Is my source code sent to ShipSafe servers?

Never. ShipSafe runs entirely on your machine. Scans, analysis, and auto-fixes all happen locally. Your source code never leaves your computer. No account required. Works offline.

How do I install ShipSafe?

Run: npm install -g @shipsafe/cli. Then run 'shipsafe scan' in any project directory. That's it — zero configuration required.

What does ShipSafe detect?

ShipSafe has 1,200+ detection rules covering SQL injection (127 rules), XSS (143 rules), prompt injection (7 rules), command injection (89 rules), SSRF (67 rules), hardcoded secrets (174 patterns), insecure authentication (98 rules), malicious MCP servers (30 patterns), path traversal, insecure deserialization, and more.

How is ShipSafe different from Snyk or SonarQube?

ShipSafe runs entirely locally (Snyk requires cloud), has AI-specific security rules like prompt injection and malicious MCP server detection (unique to ShipSafe), strips image metadata, and includes an MCP server for AI coding assistants. It's built for solo developers and small teams who use AI coding assistants.

Can I use ShipSafe with Claude, Cursor, or other AI tools?

Yes. ShipSafe includes an MCP server with 8 tools that plug directly into Claude, Cursor, Windsurf, and any other MCP-compatible assistant. Your AI can check security while it writes code.

What is prompt injection and does ShipSafe detect it?

Prompt injection is when untrusted user input is passed directly into LLM prompts, allowing attackers to manipulate AI behavior. ShipSafe has 7 dedicated rules that detect unsanitized user input in LLM prompts, system prompt leakage, indirect prompt injection via retrieved content, and prompt template manipulation.

What are malicious MCP servers and how does ShipSafe detect them?

Malicious MCP servers are rogue AI tool servers that can steal credentials, exfiltrate code, or inject malicious prompts. ShipSafe's scan-environment command checks your MCP configurations, CLAUDE.md files, git hooks, and npm scripts for 30 threat patterns including credential theft, data exfiltration, and prompt injection.

Yes. The free tier includes full security scanning with 1,200+ rules, git pre-commit hooks, baseline/delta mode, and support for 1 project. Pro ($19/mo) adds knowledge graph analysis, auto-fix, monitoring, and MCP server. Team ($49/mo) adds GitHub App integration and source maps.

How does ShipSafe reduce false positives?

ShipSafe uses Tree-sitter AST analysis to understand code context — it knows whether a variable comes from user input and whether it's been sanitized before reaching a dangerous sink. This context-aware detection dramatically reduces false positives compared to regex-only scanners.

Is it safe to use claude --dangerously-skip-permissions with ShipSafe?

ShipSafe's git pre-commit hooks provide a safety net when using --dangerously-skip-permissions. Even if Claude Code writes insecure code in autonomous mode, ShipSafe blocks the commit if it contains hardcoded secrets or critical vulnerabilities. Install hooks with: shipsafe hooks install.

Changelog

Every release, every rule, every improvement. ShipSafe version history from v0.2.5 to v1.3.0.

v1.3.0March 24, 2026

•Pre-commit only by default — no more pre-push friction blocking rapid development
•Receiver-aware knowledge graph — db.query() is a sink, Array.find() is not
•40+ receiver-gated sink patterns across database, filesystem, shell, network
•Update notifications — nudges users when a newer version is available

v1.2.0March 22, 2026

•Replaced KuzuDB with zero-dependency in-memory graph engine
•Real end-to-end graph tests on fixture files (not mocked)
•Graph engine tested on Creative Dashboard: 125 files, 257 functions, 491ms
•Removed deprecated kuzu dependency (66 packages removed)

v1.1.4March 22, 2026

•React component awareness — backend-only rules skip .tsx/.jsx files
•Fastify schema validation downgraded to low (best practice, not vulnerability)
•SSRF rules skip known API bases (Meta, Google, Stripe)
•Insecure random token rules skip Date.now() used for expiry timestamps

v1.1.0March 22, 2026

•Import-level context analysis — checks file imports before flagging (auth, sanitization, validation)
•In-memory call map — cross-file function call tracing for FP reduction
•Call chain auth detection — suppresses missing-auth when called from authenticated context
•SQL/XSS findings downgraded when validation found in call chain

v1.0.11March 21, 2026

•Demo/default passwords stay critical severity with improved messaging
•Better warning: "These get forked and deployed to production"

v1.0.10March 21, 2026

•Auto-detect Supabase/Clerk/Stripe/PostHog projects and suppress known-public NEXT_PUBLIC_ keys
•Optional pre-push hook: `shipsafe setup --commit-only` for faster iteration
•Improved demo password detection messaging

v1.0.9March 21, 2026

•README updated with correct 1,266 detection rule count
•Added `shipsafe audit` and `shipsafe scan-environment` to CLI documentation
•Removed broken CI badge

