← 返回
未分类

VibeSafe Starter — Minimum Security for Vibe Coders

Provides a minimal, zero-config security starter pack for Vibe coders to detect known vulnerabilities, unmaintained packages, and credential leaks before ins...
为 Vibe 程序员提供最小化、零配置的安全启动包,用于在集成前检测已知漏洞、未维护的包和凭证泄露。
nerua1 nerua1 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 269
下载
💾 0
安装
1
版本
#audit#latest#minimal#npm#security#starter#vibe-coding

概述

VibeSafe Starter — Your First Security Pack

> 3 files. 2 minutes. No more "it works on my machine" disasters.

You vibe-code with AI agents. Cool. But here's what AI won't tell you: 67% of npm packages used in AI-generated projects have known vulnerabilities. The AI doesn't check. It just imports.

This starter pack catches the obvious stuff before it catches you.

What You're Risking (Right Now)

Every time an AI agent writes npm install or pip install without checking:

RiskReality
---------------
Known CVEsPublic vulnerabilities that attackers already exploit
Abandoned packagesLast updated in 2022. No fixes coming.
Credential leaks.env files committed to git. API keys in code.
Supply chain attacksMalicious packages that look legitimate
Unmaintained dependencies47% of npm packages have no active maintainer

One vulnerable dependency → your entire project is compromised.

The Fix (3 Files)

1. .github/workflows/security.yml

Drop this into any repo. Runs on every push.

2. audit.sh

Run before npm install. Catches critical CVEs.

3. checklib.sh

Check a library before adding it to your project.


Quick Start

# Clone into your project
git clone https://github.com/nerua1/vibe-safe-starter.git
cp vibe-safe-starter/.github/workflows/security.yml .github/workflows/
cp vibe-safe-starter/audit.sh .
cp vibe-safe-starter/checklib.sh .
chmod +x audit.sh checklib.sh

# Check a library before installing
./checklib.sh react
./checklib.sh flask

# Audit your dependencies
./audit.sh

The Numbers

  • 67% of AI-suggested npm packages have known vulnerabilities
  • 47% of npm packages are unmaintained
  • 1 in 10 GitHub repos leak credentials
  • Average CVE goes undetected for 208 days before disclosure

Your AI agent will happily install all of them. This pack won't.


Extend It

This is the minimum. If you want more:

NeedSolution
----------------
VS Code integrationVibeSafe Extension
AI-powered risk explanationVibeSafe AI Explain
Multi-agent HARNESSVibeSafe HARNESS §14
Full audit pipelineVibeSafe Full
Dashboardvibe-safe/tools/dashboard.py --html

Philosophy

  • 80/20 rule: Catch 80% of risks with 20% of effort
  • Non-blocking: Suggests, doesn't block your flow
  • Zero config: Drop in, works immediately
  • Minimal: 3 files. No frameworks. No databases.

Built by nerua1. ⭐ Star if this saves you from a security incident.

PayPal.me/nerudek

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-08 04:16 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,026
ai-agent

Multi-Agent AI Setup Guide

nerua1
经过实战验证的 Apple Silicon(Mac Mini M4)多智能体 AI 系统安装指南。涵盖:安装顺序(先装 Claude Code),本地编排的内存实际需求...
★ 0 📥 501
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,084