I am sharing Ship Safe (https://github.com/asamassekou10/ship-safe), an open-source tool I created to help developers catch security risks locally before they end up in a public repository.
Like many of us, I have been leaning heavily on AI code generation lately. It is incredible for velocity, but it has a dangerous habit of hallucinating credentials, hardcoding sensitive configurations, or spitting out insecure boilerplate. My wake-up call was almost pushing a live Stripe key to a public repo. That moment of panic made me realize I needed a reliable local checkpoint.
I built Ship Safe so it is not just a simple key checker. It is meant to be a comprehensive safety net for your code. It scans for hardcoded secrets, misconfigured environment setups, and general insecure patterns. The goal is to give you total peace of mind when you hit push, knowing your environment is actually secure.
The biggest priority was making it completely frictionless. You do not need any complex setup or configuration files to get started. You can run it instantly in your current project:
npx ship-safe scan .
One feature I am particularly excited to share is the MCP integration. You can connect it so your AI code editors can call Ship Safe directly. This creates a really helpful feedback loop where the AI writes the code, and then immediately audits its own work for security flaws before you even start your review.
I genuinely hope this saves some of you from the stress of a compromised repository or a ruined weekend. I would love for you to try it out and let me know what other security checks would be helpful for your daily workflow!