Tick through every check before you tweet your launch URL
Each checklist maps every item to a real scanner detection. Run the scan, the items light up pass or fail. No theory, no best-practice fluff.
- lovable + supabase
Lovable + Supabase pre-launch security checklist
Fifteen detection-driven checks every Lovable + Supabase app must pass before launch. Each item maps to an actual scanner finding — no theory, just specifics.
15 checks - lovable + stripe
Lovable + Stripe pre-launch checklist: payments without leaking
Stripe in a Lovable app means real money. Twelve detection-driven checks to ensure your secret keys, webhooks, and customer data are properly isolated before launch.
12 checks - bolt + supabase
Bolt + Supabase pre-launch security checklist
Bolt apps ship with .env files in static output and CORS wide open by default. Twelve checks tied to scanner findings to harden your Bolt + Supabase app.
12 checks - bolt + firebase
Bolt + Firebase pre-launch security checklist
Firebase Security Rules default to open in many starter templates, and Bolt happily inherits them. Eleven checks before your Firestore is a public dataset.
11 checks - cursor + nextjs
Cursor + Next.js pre-launch security checklist
Cursor follows the patterns in your codebase — which means it perpetuates security issues unless you give it a checklist. Thirteen detection-driven checks for Next.js apps.
13 checks - cursor + supabase
Cursor + Supabase pre-launch security checklist
When Cursor writes Supabase code, it usually clones your existing patterns. Twelve checks to make sure those patterns are not "RLS off, anon key in service role slot".
12 checks - v0 + vercel
v0 + Vercel pre-launch security checklist
v0 generates UI fast; Vercel deploys it fast. Eleven security checks before your AI-generated app is live and indexable.
11 checks - replit
Replit deployment pre-launch security checklist
Replit Deployments make it easy to ship, but the default state is "every Repl is public-readable". Ten checks before your live app is also a public source repo.
10 checks - claude
Claude Code pre-launch security checklist
Claude Code is great at writing code; less great at remembering security defaults across a long session. Twelve checks to run before you ship what Claude built.
12 checks - nextjs + supabase
Next.js + Supabase production launch checklist
Fourteen specific, scanner-verified checks for a Next.js + Supabase app heading to production. Especially: RLS, server-only service role, middleware auth.
14 checks - nextjs + stripe
Next.js + Stripe production launch checklist
Twelve security checks specific to a Next.js + Stripe stack: webhook signing, key separation, customer portal session handling, and PCI-aware cookies.
12 checks - firebase
Firebase pre-launch security checklist
Eleven Firebase-specific checks: Firestore + Storage rules, App Check, App Check enforcement, service-account rotation, and proper hosting headers.
11 checks - supabase
Supabase production-launch security checklist
Ten checks before flipping the Supabase project to "Pro" and shipping. RLS audit, JWT rotation, storage bucket policies, and rate-limit baseline.
10 checks - vercel
Vercel production-launch security checklist
Eleven Vercel-specific checks: env var scoping, headers config, rate-limit middleware, build cache hygiene, and removing X-Powered-By.
11 checks