HIGH SECURITY
possible hardcoded credential
generic-secret
CLI-first launch checks
Find launch risks before users do.
Start with a free public preview, then run the real scan locally in your terminal. The free CLI shows the top 3 findings. The $10 unlock reveals the full report without uploading source code.
npx should-i-ship@latest scan
Findings: 9 total
Security: 2 high-risk issues
Fix-first plan
1. HIGH SECURITY ...
2. HIGH LAUNCH ...
3. MEDIUM LAUNCH ...
Locked findings: 6
Unlock exact files and fixes for $10?
(no source code) [Y/n]Live preview signal
Most scanned apps are not clean.
Aggregated from stored, sanitized preview findings. No repo names, file paths, code snippets, or secrets.
HIGH SECURITY
API route missing authentication
missing-auth
HIGH LAUNCH
no rate limiting on API endpoints
no-rate-limit
MEDIUM LAUNCH
endpoints missing input validation
partial-input-validation
Free preview
Paste a public repo and get a quick read.
The preview scans a small public slice and shows sanitized findings. It is a fast taste of the rules before someone installs the CLI.
Public repos only. For private code, use the local CLI.
CLI funnel
The main product now lives in the terminal.
Run the free scan as often as you want while you fix code. When you want the complete diagnosis, create an unlock link and pay once for the full report.
npx should-i-ship@latest scannpx should-i-ship@latest scan --unlock-linknpx should-i-ship@latest scan --no-uploadFree CLI scan
Run from your project folder. Source code stays local and the CLI writes Markdown plus JSON.
Top 3 findings
The free output shows the highest-priority issues with details and fixes. Extra findings are locked by severity and category.
$10 full report
Upload findings metadata only to unlock every issue, exact files, fix suggestions, AI repair prompts, and a shareable report.
Paid unlock
$10 for the full report.
The upload contains findings, file paths referenced by findings, scores, counts, and scan metadata. It does not include source code, file contents, environment variables, or ignored files.
No source code upload from CLI scansIgnored files and environment variables stay outPreview scan works on public repos onlyUnlock links store findings and scan metadata only