v1.0.8March 21, 2026

•New `shipsafe audit <url>` command — scan any GitHub repo before installing
•Checks vulnerabilities, secrets, malicious patterns, postinstall scripts
•Trust score (A-F) with SAFE / CAUTION / DANGEROUS verdict
•Web scanner at shipsafe.org/scan with paste skill/config support

v1.0.7March 21, 2026

•Public GitHub repo with GitHub Discussions enabled for feature requests and bug reports
•Feature request section on homepage — community-driven product development
•Comprehensive SEO overhaul — 36 pages including docs, blog, security guides, and comparison pages
•AI search optimization — llms.txt, structured data, AI bot crawler rules

v1.0.6March 21, 2026

•MetaStrip integration — automatically strips EXIF, GPS, and camera metadata from images before commit
•New image metadata scanning rules detect sensitive location and device data in committed images
•Improved git hook performance for repositories with large binary assets

v1.0.5March 18, 2026

•Tree-sitter AST context analysis for dramatically reduced false positives
•Context-aware detection understands whether variables come from user input and whether sanitization exists
•AST analysis covers JavaScript, TypeScript, and Python source files
•Benchmark: 40% fewer false positives on real-world codebases vs v1.0.4

v1.0.4March 15, 2026

•Prisma framework-specific exceptions — parameterized Prisma queries no longer flagged as SQL injection
•Next.js framework-specific exceptions for server actions, API routes, and middleware patterns
•Added 12 new framework-aware rules for common Next.js + Prisma patterns

v1.0.3March 12, 2026

•Real-world false positive fixes from production usage across 200+ projects
•20 rule fixes addressing common library patterns (Zod, tRPC, Drizzle, Hono)
•Improved library detection — known-safe function calls from popular packages are excluded
•Better handling of TypeScript type assertions and generics in detection rules

v1.0.2March 9, 2026

•Performance improvements — 2x faster scanning on large monorepos
•Parallel file processing with configurable worker count
•Memory usage optimization for repositories with 10,000+ files

v1.0.1March 6, 2026

•Bug fixes for Windows path handling in git hooks
•Improved error messages when scanning fails due to file permissions
•Added --json output format for CI/CD integration

v1.0.0March 3, 2026

•Stable release after 100 self-training cycles on real-world codebases
•1,200+ detection rules: 1,062 vulnerability rules + 174 secret patterns + 30 environment threats
•MCP server with 8 tools for AI coding assistants (Claude, Cursor, Windsurf)
•Knowledge graph attack path analysis using Tree-sitter and KuzuDB (Pro)
•Auto-fix for common vulnerabilities (Pro)
•Production monitoring snippet with PII scrubbing (Pro)

v0.9.0February 24, 2026

•Delta mode — scan only changed files since last baseline
•Baseline suppression — set a baseline and only see new findings going forward
•shipsafe scan --baseline and shipsafe scan --delta commands
•Massive speed improvement for incremental scanning in CI/CD pipelines

v0.8.0February 17, 2026

•Malicious MCP/skill scanner with 30 environment threat patterns
•scan-environment command checks CLAUDE.md, git hooks, npm scripts, and MCP configs
•Detects credential theft, data exfiltration, prompt injection, and excessive access patterns
•Environment threat severity levels: critical, high, medium, low

v0.7.0February 10, 2026

•584 detection rules — comprehensive false positive hardening across all categories
•Reduced false positive rate by 60% vs v0.6.0 through improved pattern specificity
•Added framework-specific exceptions for Express, Fastify, Koa, and Hono
•Improved secret detection accuracy with entropy-based filtering

v0.6.0February 3, 2026

•Git pre-commit hook integration — shipsafe hooks install
•Hooks auto-scan staged files before every commit
•Configurable hook behavior: block on critical, warn on high
•Hook bypass with --no-verify (documented for emergency use only)

v0.5.0January 27, 2026

•501 detection rules including 7 prompt injection rules
•Prompt injection detection for OpenAI, Anthropic, and Google AI SDKs
•RAG poisoning detection for retrieval-augmented generation patterns
•System prompt leakage detection

v0.4.0January 20, 2026

•Secret detection with 174 patterns covering 50+ services
•AWS, Stripe, GitHub, Google Cloud, Azure, Slack, Twilio, and more
•High-entropy string detection for generic credentials
•Private key detection (RSA, DSA, EC, PGP)

v0.3.0January 13, 2026

•One-command install via npm install -g @shipsafe/cli
•Git-aware scanning — respects .gitignore and only scans tracked files
•.shipsafeignore support for custom exclusion patterns
•Improved CLI output with severity colors and fix suggestions

v0.2.5January 6, 2026

•Initial public release
•Core scanning engine with 200+ detection rules
•SQL injection, XSS, command injection, and SSRF detection
•Basic CLI with scan command and JSON output

Try the Latest Version

Install ShipSafe v1.3.0 and get all 1,266 detection rules.

npm install -g @shipsafe/cliGet Started Free