Skip to content

Bolt security scan

Scan your Bolt app for exposed keys and open databases

Bolt makes shipping fast, and fast-shipped apps often leave a database open or a secret in the browser bundle. The scan checks the handful of gaps that actually bite people.

A sample of what you might see

criticalOpen database readable by your public key

The public key in your bundle can read a table it should not, which usually means Row Level Security is off.

{ "id": 1, "owner_email": "•••@•••.com" }

Illustrative, redacted. We never store your data.

It reads only what a browser already downloads from your live app and checks your database access from the outside.

JavaScript and TypeScript apps today. The scan is passive and outside-in. How the scanner stays safe.

Questions

Is the scan safe to run on my Bolt app?

Yes. It is read-only and outside-in, never logs in, never writes, and never runs a write test. See the scanner-safety page for detail.

Does it work for any Bolt app?

It works for deployed JavaScript and TypeScript apps reachable at a public URL. Paste the link and confirm you own it.

Which check do I need?

Related