A library for vibers building vibeware.

A `.env` file committed to git ships every credential inside it into version history forever. Solved by `.gitignore` plus a companion `.env.example` that documents the schema without the values.

Missing landmark elements (header, nav, main, footer), skip-to-content links, focus indicators, and 24×24 touch-target floors. The accessibility signals that turn rendered HTML from "viewable" into "usable by everyone."

A `/admin` route that hides admin UI when the client-side `useUser()` hook says the user isn't admin, but ships the admin API surface to every visitor anyway. The server has to do the check, not the client.

Two patterns AI tools produce often that correlate strongly with security gaps. Empty catch blocks (errors swallowed silently) and heavy `any` usage in TypeScript (input validation skipped). Both are statistical signals of "the model gave up here," and gaps follow.

Hidden Unicode in `.cursorrules`, `.windsurfrules`, or `CLAUDE.md` that rewrites the AI assistant's instructions. The assistant reads the override, the developer sees the human-readable text, the assistant writes attacker-influenced code.

Sensitive API routes (especially destructive verbs DELETE / PUT / PATCH) that ship without a server-side auth check. The client is supposed to call this, sure, but anything on the public internet can call it too.

`localStorage.setItem('jwt', token)` puts the session in a JavaScript-readable place. Every XSS becomes session theft. Use httpOnly cookies.

A cluster of four auth-related code shapes that AI tools produce often and that all share the same underlying defect. The shortest path that compiles is the unsafe path. Worth catching at scan time because they all encode "no review needed" by their syntax.

A token that decodes is not a token that was verified. alg:none accepts unsigned tokens, and jwt.verify() with no key skips signature checking in some libraries. Both let an attacker forge any identity. The shared family is XL-013; adapters differ by language and JWT library surface.

Four signals that correlate with sloppy code paths in production: console.log in shipped code, oversized files, unhandled promise rejections, and async without try. Not security findings on their own; they cluster with security findings.

Auth cookies missing `httpOnly`, `secure`, or `sameSite` give an XSS one-click access to user sessions plus CSRF on every request. Three flags, set them all.

The EU AI Act regulates AI systems by risk tier, with obligations around data governance, transparency, human oversight, and risk management. Conformance is a system-level and documentation question, not a code pattern. PreFlight teaches the AI Act but does not scan for it.

External URLs flagged ONLY when they trip an objective signal — raw-IP endpoints, suspicious TLDs (.tk, .xyz, .gq, etc.), URL shorteners, or HTTP-only links. Generic HTTPS URLs on unfamiliar hosts are NOT findings. A signal to verify, not a verdict.

FDA rules for electronic records (21 CFR Part 11) and Software as a Medical Device hinge on validation, intended use, and risk classification. None of that is a code pattern. PreFlight teaches this area but does not scan for it.

FERPA governs the privacy of student education records. Whether a system is FERPA-compliant depends on consent, disclosure, and institutional policy, not on a code pattern. PreFlight teaches FERPA but does not scan for it.

Firebase rules files containing `allow read: if true` or storage rules that permit any authenticated user. The two shapes that turn a Firebase backend into a public read.

The FTC enforces against deceptive data practices and, for financial institutions, the Safeguards Rule. Liability turns on representations and an overall security program, not a code line. PreFlight teaches this area but does not scan for it.

GDPR Article 32 requires security appropriate to risk, and Article 25 requires data protection by design. The technical half of those duties is partly code-visible. PreFlight maps a subset of its probes to Article 32 as an interpretation layer, never a certification.

Generative Engine Optimization (GEO). Whether AI search tools can read your site. Missing AI-bot allowlists in robots.txt, missing llms.txt for AI-search indexing, and the broader set of AI-crawler-specific signals.

A provider-key-shaped literal in source, or a system prompt bundled into a shipped client, is a credential one git clone away from anyone. The shared family is XL-006; adapters differ by language and by what counts as a bundled asset.

AWS, Stripe, OpenAI, Anthropic, GitHub, and private-key material committed to source. Why it is catastrophic, why AI coding tools produce it often, and what to do once a key has touched git.

HIPAA's Security Rule sets technical safeguards for electronic protected health information. Some of those safeguards are visible in source code. PreFlight maps a subset of its probes to specific 45 CFR 164.312 clauses as an interpretation layer, never a certification.

A cluster of HTML antipatterns: inline event handlers, `target="_blank"` without `rel="noopener"`, mixed content on HTTPS pages, inline `<script>` without CSP, forms posting over plain HTTP. Each is a defense-in-depth bypass.

A `<iframe src="...">` without a `sandbox` attribute lets the embedded page run scripts, navigate the top window, submit forms, and call `window.parent`. The sandbox attribute is the per-iframe permission system; the default state is "everything allowed."

A cluster of LLM-specific failures: prompt injection sinks, API keys in client components, raw HTML from LLM output, dangerous agent tools (PythonREPL, ShellTool), system prompts in client bundles, and unbounded `max_tokens`. The OWASP LLM Top 10 maps each to a category.

`Math.random()` produces predictable sequences. An attacker who observes a few generated values can predict the next ones. Fine for animation jitter and shuffling; not fine for tokens, OTPs, password reset codes, session IDs, or anything that authenticates.

