Production-readiness scanner for AI/vibe-coded projects

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for nyxtoolsdev from gravatar.com nyxtoolsdev

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: NyxTools
  • Tags code-quality , security-scanner , production-readiness , vibe-coding , ai-code , hipaa , healthcare , static-analysis
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

Vibe Check

Production-readiness scanner for AI-generated and vibe-coded projects.

PyPI Python License

AI-assisted coding is fast. Shipping it to production without checking for security holes, missing tests, and bad patterns is dangerous. Vibe Check scans your project in seconds and gives you a letter grade (A-F) across 6 categories.

$ vibe-check scan .

  Vibe Check Report — Grade: B (74/100)

  Category        Score  Grade  Findings
  ──────────────  ─────  ─────  ────────
  Security          70     B       2
  Testing           85     A       1
  Code Quality      90     A       1
  Architecture      80     B       2
  Dependencies      95     A       0
  HIPAA             --    Pro      -

Install

pip install vibe-code-check

Requires Python 3.10+.

Quick Start

# Scan current directory
vibe-check scan .

# JSON output for CI pipelines
vibe-check scan . -f json

# Markdown report
vibe-check scan . -f markdown -o report.md

# Scan only security + testing
vibe-check scan . -c security -c testing

# CI mode — fail if grade below B
vibe-check scan . --ci --threshold B

What It Scans

Security (30% of score)

Rule Severity What it catches
SEC-001 FAIL Hardcoded API keys, passwords, tokens, AWS credentials
SEC-002 FAIL SQL injection via string interpolation
SEC-003 FAIL eval() / exec() usage
SEC-004 WARN Debug mode left enabled
SEC-005 WARN Wildcard CORS (Access-Control-Allow-Origin: *)
SEC-006 FAIL dangerouslySetInnerHTML without DOMPurify
SEC-007 FAIL Hardcoded database connection strings with credentials
SEC-008 FAIL Unsafe deserialization (pickle.load, yaml.load without SafeLoader)
SEC-009 FAIL Shell injection (subprocess with shell=True, os.system())
SEC-010 WARN Path traversal via user input in file operations
SEC-011 FAIL .env files not in .gitignore

Testing (20% of score)

Rule Severity What it catches
TST-001 FAIL No test directory found
TST-002 WARN Missing test files for source modules
TST-003 FAIL/WARN Low test-to-source ratio (<0.3 fail, <0.5 warn)
TST-004 WARN No test runner configuration

Code Quality (15% of score)

Rule Severity What it catches
CQ-001 WARN Functions longer than 50 lines
CQ-002 WARN Files longer than 500 lines
CQ-003 WARN Deeply nested code (>4 levels)
CQ-004 FAIL/WARN Excessive TODO/FIXME/HACK comments

Architecture (15% of score)

Rule Severity What it catches
ARC-001 WARN God files (>500 lines)
ARC-002 INFO Missing error handling (no try/except or try/catch)
ARC-003 WARN Bare except: clauses (catches SystemExit)
ARC-004 INFO Missing type hints in Python files

Dependencies (10% of score)

Rule Severity What it catches
DEP-001 WARN Missing lock file
DEP-002 WARN Unpinned dependency versions
DEP-003 WARN Wildcard or "latest" versions in package.json
DEP-004 FAIL/WARN Excessive dependencies (>50 fail, >30 warn)

HIPAA Compliance (10% of score) -- Pro

Rule Severity What it catches
HIPAA-001 FAIL PHI fields in log/print statements
HIPAA-002 FAIL Missing HTTPS/TLS configuration
HIPAA-003 WARN No audit logging detected
HIPAA-004 FAIL PHI fields in error handling blocks
HIPAA-005 WARN No session timeout configuration
HIPAA-006 WARN Database operations without encryption library

Grading Scale

Grade Score Meaning
A 85-100 Production-ready
B 70-84 Good, minor issues
C 55-69 Needs work before shipping
D 40-54 Significant issues
F 0-39 Not ready for production

CI/CD Integration

# GitHub Actions
- name: Vibe Check
  run: |
    pip install vibe-code-check
    vibe-check scan . --ci --threshold B

# GitLab CI
vibe-check:
  script:
    - pip install vibe-code-check
    - vibe-check scan . --ci --threshold B -f json -o vibe-report.json
  artifacts:
    paths:
      - vibe-report.json

The --ci flag exits with code 1 if the overall grade falls below --threshold (default: C).

Output Formats

Format Flag Use case
Terminal -f terminal Human-readable with colors (default)
JSON -f json CI pipelines, dashboards
Markdown -f markdown PR comments, reports
All -f all Generate all formats at once

Pro: HIPAA Compliance Module

The HIPAA scanner detects PHI handling violations specific to healthcare applications -- context-aware detection that distinguishes patient_ssn from patient_count.

# Activate with a license key
vibe-check scan . --license-key YOUR_KEY

# Or set as environment variable
export VIBE_CHECK_LICENSE_KEY=YOUR_KEY
vibe-check scan .

Get a Pro license at nyxtools.gumroad.com.

Supported Languages

  • Python (.py)
  • JavaScript (.js, .jsx)
  • TypeScript (.ts, .tsx)
  • Go (.go), Java (.java), Ruby (.rb), Rust (.rs) -- file discovery and basic checks

How Scoring Works

Each category starts at 100 points. Deductions:

  • FAIL finding: -15 points
  • WARN finding: -5 points
  • INFO finding: -1 point

The overall score is a weighted average across all categories. Security is weighted heaviest at 30% because a single security vulnerability can take down your entire application.

Built by NyxTools

Part of the NyxTools suite of developer and healthcare IT tools.

NyxTools - NyxTools

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for nyxtoolsdev from gravatar.com nyxtoolsdev

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT
  • Author: NyxTools
  • Tags code-quality , security-scanner , production-readiness , vibe-coding , ai-code , hipaa , healthcare , static-analysis
  • Requires: Python >=3.10
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vibe_code_check-0.2.0.tar.gz (59.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vibe_code_check-0.2.0-py3-none-any.whl (69.8 kB view details)

Uploaded Python 3

File details

Details for the file vibe_code_check-0.2.0.tar.gz.

File metadata

  • Download URL: vibe_code_check-0.2.0.tar.gz
  • Upload date:
  • Size: 59.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.5

File hashes

Hashes for vibe_code_check-0.2.0.tar.gz
Algorithm Hash digest
SHA256 e4f8c5ef72510fee31665128b1442785cda31f8e3844a40826f5cf08de74feb5
MD5 a497911c22e981b2d2504544a9cccdbf
BLAKE2b-256 85253a860af182130ff359f321f8e53a23b9655e39a5b5a4f75d33a2cf419c0a

See more details on using hashes here.

File details

Details for the file vibe_code_check-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for vibe_code_check-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 81a449f7fa8e50131f4c061a05536dbfb28d9603171012d3f00e2708c4e07acc
MD5 46124061b5901fb21051f88796c6e7a5
BLAKE2b-256 f54afefae93c888880262f9b02812d7e2294775f8040e29f84fba2b0cf3e9e0c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page