Show HN: Prodlint – A linter that catches what AI coding tools miss
github.comI built Prodlint because I kept shipping the same bugs when building with Cursor, Copilot, and v0. Hardcoded secrets, missing auth checks, hallucinated imports, SQL injection through template literals — AI tools generate these constantly and TypeScript doesn't catch them.
Prodlint is a zero-config static analysis tool with 52 rules across four categories: Security, Reliability, Performance, and AI Quality. It runs in ~1 second, uses AST parsing (no LLM calls), and scores your codebase 0-100.
Some things it catches that surprised me during development: - Imports for npm packages that don't exist (AI hallucinates these) - API methods that aren't real (.flatten(), .contains(), .substr()) - "use client" on files that don't need it - Prisma writes without $transaction - Next.js redirect() inside try/catch (breaks silently) - NEXT_PUBLIC_ on secrets like database URLs
Usage: npx prodlint (no install needed)
MIT licensed. Would love feedback on false positives — that's the hardest part of building a linter
No comments yet.