Verify before contributing to open source projects
OpenSafe helps protect open source contributors by scanning GitHub repositories for malicious code and dangerous dependencies before they clone or contribute. Powered by AI analysis, OpenSafe identifies which open source projects are likely safe to clone and contribute to and which ones are not.
- Repository Scanning - Verify safety of repository before cloning or contributing
- AI-Powered Threat Detection - Leverages Google Gemini AI to identify malicious patterns
- Malicious Code Detection - Identifies backdoors, data exfiltration, and harmful scripts
- Dangerous Dependency Analysis - Detects suspicious packages that could compromise your system
- Safety Level - Get an instant contributor safety level (safe, unsafe, caution)
- Detailed Threat Reports - Comprehensive findings showing what could harm you as a contributor
- Repository Index - List of repositories analyzed and when they were last scanned
- Visit the App - Go to the OpenSafe web application
- Sign In - Authenticate with your GitHub account
- Navigate to the Scan Repo page and enter the URL of a public repository you want to contribute to
- Scan - Click "Start Scan" to scan the repository for threats
- Review Safety Report - See if it's safe to clone and contribute to, or what risks exist
Built with the following technologies:
- Frontend: Next.js 15, React, TypeScript, Tailwind CSS
- AI/ML: Google Gemini AI for threat detection
- Authentication: Auth0 with GitHub OAuth
- Database: Snowflake for scalable data storage
- Deployment: Vercel
Browse previously scanned repositories and their safety levels
Enter any GitHub repository URL to start a security scan
Detailed analysis showing a safe repository with no threats detected
Comprehensive threat report showing detected security issues and vulnerabilities
Want to contribute to OpenSafe? Here's how to get your development environment set up.
Before you begin, ensure you have:
- Node.js 18.17.0 or higher (v20+ recommended)
- npm 9.0.0 or higher
- Git (latest version)
- API Keys and Accounts:
- GitHub Personal Access Token
- Google Gemini API key
- Auth0 account (free tier)
- Snowflake account (free trial)
For detailed prerequisites and account setup instructions, see the Development Guide.
-
Clone the repository:
git clone https://github.com/gitrlawton/opensafe.git cd opensafe -
Install dependencies:
npm install
-
Set up environment variables:
cp .env.example .env
Then configure your API keys in
.env(see Environment Configuration for detailed setup). -
Run the development server:
npm run dev
Your local OpenSafe instance will be available at http://localhost:3000.
For detailed installation instructions including database setup and service configuration, see the Development Guide.
# Start development server
npm run dev
# Run tests
npm test
# Run tests in watch mode
npm run test:watch
# Check code quality
npm run lint
npm run type-check
npm run format:check
# Build for production
npm run buildSee the Development Guide for all available scripts and development workflow.
OpenSafe follows a service layer pattern where business logic lives in the lib/ directory, making it reusable, testable, and framework-agnostic. API routes in app/api/ are thin HTTP handlers that delegate to the service layer.
Key directories:
app/- Next.js pages and API routeslib/- Business logic and service layer (GitHub client, AI scanning, database)types/- TypeScript type definitionsdocs/- Comprehensive documentation
For detailed architecture information, see the Architecture Guide.
- API Documentation - API endpoints and request/response schemas
- Development Guide - Complete setup, debugging, and troubleshooting
- Architecture Guide - System design and technical decisions
- Contributing Guidelines - Code standards and PR process
- Security Policy - Reporting vulnerabilities
We're excited to welcome contributors! Here's how you can help:
- Join the Discussion - Ask questions, share ideas, and connect with the community
- Star and watch this repository to stay updated
- Open an issue for bug reports or feature requests
- Submit a pull request - See CONTRIBUTING.md for detailed guidelines
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with Next.js
- Powered by Google Gemini AI
- Authentication by Auth0
Made with ❤️ for the open source community