CLI that detects AI-generated code smells in JS/TS. "ESLint for AI slop."
- npm:
@yuvrajangadsingh/vibecheck(v1.1.0) - Build:
npm run build(tsup) - Test:
npm test(vitest, 40 tests) - Self-scan:
node dist/cli.js . - Publish:
npm publish --access=public
- Regex-based pattern matching (no AST in v1)
- Two rule types: single-line (
Rule) and multiline (MultilineRule) - String-aware brace counting via
trackBraceDepth()helper - Config:
.vibecheckrcJSON, all rules on by default - Scanner skips binary files (null byte check) and files >1MB
src/cli.ts- entry point, commander setupsrc/scanner.ts- file walker + rule runnersrc/config.ts- .vibecheckrc loadersrc/formatter.ts- pretty/JSON/quiet outputsrc/rules/- all 14 rules across 5 categoriestests/fixtures/- sample files with known smells
Security: no-hardcoded-secrets, no-eval, no-innerhtml, no-sql-concat Error Handling: no-empty-catch, no-console-error-only, no-swallowed-promise Code Quality: no-console-pollution, no-ai-todo, no-god-function AI Tells: no-obvious-comments, no-ts-any Framework: no-express-unhandled, no-error-info-leak
- Branch off main (branch protection enabled)
- Bump version in package.json + src/cli.ts
- PR, merge
npm publish --access=public
- GitHub secret scanning blocks
sk_live_prefix in test fixtures. Usexk_test_instead. - npm auto-corrects bin name (warns about "bin[vibecheck] script name was cleaned")
- npm token in ~/.npmrc expires ~May 28 2026
- PLAN.md is gitignored (local tracking only)