Skip to content

nometria/app-auditor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
examples
examples
 
 
src/app_auditor
src/app_auditor
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

app-auditor

Detect tech stack and surface production-readiness issues from any live URL or GitHub repo. One command, zero config.

Quick start

# Clone and install
git clone https://github.com/ownmy-app/app-auditor
cd app-auditor
pip install -e .

# Audit a live URL
app-audit url https://vercel.com

# Audit a GitHub repo
app-audit repo myorg/myrepo

# JSON output
app-audit url https://myapp.com --format json

Usage

Audit a live URL

app-audit url https://myapp.com

# JSON output
app-audit url https://myapp.com --format json

Output:

URL: https://myapp.com
Title: My App
Stack: nextjs, react, supabase

Risks:
  • Supabase client: verify auth flow, RLS, and env key exposure in client.
  • Hosting on Vercel/Netlify: ensure env vars and serverless limits are documented.

Audit a GitHub repo

app-audit repo github.com/myorg/myrepo
# or shorthand
app-audit repo myorg/myrepo

Output:

Repo: myorg/myrepo
Detected: vite, react, supabase

Missing:
  ⚠ No Dockerfile found — containerization recommended for production.
  ⚠ No GitHub Actions workflows — consider adding CI/CD.

Suggestions:
  → Vite SPA: add Dockerfile and ensure server rewrite rules for SPA routing.
  → Supabase: verify RLS, auth flow, and env key exposure in client.

Set GitHub token to avoid rate limiting

export GITHUB_TOKEN=ghp_...
app-audit repo myorg/myrepo

Use as a library

from app_auditor import audit_url, analyze_repo_url

# Website audit
result = audit_url("https://myapp.com")
print(result["detected_stack"])  # {"nextjs": True, "react": True, ...}
print(result["risks"])           # ["Supabase client: verify RLS...", ...]

# GitHub repo audit
result = analyze_repo_url("https://github.com/vercel/next.js")
print(result["detected"])        # {"nextjs": True, "docker": False, ...}
print(result["missing"])         # ["No Dockerfile found..."]
print(result["suggestions"])     # ["Next.js: check output mode..."]

Detected stack signals

Signal Detection method
Next.js __next in HTML, _next/ paths, next.js in server header
Vite /assets/ + modulepreload in HTML
React react / reactdom in HTML or package.json
Vue v-bind or vue in HTML
Supabase supabase in HTML or repo file paths
Vercel vercel in HTML, server header, or vercel.json
Netlify netlify in HTML, header, or config files
Docker Dockerfile in repo tree
GitHub Actions .github/workflows/ in repo tree

Commercial viability

  • Free tier: CLI and library (open source)
  • Paid: API with bulk auditing, team dashboards, Slack notifications
  • Inbound funnel: developers debugging production issues → upgrade path to managed services

Example output

app-audit url https://vercel.com

URL: https://vercel.com/
Title: Vercel: Build and deploy the best web experiences with the AI Cloud
Stack: nextjs, react, vercel

Risks:
  • Hosting on Vercel/Netlify: ensure env vars and serverless limits are documented.

app-audit url https://supabase.com

URL: https://supabase.com/
Title: Supabase | The Postgres Development Platform.
Stack: nextjs, react, vue, supabase, vercel

Risks:
  • Supabase client: verify auth flow, RLS, and env key exposure in client.
  • Hosting on Vercel/Netlify: ensure env vars and serverless limits are documented.

About

Detect tech stack and surface production-readiness issues from any URL or GitHub repo

Topics

python cli devops production audit tech-stack

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages