{"skill":{"slug":"nerua1-vibe-safe-starter","displayName":"VibeSafe Starter — Minimum Security for Vibe Coders","summary":"Provides a minimal, zero-config security starter pack for Vibe coders to detect known vulnerabilities, unmaintained packages, and credential leaks before ins...","description":"# VibeSafe Starter — Your First Security Pack\n\n> **3 files. 2 minutes. No more \"it works on my machine\" disasters.**\n\nYou vibe-code with AI agents. Cool. But here's what AI won't tell you: **67% of npm packages used in AI-generated projects have known vulnerabilities.** The AI doesn't check. It just imports.\n\nThis starter pack catches the obvious stuff before it catches you.\n\n## What You're Risking (Right Now)\n\nEvery time an AI agent writes `npm install` or `pip install` without checking:\n\n| Risk | Reality |\n|------|---------|\n| **Known CVEs** | Public vulnerabilities that attackers already exploit |\n| **Abandoned packages** | Last updated in 2022. No fixes coming. |\n| **Credential leaks** | `.env` files committed to git. API keys in code. |\n| **Supply chain attacks** | Malicious packages that look legitimate |\n| **Unmaintained dependencies** | 47% of npm packages have no active maintainer |\n\n**One vulnerable dependency → your entire project is compromised.**\n\n## The Fix (3 Files)\n\n### 1. `.github/workflows/security.yml`\nDrop this into any repo. Runs on every push.\n\n### 2. `audit.sh`\nRun before `npm install`. Catches critical CVEs.\n\n### 3. `checklib.sh`\nCheck a library before adding it to your project.\n\n---\n\n## Quick Start\n\n```bash\n# Clone into your project\ngit clone https://github.com/nerua1/vibe-safe-starter.git\ncp vibe-safe-starter/.github/workflows/security.yml .github/workflows/\ncp vibe-safe-starter/audit.sh .\ncp vibe-safe-starter/checklib.sh .\nchmod +x audit.sh checklib.sh\n\n# Check a library before installing\n./checklib.sh react\n./checklib.sh flask\n\n# Audit your dependencies\n./audit.sh\n```\n\n---\n\n## The Numbers\n\n- **67%** of AI-suggested npm packages have known vulnerabilities\n- **47%** of npm packages are unmaintained\n- **1 in 10** GitHub repos leak credentials\n- **Average CVE goes undetected for 208 days** before disclosure\n\nYour AI agent will happily install all of them. This pack won't.\n\n---\n\n## Extend It\n\nThis is the minimum. If you want more:\n\n| Need | Solution |\n|------|----------|\n| VS Code integration | [VibeSafe Extension](https://github.com/nerua1/vibe-safe) |\n| AI-powered risk explanation | [VibeSafe AI Explain](https://github.com/nerua1/vibe-safe/tree/main/tools) |\n| Multi-agent HARNESS | [VibeSafe HARNESS §14](https://github.com/nerua1/vibe-safe/tree/main/harness) |\n| Full audit pipeline | [VibeSafe Full](https://github.com/nerua1/vibe-safe) |\n| Dashboard | `vibe-safe/tools/dashboard.py --html` |\n\n---\n\n## Philosophy\n\n- **80/20 rule**: Catch 80% of risks with 20% of effort\n- **Non-blocking**: Suggests, doesn't block your flow\n- **Zero config**: Drop in, works immediately\n- **Minimal**: 3 files. No frameworks. No databases.\n\n---\n\n*Built by [nerua1](https://github.com/nerua1). ⭐ Star if this saves you from a security incident.*\n\n☕ [PayPal.me/nerudek](https://www.paypal.me/nerudek)\n","tags":{"audit":"1.0.0","latest":"1.0.0","minimal":"1.0.0","npm":"1.0.0","security":"1.0.0","starter":"1.0.0","vibe-coding":"1.0.0"},"stats":{"comments":0,"downloads":304,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1778054044515,"updatedAt":1778492859420},"latestVersion":{"version":"1.0.0","createdAt":1778054044515,"changelog":"VibeSafe Starter 1.0.0 — Initial Release\n\n- Provides a lightweight, zero-config security starter pack for AI-generated code projects.\n- Includes GitHub Actions workflow, dependency audit script, and package vetting script.\n- Helps catch common risks: known CVEs, abandoned or unmaintained packages, credential leaks, and supply chain attacks.\n- Quick setup: just copy three files into any repo to enable basic security checks on push and before installing dependencies.\n- Designed for maximum impact with minimal setup—no frameworks or databases required.","license":"MIT-0"},"metadata":null,"owner":{"handle":"nerua1","userId":"s178f4bnw35dnxc3ymhvgf114983yzer","displayName":"nerua1","image":"https://avatars.githubusercontent.com/u/271220546?v=4"},"moderation":null}