JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 758
  • Score
    100M100P100Q96852F
  • License MIT

AI code quality toolkit — deterministic linter for the AI coding era

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (vibecop) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    vibecop

    license TypeScript Node.js CI Playground

    AI code quality toolkit — deterministic linter for the AI coding era. 35 detectors catch the bugs AI agents introduce: god functions, N+1 queries, unsafe shell exec, unpinned LLM models, and more. Runs automatically inside Claude Code, Cursor, Codex, Aider, and 7 other AI tools. Also available as an MCP server.

    Built on ast-grep for fast, tree-sitter-based AST analysis. No LLM required — every finding is deterministic and reproducible.

    Documentation | Playground

    Install

    npm install -g vibecop    # or: bun add -g vibecop

    Quick Start

    vibecop scan .                         # Scan current directory
vibecop scan src/ --format json        # JSON output
vibecop scan . --diff HEAD             # Only changed files
vibecop init                           # Auto-setup agent integration
vibecop serve                          # Start MCP server

    Agent Integration

    vibecop runs inside your AI coding agent. Every edit triggers a scan — the agent reads findings and self-corrects.

    npx vibecop init    # Auto-detects tools, generates configs
    Tool Integration
    Claude Code PostToolUse hook
    Cursor afterFileEdit hook + rules
    Codex CLI PostToolUse hook
    Aider Native --lint-cmd
    GitHub Copilot Custom instructions
    Windsurf Rules file
    Cline/Roo Code .clinerules
    Continue.dev / Amazon Q / Zed MCP server (vibecop serve) 
    Agent writes code → vibecop hook fires → Findings? Agent fixes → Clean? Continue.

    MCP Server

    {
  "mcpServers": {
    "vibecop": {
      "command": "npx",
      "args": ["vibecop", "serve"]
    }
  }
}

    Three tools: vibecop_scan, vibecop_check, vibecop_explain.

    Benchmarks

    All numbers are real — run vibecop scan on any repo to reproduce.

    Established projects:

    Project Density
    fastify (65K stars) 1.7/kLOC
    date-fns (35K stars) 3.1/kLOC
    TanStack/query (43K stars) 4.4/kLOC
    express (66K stars) 5.8/kLOC

    Vibe-coded projects:

    Project Density
    dyad (20K stars) 8.0/kLOC
    bolt.diy (19K stars) 13.6/kLOC
    context7 (51K stars) 14.0/kLOC
    browser-tools-mcp (7K stars) 49.6/kLOC

    Median: established 4.4/kLOC vs vibe-coded 14.0/kLOC (3.2x higher).

    GitHub Action

    - uses: bhvbhushan/vibecop@main
  with:
    on-failure: comment-only
    severity-threshold: warning

    Detectors (35)

    4 categories: Quality (16), Security (7), Correctness (4), Testing (8).

    Catches: god functions, N+1 queries, unsafe shell exec, SQL injection, hardcoded secrets, trivial assertions, empty tests, unpinned LLM models, hallucinated packages, and more.

    Full detector reference →

    Roadmap

    • Phase 1: Core scanner — 7 detectors, 5 output formats
    • Phase 2: PR Gate GitHub Action, 15 new detectors
    • Phase 2.5: Agent integration (7 tools), 6 LLM/agent detectors, vibecop init
    • Phase 3: Test quality detectors, custom YAML rules (28 → 35)
    • Phase 3.5: MCP server with scan/check/explain tools
    • Phase 4: Context optimization (Read tool interception, AST skeleton caching)
    • Phase 5: VS Code extension, cross-file analysis