Vibe Safe

An open standard that surfaces dependency and extension safety at the exact moment an AI tool recommends them.

Vibe Safe, a safety signal for AI-recommended dependencies
RoleAuthor
ToolsOpen Standard · Supply Chain · AI Tooling
THE POINT

Make safety visible where vibe coders actually install

Millions of people now build by asking AI to add a package or install an extension, and nothing in that loop stops to ask whether it's safe. The analysis already exists, Socket.dev, OpenSSF Scorecard, VirusTotal, it just never reaches the point of decision.

Vibe Safe is a proposal for a single composable score and an embeddable badge that any AI coding tool can query inline. Not a product, an open standard, because ubiquity is the point: one flag propagates everywhere at once.

I wrote up the full argument, the attack surface, and the honest hard part, which is distribution, not detection.

Read the full proposal