usercodeX-creator

usercodeX-creator / Trace-core

Public

AI can write. Trace can read. Open-source security checker for AI-generated code.

10
2
100% credibility
Found Apr 22, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

An open-source command-line tool that scans AI-generated code for security vulnerabilities like hallucinated dependencies, credential leaks, and silent error handling across six programming languages.

How It Works

1
📰 Discover the checker

You hear about a handy tool that spots security slip-ups in code created by AI writing helpers.

2
💻 Get it ready

You easily add this free checker to your setup so it's always there when you need it.

3
🔍 Scan your code

You pick your code files, and the tool quickly reads them to find AI-specific mistakes like fake packages or hidden secrets.

4
⚠️ See the issues

It lists problems clearly with examples from your code, showing exactly where and why to fix them.

5
🛠️ Fix and recheck

You make the suggested changes to your code, then run the checker again to confirm everything looks good.

Code is safe!

Your AI-written code passes with flying colors, ready to use securely without hidden risks.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Trace-core?

Trace-core is a TypeScript CLI tool that scans code for security flaws unique to AI-generated output, like hallucinated dependencies not found on npm or PyPI, hardcoded secrets, and silent exception handlers. Run `npx trace-check your-file.py` to get colored terminal output or JSON, flagging issues across Python, JavaScript/TypeScript, Go, Rust, and Ruby with severity levels. It plugs into GitHub workflows or pre-commit hooks to block bad AI code before it lands, catching what Snyk misses on LLM bugs.

Why is it gaining traction?

Unlike general linters, it targets AI failure modes—slopsquatting imports, fake type safety, unwrap abuse in Rust—making it a quick win for Copilot or Cursor users. Drop it into CI via GitHub Actions written in TypeScript, Go, Python, or Rust, or as a pre-commit gate to enforce write github workflow security without paid tiers. Human-readable output and zero false positives on stdlib keep it lightweight.

Who should use this?

Backend devs shipping AI-assisted Python/Go/Ruby code prone to credential leaks or SQL interpolation. Full-stack teams building GitHub Actions or writing Copilot extensions, tired of manual secret scans. Security engineers auditing repos for coresight trace issues or github write permissions in workflows.

Verdict

Grab it for early AI code hygiene—solid detectors and easy GitHub Action integration make it practical now. With 10 stars and 1.0% credibility score, it's immature (light tests, basic docs), so pair with established tools until it matures.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.