Free & open source

Security standards
in 30 seconds

Drop production-grade security policies into any repository. Audit your codebase. Guide your AI agents to write safer code.

$ npx secure-repo init click to copy

shipsecure audit

Scanning repository for security issues...

Policy files:
  SECURITY.md -- missing (high priority)
  AUTH.md -- missing (high priority)
  API.md -- missing (high priority)
  DATABASE.md -- missing
  DEPLOYMENT.md -- missing

Environment files:
  .env is in .gitignore
  .env.example exists

Secret scanning:
  No obvious secrets found

════════════════════════════════════
Security Score: 40 / 100
════════════════════════════════════

Results: 3 passed, 2 warnings, 3 issues

3 issue(s) found. Fix these before shipping.

Works with your AI agent

Don't use the terminal? Just tell your AI coding agent:

Run npx secure-repo audit in my project

Your agent runs the command, reads the output, and fixes the issues.
Then run npx secure-repo init to add the missing policies.

Cursor Claude Code Windsurf Copilot Any AI agent

Commands

Everything runs from your terminal. No accounts. No config.

        $ npx secure-repo audit # Scan your repo for security issues

        $ npx secure-repo init # Add free security templates

        $ npx secure-repo init --key <key> # Add free + pro templates

        $ npx secure-repo upgrade # See what's in the pro pack

        $ npx secure-repo check # Check if templates are outdated

        $ npx secure-repo list # Show all available templates

Get the Pro Pack

30 files. One command. Complete security coverage.

$19 $29

One-time purchase. Yours forever.

Get the Pro Pack See what's included

Launch price ends in

What you get (free)

Three templates that cover the foundations.

SECURITY.md

No secrets in code. Privileged keys server-side only. Database access control. Server endpoints for all writes. Incident response steps.

AUTH.md

JWT verification. Token storage (httpOnly cookies). Password hashing (bcrypt/argon2). Rate limiting on login. Session revocation. Role-based access.

API.md

Input validation on every endpoint. Rate limiting on all public routes. Error responses that don't leak internals. CORS rules. Pagination.

Every file includes rules marked "MUST FOLLOW", copy-paste code patterns, and a pre-merge checklist.

What's in the Pro Pack

27 additional files for complete coverage.

What's included

18 policy templatesDatabase, deployment, incident response, payments, data privacy, file uploads, rate limiting, access control

100+ point auditComplete production security audit with severity ratings and explanations

Stack presetsSupabase (6 files) and Firebase (3 files) with platform-specific rules

Code examplesNext.js route handlers, rate limiting, Zod validation, RLS policies

	Free	Pro
Security audit command	✓	✓
Core policies (3 files)	✓	✓
Engineering standards (18 files)	--	✓
100+ point audit checklist	--	✓
Stack presets	--	✓
Code examples (5 files)	--	✓
Total files	3	30

Ship secure software today

Start free. Upgrade when you need complete coverage.

Get the Pro Pack View on GitHub