I built munshig, a zero-config runtime API security proxy that monitors your API during development and automatically detects vulnerabilities like Broken Access Control (BOLA), missing authentication, SQL injection, and PII leaks — before they reach production.

It’s inspired by tools like Salt Security ($500k/year enterprise products), but designed to run in 30 seconds with a single command:

npx munshig

It sits in front of your dev API (e.g. :3001 → :3000), analyzes real requests/responses, and surfaces runtime security issues right in your terminal — with detailed remediation steps.

GitHub: https://github.com/shaikhzaynsaif/munshig

npm: https://www.npmjs.com/package/munshig

I built this because I kept seeing APIs with BOLA bugs even in large companies — most scanners miss them since they analyze code statically, not behavior at runtime.

Would love feedback from other developers — especially:

Does the zero-config proxy approach make sense for your workflow?

What kinds of vulnerabilities would you want it to detect next (XSS, SSRF, JWT misuse...)?

Thanks!

— ZaynSaif (Author)