VibeCanyon

Trust Score

Every listing on VibeCanyon is automatically scanned across 5 dimensions. The resulting Trust Score (0-100) helps buyers make informed decisions.

Score Tiers

90-100
Verified

Production-ready. Excellent across all dimensions.

70-89
Good

Minor issues, but a solid foundation to build on.

50-69
Fair

Functional but needs improvement in key areas.

Below 50
Not Listed

Does not meet minimum quality standards.

5 Dimensions

Security

(30%)

Scans for hardcoded secrets, known vulnerabilities in dependencies, and insecure patterns. One critical finding caps this score at 20/100.

Quality

(25%)

Checks for TypeScript strict mode, test files, ESLint configuration, and code duplication. Projects with >15% duplication receive a penalty.

Performance

(20%)

Analyzes image optimization, large assets, bundle configuration, and runs Lighthouse for web applications.

Freshness

(15%)

Evaluates Node/Python version, framework version, dependency count and age, and checks for known CVEs.

Completeness

(10%)

Verifies presence of README, LICENSE, .env.example, proper package.json scripts, and setup instructions.

How It Works

When a seller submits a GitHub repository:

  1. We clone the repository into an isolated, sandboxed container
  2. All 5 dimension checks run in parallel
  3. Scores are weighted and combined into the overall Trust Score
  4. Results are saved permanently — scan history is visible
  5. Listings scoring below 50 are not published

The scanner container has no access to the main application or database. It communicates only via a job queue. No code is executed — only static analysis is performed.