Open Source MIT License

Is your AI-coded app safe?

One command to audit your Next.js project for security issues AI introduced. Get a Vibe Safety Score, generate AI safety rules, and scaffold features that match your code.

$ npx launchcrate audit |
View on GitHub 
$ npx launchcrate audit

  Launch Crate Audit
  Scanned 3,051 files

  ┌─────────────────────────────────────┐
    Vibe Safety Score: B (71/100)       
  └─────────────────────────────────────┘

  Breakdown:
    Authentication       ████████████████████ 100%
    Injection Safety     ░░░░░░░░░░░░░░░░░░░░   0%
    Secrets Management   █████████████████░░░  85%
    Input Validation     ████████████████████ 100%
    Error Handling       ████████████████████ 100%

  CRITICAL (8)
     src/lib/db/jira.ts:181 — SQL injection risk
     src/app/api/admin/route.ts:145 — String concat in query
      ... 6 more

  WARNING (5)
     src/app/blog/page.tsx:163 — dangerouslySetInnerHTML
      ... 4 more

Three commands. Full protection.

AI breaks things in predictable ways. Launch Crate finds the damage, prevents future breakage, and builds new features safely.

Audit

Find what AI broke. Scans for unprotected routes, SQL injection, hardcoded secrets, missing validation, and error leaks.

npx launchcrate audit

Guard

Prevent future breakage. Auto-generates CLAUDE.md and .cursorrules tailored to your project's architecture.

npx launchcrate guard

Scaffold

Build safely. AI generates complete features (API routes, pages, components) that match your existing code patterns.

npx launchcrate scaffold

What the audit catches

The security issues AI coding tools create most often.

Unprotected API routes

AI creates endpoints without auth checks. Launch Crate finds every one.

SQL injection

String concatenation in queries. AI does this constantly with template literals.

Hardcoded secrets

API keys, tokens, and passwords that AI dropped into your source code.

Missing input validation

Request bodies used raw without Zod, Yup, or any validation layer.

Stack trace leaks

Error details and stack traces exposed in API responses.

XSS via dangerouslySetInnerHTML

User-controlled content rendered without sanitization.

Works with your stack

Launch Crate auto-detects your project configuration. No setup required for audit.

N
Next.js
Ts
TypeScript
P
Prisma
D
Drizzle
Na
NextAuth
C
Clerk
Tw
Tailwind
Sb
Supabase

Also supports: raw SQL (pg/mssql), Mongoose, Auth0, CSS Modules, styled-components

Add to your CI pipeline

Block unsafe merges automatically. Exits with code 1 on critical findings.

.github/workflows/audit.yml 
name: Vibe Safety Check
on: [pull_request]
jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx launchcrate audit

Find out in 30 seconds.

$ npx launchcrate audit
Star on GitHub View on npm