Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing.
Project description
๐ต vibescore
Grade your vibe-coded project. One command. Instant letter grade.
"Vibe coding" is the new reality โ you prompt, AI writes, you ship.
But is your vibe-coded project actually good?
Find out in 10 seconds.
$ vibescore .
๐ต Vibe Check v0.1.0
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Project: tokonomics
Files: 40 (32 Python, 8 other)
Lines: 4,658
Scanned in 0.12s
โโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโ
โ Category โ Score โ Grade โ
โโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโค
โ Code Quality โ 52.0 โ F โ
โ Security โ 100.0 โ A+ โ
โ Dependencies โ 98.0 โ A+ โ
โ Testing โ 100.0 โ A+ โ
โโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโค
โ Overall โ 87.6 โ B+ โ
โโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโ
๐ก Warnings (11)
VC201 Function 'export_svg_chart' too long (102 lines)
VC202 Function '_build_cli' high complexity (30)
VC203 Function 'export_svg_chart' has 6 parameters (>5)
...
๐ก Tips
โข Reduce function complexity and add type annotations
Install
pip install vibescore
That's it. Zero dependencies. Works with Python 3.9+.
Usage
# Grade the current directory
vibescore .
# Grade a specific project
vibescore /path/to/project
# JSON output (for CI pipelines)
vibescore . --format json
# Fail CI if score is below threshold
vibescore . --min-score 70
As a Python library
from vibescore import scan
report = scan(".")
print(f"Grade: {report.overall_grade} ({report.overall_score:.0f}/100)")
for category in report.categories:
print(f" {category.name}: {category.grade}")
What It Checks
| Category | Checks | Codes |
|---|---|---|
| Code Quality | Function length, cyclomatic complexity, parameter count, type annotations, nesting depth, star imports, docstrings, mutable defaults | VC201โVC209 |
| Security | Hardcoded secrets, AWS keys, SQL injection, shell injection, unsafe deserialization, eval/exec, debug mode, private keys | VC301โVC309 |
| Dependencies | Version pinning, lock files, deprecated setup.py, wildcard pins | VC401โVC405 |
| Testing | Test file presence, test count, CI configuration, conftest.py, test-to-code ratio | VC501โVC506 |
Grading Scale
| Grade | Score | Grade | Score |
|---|---|---|---|
| A+ | 97โ100 | C+ | 77โ79 |
| A | 93โ96 | C | 73โ76 |
| A- | 90โ92 | C- | 70โ72 |
| B+ | 87โ89 | D+ | 67โ69 |
| B | 83โ86 | D | 63โ66 |
| B- | 80โ82 | D- | 60โ62 |
| F | 0โ59 |
CI Integration
GitHub Actions
- name: Vibe Check
run: |
pip install vibescore
vibescore . --min-score 70
Pre-commit (manual)
# In your Makefile or CI script
vibescore . --min-score 70 --format json > vibe-report.json
Pre-commit
repos:
- repo: https://github.com/stef41/vibescore
rev: v0.1.0
hooks:
- id: vibescore
args: ["--min-score", "70"]
How Scoring Works
Each category is scored 0โ100 independently. The overall score is a weighted average:
| Category | Weight |
|---|---|
| Security | 30% |
| Code Quality | 25% |
| Testing | 25% |
| Dependencies | 20% |
Security is weighted highest because a security bug in vibe-coded projects can be catastrophic.
Why vibescore?
Vibe coding means AI writes most of your code. That's fast, but it introduces risks:
- AI hallucinates long functions that are hard to debug
- AI skips security basics like input validation and secret management
- AI often omits tests or writes superficial ones
- AI uses loose dependency pins that break on updates
vibescore catches these patterns in seconds, so you can ship fast and ship safe.
FAQ
Q: Does this only work with Python?
A: Currently Python-focused for code quality and testing analysis. Security and dependency checks work with any project type. More languages coming soon.
Q: Does it phone home or require an API key?
A: No. Zero network requests. Zero dependencies. Runs entirely offline.
Q: How is this different from pylint/ruff/flake8?
A: Those are line-level linters. vibescore gives you a project-level grade across security, quality, testing, and dependencies โ a holistic view of your vibe-coded project's health. Use both.
See Also
Tools in the same ecosystem:
- tokonomics โ LLM token cost management
- injectionguard โ Prompt injection detection
- vibesafe โ AI code safety scanner
- castwright โ Synthetic training data generator
- infermark โ LLM inference benchmarking
License
Apache-2.0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vibescore-0.5.0.tar.gz.
File metadata
- Download URL: vibescore-0.5.0.tar.gz
- Upload date:
- Size: 48.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c14d60f7adb0aa3cce8b613dde061483143316bc4e699cf11b17577f57773ef5
|
|
| MD5 |
1969f214f285acc3b4902ee44363682d
|
|
| BLAKE2b-256 |
a7f68c9cbb9438da558861ac2abd5790fdf97d0ed91773bfb5bdb6add4aa386e
|
File details
Details for the file vibescore-0.5.0-py3-none-any.whl.
File metadata
- Download URL: vibescore-0.5.0-py3-none-any.whl
- Upload date:
- Size: 39.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f87a72bf3e16564015b9e33a9b953627015ae517554578a286982168734b9aeb
|
|
| MD5 |
edcc05d9593f92fa714e9fb9691c6a1e
|
|
| BLAKE2b-256 |
afecfd085c7f3759c4d23770ece224bae83caa135a2ea85d5e147108398ce811
|
