via npx vibesec.
Core Capabilities
Scanning
The primary command is scan. By default, it scans the current directory and automatically detects the framework.
# Basic scan
vibesec scan .
# Explicit framework selection
vibesec scan . --framework nextjs
# Fail based on severity (exit code 1)
vibesec scan . --fail-on highOutput Options
VibeSec supports multiple output formats to suit different needs:
- CLI: Human-readable output for terminal use (default).
- SARIF: Static Analysis Results Interchange Format for GitHub Code Scanning.
- JSON: Machine-readable data for custom integrations.
- HTML: Self-contained report for local review.
# Export SARIF for GitHub
vibesec scan . --output sarif --out-file vibesec.sarif
# Generate HTML report
vibesec scan . --output html --out-file report.htmlNext steps
- Explore the Rules & findings to understand the results.
- Fine-tune your scan in Configuration.
- Learn how to automate scans in CI/CD.
- See the complete CLI reference.