RSS

Scanned React source code: 659 security issues, one real GitHub token found

shipfastcli2 pts0 comments

GitHub - xiaohou2503687-design/guardrail: One-command security scanner. 40+ rules for secrets, OWASP and deps. Scanned React: F grade. · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

xiaohou2503687-design

guardrail

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>9 Commits<br>9 Commits

bin

bin

docs

docs

src

src

.gitignore

.gitignore

LICENSE

LICENSE

PROJECT-ASSESSMENT.md

PROJECT-ASSESSMENT.md

README.md

README.md

package-lock.json

package-lock.json

package.json

package.json

View all files

Repository files navigation

棣冩礉閿?GuardRail

One-command security scanner for indie projects. Find secrets, OWASP vulns, and bad deps before they find you.

npx guardrail scan

棣冩Ш The Problem

Every week, indie developers accidentally push API keys to GitHub. 90% of solo projects have zero security scanning. One leaked key = one drained AWS bill.

GuardRail fixes this. One command. No config. No SaaS BS.

閳?Quick Start

# Scan your project<br>npx guardrail scan

# Scan a specific directory<br>npx guardrail scan --path ./my-app

# Export a Markdown report<br>npx guardrail report

# JSON output for CI/CD<br>npx guardrail scan --json

棣冩敵 What It Scans

Scanner<br>What It Finds<br>Rules

棣冩斀 Secrets<br>AWS keys, GitHub tokens, Stripe keys, OpenAI/Claude/DeepSeek API keys, Slack webhooks, DB URLs, private keys<br>15 regex rules

棣冩憹 Dependencies<br>npm audit + 30+ known CVEs (lodash, axios, next, vite, express...)<br>Built-in vuln DB

棣冩偘 OWASP<br>XSS, SQL injection, eval(), command injection, insecure CORS, debug mode<br>15 patterns

閳挎瑱绗?Config<br>.gitignore gaps, Docker :latest, .npmrc tokens, YAML secrets<br>6 checks

棣冩惓 Example Output

閳烘柡鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫧<br>閳? 棣冩礉閿? GuardRail Security Scan Report 閳?閳烘埃鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ櫜閳烘劏鏅查埡鎰ㄦ殕

Security Score: 72/100 Grade: C

2 CRITICAL 3 HIGH 5 MEDIUM 1 LOW

棣冩斀 Secrets & Credentials (2)<br>棣冩暥 CRITICAL .env<br>AWS Access Key ID exposed<br>棣冩暥 CRITICAL src/config.js:15<br>Stripe Live Secret Key exposed

棣冩憹 Dependencies (3)<br>棣冩暥 CRITICAL next@14.0.0<br>Server-Side Request Forgery (CVE-2024-46995)<br>Fix: Update to next@^14.2.15

棣冩尩 Pricing

Plan<br>Price<br>Features

Free<br>$0 forever<br>CLI scanner, all 40+ rules, terminal report

Pro<br>$12/mo<br>CI/CD integration, history tracking, AI fix suggestions

Lifetime<br>$99 once<br>Everything in Pro, forever

棣冩啝 Buy Pro / Lifetime

棣冨皞 Why GuardRail?

Zero config 閳?works on any project instantly

40+ detection rules 閳?secrets, OWASP, deps, config

Offline-first 閳?no data sent anywhere

Open source 閳?MIT license, audit the code yourself

CI/CD ready 閳?--json flag for GitHub Actions

棣冾檪 Sponsors & Support

鐚?Star this repo if you find it useful!

Built with 閴傘倧绗?by chunfeng3681 | MIT License

🧰 More Tools

💰 PayFlow — Stripe analytics for indie hackers

🔍 SEOmatic — AI content cluster generator

🚀 ShipFast — One-command deploy

About

One-command security scanner. 40+ rules for secrets, OWASP and deps. Scanned React: F grade.

Topics

cli

security

scanner

secrets

owasp

Resources

Readme

License

MIT license

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

stars

Watchers

watching

Forks

forks

Report repository

Releases

v0.1.0 - Initial Release

Latest

Jun 22, 2026

Packages

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

JavaScript<br>100.0%

You can’t perform that action at this time.

guardrail security secrets json scan github

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.