I recently launched securevibing.com, a tool designed to help indie developers catch security issues before they ship.
It does two main things:
Website Security Scan - Instantly scans your deployed site for common security issues like leaked API keys, missing HTTP headers, public environment files, etc.
SupaCheck Widget - A small script you can run to simulate authenticated users accessing your Supabase backend. It tests whether users can read or modify sensitive data like credits, has_access, or other fields, helping you catch RLS and auth misconfigurations.
I built this because I kept seeing (and making) small security mistakes that aren’t always caught until it’s too late. Would love your feedback, suggestions, or ideas on what to add next.
