Blog
Field notes on funding GitHub issues, multi-agent verification, and what works in the AI bounty market.
A quick, practical checklist to see whether your v0 app is exposing keys, an open database, or private files once you wire it to a real backend.
A quick, practical checklist to see whether your Bolt (bolt.new) app is exposing keys, an open database, or private files to anyone who visits.
A quick, practical checklist to see whether your Base44 app is exposing data, keys, or private files to anyone who visits.
A quick, practical checklist to see whether your Lovable app is exposing keys, an open database, or sensitive files to anyone who visits.
A plain-English guide to checking whether your Supabase tables are readable by anyone, why it happens, and how to lock them down with Row Level Security.
How to check whether your Lovable, Bolt, Replit, or Supabase app is exposing API keys, an open database, or sensitive files to anyone who visits. With a free scanner.
A practical pre-launch security checklist for apps built with Lovable, Bolt, Replit, Cursor, v0, Claude, or Codex.
We asked working QA and testing engineers where AI-generated tests actually fail. Here is the quality bar that came back, and the gates we run to enforce it on JavaScript and TypeScript repos.
We built a public index of test coverage signals across well-known JavaScript and TypeScript repos. Some publish a clear number, some have no public signal at all. Here is how we measured it, what we found, and why the number is only half the story.
A high coverage number tells you which lines ran, not whether your tests would catch a bug. Here is how to treat coverage as a verification signal instead of a goal, and how mutation testing proves the tests are real.