// Security scan, dead code detection, and code quality audit for any project
Pre-push API key and credential scanner - blocks git push if secrets found
Show how vibecosystem works - agents, skills, hooks, and self-learning pipeline.
WCAG 2.2 AA compliance, ARIA patterns, keyboard navigation, screen reader optimization
API versioning strategies, breaking change detection, deprecation lifecycle, and migration guides
Voice framework, visual identity standards, color palette management, typography specs, brand consistency
Chrome DevTools MCP ile browser debugging. Console, network, performance, DOM analizi.
| name | project-audit |
| description | Security scan, dead code detection, and code quality audit for any project |
| version | 1.0.0 |
| category | quality |
| tags | ["security","dead-code","audit","sast","quality"] |
Automated security + quality scan for any codebase. Generates a report, then optionally auto-fixes safe issues.
# Scan current directory
vibeco audit
# Scan specific path
vibeco audit /path/to/project
# Auto-fix safe issues (console.log removal)
vibeco audit --fix
# JSON output for CI integration
vibeco audit --json
Color-coded report with grade (A+ to F):
Saved to .vibeco-audit.json in project root. Contains all findings for programmatic processing.
Currently auto-fixes:
Does NOT auto-fix (manual review required):
1. vibeco audit -> Scan, generate report
2. Review report -> Understand issues
3. vibeco audit --fix -> Auto-fix safe issues
4. Manual fixes -> Address security findings
5. vibeco audit -> Re-scan to verify
node_modules, dist, .git, vendor, pycache, .next, build, coverage
Test files (*.test.ts, *.spec.js, tests/, mocks/) are excluded from security scanning to avoid false positives.