MCP servers that spawn shell interpreters, bind to 0.0.0.0, or run vulnerable versions of `mcp-server-git`. Each turns the developer's AI assistant into a path-traversal foothold.

Production deploys that don't set CSP, X-Frame-Options, Strict-Transport-Security, and Referrer-Policy leave defense-in-depth controls off. Each header blocks a specific class of attack at the browser level.

A login handler, password-reset handler, or admin action with no log call is a hole in the audit trail. The first sign of a compromise often arrives in the logs, weeks before any other indicator. No logs, no early warning.

Next.js inlines any environment variable prefixed with NEXT_PUBLIC_ into the client bundle at build time. Server-only secrets accidentally given that prefix end up in JavaScript every visitor downloads.

postinstall, preinstall, and prepare script hooks plus non-registry git dependencies. The two execution surfaces every recent npm worm has used.

A `fs.readFile(req.body.path)` with no validation lets an attacker read any file the process can read. `../../../etc/passwd` is the textbook payload; the real targets are `.env`, `~/.ssh/id_rsa`, and your private keys.

PCI DSS v4.0 governs systems that store, process, or transmit cardholder data. A few of its requirements are visible in source code. PreFlight maps a subset of its probes to PCI requirements as an interpretation layer, never a certification.

Drop files and content IOCs left behind by the 2026 Mini Shai-Hulud npm worms. Finding any of these in your repo means a developer machine was compromised; the artifacts survive `npm uninstall` and that's the point.

User uploads a document. The document is chunked and embedded into a vector store. A later query retrieves the chunks. The LLM reading the chunks follows instructions an attacker wrote inside them. The whole RAG pipeline became a weapon.

An f-string, percent-format, .format(), or string concat that feeds a raw-SQL surface puts the user value into the query at parse time instead of binding it as data. The shared family is XL-002; adapters differ only in which raw-SQL call each language exposes.

Missing canonical, OpenGraph, Twitter cards, description meta, robots, or JSON-LD on production pages. None of these are security findings; they're search-discoverability findings that ship together.

Two related supply-chain attacks. Typosquatting registers a package name one letter off from a popular one (`lodahs` for `lodash`). Slopsquatting registers a name an LLM commonly hallucinates that doesn't exist (`auth-tool`, `api-helper`). Both wait for an unwary install.

SOC 2 reports on controls against the AICPA Trust Services Criteria. It is an attestation by an auditor, not a code property. PreFlight maps a few probes to the Common Criteria as readiness indicators only, never an opinion.

A `.map` file deployed alongside a production bundle hands an attacker the original source: variable names, comments, dev-only branches, internal API paths. Use hidden source maps (uploaded to your error monitor) instead.

SOX Section 404 requires public companies to assess internal control over financial reporting. Whether a control is effective is an audit conclusion about process, not a code property. PreFlight teaches SOX but does not scan for it.

A `db.query(\`SELECT ... ${user}\`)` interpolates untrusted input into the SQL string at parse time. Switch to parameterized queries. The fix is one line per call site.

Two related patterns: SSRF (server fetches a URL the client supplies; attacker uses the server to talk to private networks) and open redirect (server redirects the user to a URL the client supplies; attacker uses the trusted domain for phishing).

An error handler that returns `err.stack` to the client leaks file paths, dependency versions, and call chains. The fix is one if-statement away.

A `<script src="https://cdn.example/library.js">` without `integrity="sha384-..."` trusts the CDN unconditionally. SRI is the browser-level guarantee that the asset has not been tampered with between deploy and load.

Supabase tables created without `enable row level security` plus permissive `using (true)` policies. The most common access-control failure in AI-tooled Supabase apps, and the one that ships a publicly readable database without anyone noticing.

Turning off certificate verification to make a request stop failing means a network attacker can transparently man-in-the-middle every call over that client. The shared family is XL-004; adapters differ only in each language's disable flag.

Source files containing Unicode bidirectional control characters (U+202A-U+202E, U+2066-U+2069). The characters reorder visible text in editors and code review tools, hiding malicious code in plain sight.

An identifier referenced in code that is never declared, imported, or destructured anywhere in the file. The class of bug that shipped when a refactor left a dangling reference and the test suite did not exercise the affected code path.

A deserializer that reconstructs arbitrary objects from bytes is remote code execution the moment those bytes come from a request, a socket, or an uploaded file. The shared cross-language family is XL-001; the language adapters differ only in which call to look for.

Two unsafe GitHub Actions patterns: `pull_request_target` workflows that check out untrusted PR code, and actions pinned to mutable refs (branches or tags). Both produce token-theft and supply-chain compromises with regularity.

Webhook handlers that trust the request body without verifying the signature. Anyone with the endpoint URL can post fake events. Stripe, GitHub, Twilio, and every reputable webhook provider sign their payloads; verify on receipt.

A vector similarity search without a tenant / user / org filter returns the global nearest neighbors. Tenant A asks "what was discussed in last week's meeting" and the top-K includes tenant B's confidential notes. Pin the query to the calling scope, always.

An API that returns `Access-Control-Allow-Origin&#58; *` invites every origin on the internet to read responses. Combined with cookies, it's worse than no CORS at all.