Skip to content

gitrlawton/opensafe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
.github
.github
 
 
.husky
.husky
 
 
__mocks__
__mocks__
 
 
__tests__
__tests__
 
 
app
app
 
 
components
components
 
 
docs
docs
 
 
lib
lib
 
 
public
public
 
 
types
types
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
.prettierignore
.prettierignore
 
 
.prettierrc
.prettierrc
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
components.json
components.json
 
 
eslint.config.mjs
eslint.config.mjs
 
 
jest.config.ts
jest.config.ts
 
 
jest.setup.ts
jest.setup.ts
 
 
middleware.ts
middleware.ts
 
 
next.config.ts
next.config.ts
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
postcss.config.mjs
postcss.config.mjs
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

OpenSafe

Verify before contributing to open source projects

License: MIT Discussions CI Type Check

About

OpenSafe helps protect open source contributors by scanning GitHub repositories for malicious code and dangerous dependencies before they clone or contribute. Powered by AI analysis, OpenSafe identifies which open source projects are likely safe to clone and contribute to and which ones are not.

Try OpenSafe Live

Features

  • Repository Scanning - Verify safety of repository before cloning or contributing
  • AI-Powered Threat Detection - Leverages Google Gemini AI to identify malicious patterns
  • Malicious Code Detection - Identifies backdoors, data exfiltration, and harmful scripts
  • Dangerous Dependency Analysis - Detects suspicious packages that could compromise your system
  • Safety Level - Get an instant contributor safety level (safe, unsafe, caution)
  • Detailed Threat Reports - Comprehensive findings showing what could harm you as a contributor
  • Repository Index - List of repositories analyzed and when they were last scanned

How to Use

  1. Visit the App - Go to the OpenSafe web application
  2. Sign In - Authenticate with your GitHub account
  3. Navigate to the Scan Repo page and enter the URL of a public repository you want to contribute to
  4. Scan - Click "Start Scan" to scan the repository for threats
  5. Review Safety Report - See if it's safe to clone and contribute to, or what risks exist

Tech Stack

Built with the following technologies:

  • Frontend: Next.js 15, React, TypeScript, Tailwind CSS
  • AI/ML: Google Gemini AI for threat detection
  • Authentication: Auth0 with GitHub OAuth
  • Database: Snowflake for scalable data storage
  • Deployment: Vercel

Screenshots

Home Page - Repository Index

Home Page Browse previously scanned repositories and their safety levels

Scan Repository

Scan Repository Enter any GitHub repository URL to start a security scan

Scan Results - Safe Repository

Safe Repository Results Detailed analysis showing a safe repository with no threats detected

Scan Results - Unsafe Repository

Unsafe Repository Results - Part 1 Unsafe Repository Results - Part 2 Comprehensive threat report showing detected security issues and vulnerabilities

Contributing

⚠️ We're currently preparing our contribution guidelines and development environment setup.

We're excited to welcome contributors soon! In the meantime:

  • Join the Discussion - Ask questions, share ideas, and connect with the community
  • Star and watch this repository to be notified when we're ready to accept contributions
  • Open an issue for bug reports or feature requests
  • See CONTRIBUTING.md for detailed contribution guidelines

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Made with ❤️ for the open source community

About

AI-powered open source tool that analyzes GitHub repositories for malicious code and dangerous dependencies.

www.opensafe.app/

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages