ShipSafe CLI
Security scanner for AI-generated code. Catch leaked secrets, missing auth, IDOR, misconfig, and other vulnerabilities in code written by Cursor, Lovable, Bolt, v0, and friends — from your terminal, before you ship.
npm install -g @ship-safe/cliQuick start
# Scan the current directory (plain-English results)
shipsafe scan
# Scan a specific path
shipsafe scan ./src
# Sign in to unlock AI analysis + your plan's quotas
shipsafe loginCommands
| Command | What it does |
|---|---|
shipsafe scan [path] |
Scan a directory or file for security vulnerabilities |
shipsafe init |
Create a .shipsafe.yml config file |
shipsafe login |
Log in to your ShipSafe account |
shipsafe logout |
Log out |
shipsafe whoami |
Show login status and plan info |
shipsafe ignore <rule-id> |
Suppress a rule in future scans |
shipsafe unignore <rule-id> |
Re-enable a suppressed rule |
shipsafe false-positive <rule-id> |
Report a finding as a false positive (helps tune the rule) |
Run shipsafe <command> --help for options.
What it scans
Static analysis (rules + entropy) for the issues AI builders most often ship: hardcoded secrets, missing or broken authentication, IDOR / broken object-level authorization, insecure configuration, and exposed sensitive data. The CLI scans your local code; the deeper AI analysis and the live-deployed-app scan run through your ShipSafe account.
CLI access is bundled with the Growth and Shield plans. See pricing and docs at ship-safe.co.
License
Proprietary. Copyright (c) 2026 ShipSafe. All rights reserved. This package is licensed,
not sold, and may be used only to interact with the ShipSafe service in accordance with
the Terms of Service. See the bundled LICENSE file.