A lightweight, client-side security tool that scans pasted code for common vulnerabilities before it reaches production.
Perfect for quickly identifying insecure patterns in HTML, JavaScript, and CSS — all offline.
Live Demo: (Coming soon)
- ⚡ Real-time scanning — Detects issues instantly as you paste code.
- 🛡️ Vulnerability checks for:
eval()andinnerHTMLinjections- Insecure HTTP requests
- Hardcoded credentials
- Inline event handlers (XSS risk)
- 🔍 Detailed feedback — Shows why something is risky and how to fix it.
- 📦 100% client-side — No server calls, runs entirely in the browser.
- 🌙 Dark mode for better accessibility.
- HTML5
- CSS3 (responsive, accessible UI)
- Vanilla JavaScript (ES6+)
- No frameworks — zero dependencies.
- Paste your source code into the input box.
- The app runs a set of regex-based security checks in the browser.
- A list of detected issues + severity ratings is displayed.
- Suggestions are provided for safe alternatives.
# Install dependencies
npm ci
# Run locally
npm run devThen open: http://127.0.0.1:5173
Add AI-powered code review via OpenAI API
Export scan reports as PDF
Support scanning entire repos
👨💻 Author
Built by Giuseppe — Mathematics BSc Hons | Aspiring Software Engineer & Cybersecurity Enthusiast.