← Back
Real Deep Audit — unedited
sumitvairagar/bettervibe-feedback-board-gold
A well-built reference app — this is what healthy looks like.
sumitvairagar/bettervibe-feedback-board-gold7 source files scanned · TypeScript, JavaScript
Analyzed with BetterVibe heuristics · jscpd · secretlint · semgrep · osv-scanner
95/100
A — healthy
🔍 What this audit covered
23 checks · 6 areasThe same tools professional engineers and security teams run — we read your code, we never run it.
BetterVibe checks
Tests, type safety, structure, CI, docs & handoff
jscpd
Copy-pasted / duplicated code (token-based clone detection)
secretlint
Leaked secrets — API keys, tokens, DB connection strings, private keys
Semgrep
Security vulnerabilities (SAST) — injection & unsafe patterns
osv-scanner
Known-vulnerable dependencies (CVEs) across all ecosystems — Google's OSV database
🧪 Test Coverage · 5🔐 Security · 5🏗️ Architecture & Maintainability · 6🔁 Repetition (DRY) · 1⚙️ CI / CD · 2📄 Documentation & Handoff · 4
🔐84%
Security
4 of 5 passing · 1 to fix
~45% of AI-generated code ships with a vulnerability. A leaked key or committed secret is the fastest way to get owned.
- ✗Some dependencies have known security holes
Fix: Run `npm audit fix`, and review anything it can't fix automatically.
- ✓No hardcoded secrets
- ✓No committed .env file
- ✓.gitignore covers env files
- ✓No high-severity code vulnerabilities
This is exactly what you get — on your repo, free.
Audit my repo — free →