vibeblame-cli
Security & SEO scanner built for vibe coders. No backend required.
Demo
$ npx @vibeblame/cli https://my-app.vercel.app
Scanning... ████████████████████ 4/4
┌─────────────────────────────────────┐
│ Score: 73/100 (Needs work) │
└─────────────────────────────────────┘
🔒 TLS/SSL 18 / 20
🛡 Headers 12 / 25
● CRITICAL headers.csp.missing — Content-Security-Policy not set
● HIGH secrets.sourcemap.exposed — sourcemap found: main.js.map
● MEDIUM headers.xframe.missing — X-Frame-Options not set
🔍 Secrets & Maps 28 / 30
📄 SEO 10 / 15
Scanned in 4.2s · vibeblame.com
Install
$ npx @vibeblame/cli https://example.com
$ npx @vibeblame/cli https://example.com --json
$ npx @vibeblame/cli https://example.com --only headers,seo
$ npm install -g @vibeblame/cli
$ vibeblame https://example.com
$ git clone https://github.com/USERNAME/vibeblame-cli
$ cd vibeblame-cli && npm install
$ npm run build
$ node dist/src/index.js https://example.com
Scanners
What it checks
| Scanner | What it checks | Max score |
|---|---|---|
| 🔒 TLS/SSL | Protocol version, certificate expiry, self-signed certs, domain mismatch | 20 pts |
| 🛡 Headers | CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and more | 25 pts |
| 🔍 Secrets | Leaked API keys (Stripe, GitHub, Google, Slack), exposed source maps, env vars in JS bundles | 30 pts |
| 📄 SEO | Title, meta description, H1 tags, Open Graph, canonical URL, robots.txt, llms.txt | 15 pts |
Usage
Examples
$ npx @vibeblame/cli https://example.com
Run all four scanners and display a formatted report in your terminal.
$ npx @vibeblame/cli https://example.com --json
Output raw JSON to stdout — ideal for CI pipelines, scripts, and dashboards.
$ npx @vibeblame/cli https://example.com --only headers,seo
Run only the specified scanners. Score is normalized to the selected subset.