Hi HN,<p>I recently launched securevibing.com, a tool designed to help indie developers catch security issues before they ship.<p>It does two main things:<p>Website Security Scan - Instantly scans your deployed site for common security issues like leaked API keys, missing HTTP headers, public environment files, etc.<p>SupaCheck Widget - A small script you can run to simulate authenticated users accessing your Supabase backend. It tests whether users can read or modify sensitive data like credits, has_access, or other fields, helping you catch RLS and auth misconfigurations.<p>I built this because I kept seeing (and making) small security mistakes that aren’t always caught until it’s too late. Would love your feedback, suggestions, or ideas on what to add next.<p>Thanks!