The issue is that most people just get the ai gen code, replace the API keys and deploy it. That's what causes these issues. Also api key being exposed is small thing, no one (including me 🤐) cares about security while vibe coding.
“env var in production” 😂😂😭
0 replies
More like this
Recommendations from Medial
Chamarti Sreekar
Passionate about Pos... • 1m
Somebody just scanned 2000 Vibecoded websites...
and here's what he found :
- 49.5% had security issues
- Found 1120 JWT tokens exposed
- 70 Google API keys floating around
And yes, env vars in production 🤦♂️
Security ain't a vibe if you're lea
I messed up things. I am building an opensource package to connect multiple S3 compatible services like cloudflare r2, digitalocean etc.
so when testing I used original API keys and I totally forgot to remove things and just did npm publish.
and the
See More
0 replies3 likes
Gigaversity
Gigaversity.in • 2m
One missing .env file nearly took our production down.
During one of our projects, a routine deployment went live with everything seemingly in order. But moments later, critical services started failing, and our team quickly realized that something
