Skip to main content

Introduction to Vibrant

Vibrant is a CLI tool that detects vibecoded patterns — code that looks like it was generated by AI without proper review. It catches shortcuts, placeholders, security issues, and anti-patterns that slip through when developers use AI assistants.

What is vibecoding?

You’re using AI to write code. It’s fast. It’s convenient. But sometimes it ships bugs, hardcoded secrets, and patterns that scream “I wasn’t reviewed by a human.” Vibrant catches what AI misses. 
// AI generated this. Looks fine, right?
const API_KEY = "sk-proj-abc123..."; // Oops, hardcoded secret

async function fetchUser(id) {
  console.log("Fetching user:", id); // Debug code left in
  try {
    const res = await fetch(`/users/${id}`);
    return res.json();
  } catch (e) {} // Silent failure - bugs waiting to happen
}

Key features

Static analysis

Fast, offline detection using TypeScript’s AST. 15+ rules to catch common patterns. No API keys required.

AI-powered analysis

Deep pattern detection with LLMs. Works with OpenAI, Claude, Gemini, Ollama, and OpenRouter.

Auto-fix

Automatically fix fixable issues with the --fix flag. Save time on manual corrections.

Security first

Built-in detection for hardcoded credentials, SQL injection, XSS, and other vulnerabilities.

What Vibrant detects

Security vulnerabilities

  • Hardcoded credentials - API keys, passwords, tokens in code
  • SQL injection - SQL injection vulnerabilities
  • XSS attacks - Unsafe innerHTML usage

Bug patterns

  • Empty catch blocks - Errors silently swallowed
  • Unimplemented code - throw new Error("not implemented")
  • Empty functions - Functions with no implementation
  • Unreachable code - Code after return/throw statements

Code quality issues

  • Console logs - Debug statements left in production code
  • TypeScript any - Usage of any type defeating type safety
  • Await in loops - Sequential awaits causing performance issues

AI telltales

  • Comment emojis - Emojis in code comments (AI often adds decorative emojis)
  • Excessive TODOs - Many TODO/FIXME comments (AI leaves incomplete work)
  • Magic numbers - Unexplained numeric literals instead of constants

Output formats

Vibrant supports multiple output formats for different use cases:
  • Pretty (default) - Human-readable output with colors and formatting
  • Compact - Single-line output perfect for CI pipelines
  • JSON - Machine-readable format for tooling integration
  • Plan - Detailed markdown report for AI assistants to auto-fix issues

Performance

Vibrant is designed to be fast:
  • Static analysis: ~200ms for 100 files
  • AI analysis with smart summarizer: 50-60% token reduction
  • Incremental caching for AI analysis
  • Works on Windows, macOS, and Linux

Next steps

Installation

Install Vibrant and set up your environment

Quick start

Get up and running in under 5 minutes

Build docs developers (and LLMs) love

Get started for freeTalk to us