I built Prodlint because I kept shipping the same bugs when building with Cursor, Copilot, and v0. Hardcoded secrets, missing auth checks, hallucinated imports, SQL injection through template literals — AI tools generate these constantly and TypeScript doesn't catch them.

Prodlint is a zero-config static analysis tool with 52 rules across four categories: Security, Reliability, Performance, and AI Quality. It runs in ~1 second, uses AST parsing (no LLM calls), and scores your codebase 0-100.

Some things it catches that surprised me during development: - Imports for npm packages that don't exist (AI hallucinates these) - API methods that aren't real (.flatten(), .contains(), .substr()) - "use client" on files that don't need it - Prisma writes without $transaction - Next.js redirect() inside try/catch (breaks silently) - NEXT_PUBLIC_ on secrets like database URLs

  Usage: npx prodlint (no install needed)

Also works as a GitHub Action (posts PR comments with scores) and as an MCP server for Claude Code / Cursor / Windsurf.

MIT licensed. Would love feedback on false positives — that's the hardest part of building a linter