Ask HN: How are you checking the security of your vibecoded personal projects?
Last night I had a computational use case itch that needed scratching and some time to kill, so I did something I haven't done before: I sat down with GitHub CoPilot in agentic mode to vibecode. I'm a Python backend dev, and wanted a GUI-based program to view and edit .ADIF files on MacOS.
I worked through prompting it to make an Electron.js app (which I have no experience with) written in React (which I have only a slight amount of experience with) that can open the files and display their contents in an Ag-Grid element. I confirmed that it will at least open a test file before quitting for the evening.
I know generally what to look for when it comes to Python code and security, but am not so sharp with Electron.js and React. I could just throw the program out there as something to use on GitHub, but would like a minimum amount of QA and security review first, even if those come via AI.
It seems to me that vibecoding is a double-edged sword: no way could I have written that application in an evening by myself, but by the same token, I'm not familiar enough with the caveats of the software being generated to make a firm judgment on security and reliability risks. Even though this is just a little hobby-related project, I'd like to know I'm not shoving a piece of malware out there if there's a compromised JS library or the like in my project.
What tools, techniques, etc. do the denizens of HN use to accomplish this task?