Based on analysis of 500+ vibe-coded SaaS repos
Your vibe-coded SaaS has
4 hidden problems.
Paste your GitHub repo URL. Get a diagnostic report in 60 seconds. Security, database, error handling, performance — all graded A to F.
Free scan shows grades. Unlock full report with file locations & fixes for $29.
What you'll get
Real results from scanning popular Next.js + Supabase SaaS starters
vibescan — diagnostic report
C+
OVERALL HEALTH GRADE
Saas-Kit-supabase — 3 critical issues, 5 warnings found
Security[D]
Database Schema[B]
Error Handling[C]
Performance[C]
Top Issues Found
● CRITICALSEC-001RLS SELECT allows all users to read all todos (multi-tenant data leak)
● CRITICALDB-001No indexes on user_id, subscription_id, price_id foreign keys
● CRITICALERR-001No error boundaries — unhandled exception crashes entire app
▲ WARNINGPERF-001No pagination — SELECT * returns all rows (timeout at scale)
▲ WARNINGSEC-002Supabase client init lacks env validation (uses ! assertion)
○ INFOPERF-003No dynamic imports for heavy dashboard components
SUGGESTED FIXES
// SEC-001: Move to environment variable
- const STRIPE_KEY = "sk_live_..."
+ const STRIPE_KEY = process.env.STRIPE_SECRET_KEY
- const STRIPE_KEY = "sk_live_..."
+ const STRIPE_KEY = process.env.STRIPE_SECRET_KEY
4 dimensions, one scan
The same 4 problems in every vibe-coded SaaS. Every time.
🛡
Security
Hardcoded secrets, missing auth, exposed endpoints, injection vulnerabilities
›Hardcoded API keys & secrets
›Missing auth middleware on routes
›SQL/NoSQL injection patterns
›.env files committed to repo
🗄
Database Schema
Missing indexes, no migrations, N+1 queries, broken relationships
›Missing indexes on queried columns
›No foreign key constraints
›N+1 query patterns in ORM
›No migration system detected
⚠
Error Handling
Silent failures, empty catch blocks, no error boundaries, lost errors
›Empty catch {} blocks
›Missing React error boundaries
›API routes without try/catch
›console.log instead of logger
⚡
Performance
No caching, missing pagination, bundle bloat, synchronous bottlenecks
›No pagination on list endpoints
›Full library imports (lodash, etc.)
›Missing cache headers
›Synchronous bottlenecks
Simple pricing
One scan. One price. No subscription required.
Free Scan
$0
per repo
- ✓ 4-dimension grades (A–F)
- ✓ Issue count per category
- ✗ File locations
- ✗ Fix suggestions
POPULAR
Full Report
$29
per scan
- ✓ Everything in Free
- ✓ Exact file paths & line numbers
- ✓ Issue explanations
- ✓ Priority ranking
Premium Report
$49
per scan
- ✓ Everything in Full
- ✓ Copy-pasteable fix code
- ✓ Architecture recommendations
- ✓ Re-scan after fixes (1x)
Get early access
First 100 signups get a free Premium scan ($49 value).