StableStack.ai

What We Check

87 checks across 15 categories

9 core checks are free and open source. Activate a license to unlock all 87 checks including determinism, async safety, type validation, and more.

Free

Always included (9 checks)

๐Ÿ›ก

Security

6 checks
  • SEC001Hardcoded passwords, API keys, and secrets
  • SEC002SQL queries built with string concatenation
  • SEC004Non-cryptographic random for security tokens

and 3 more checks

๐Ÿ“

Schema Validation

2 checks
  • SCHEMA001Pydantic field nullability mismatches(Python)
  • SCHEMA002Pydantic/SQLAlchemy field type misalignment(Python)
๐Ÿ”’

Session Safety

1 check
  • SESS002Thread-unsafe database session sharing
Pro

Unlock with a license (78 checks)

๐Ÿ”

Extended Security

5 checks
  • SEC007OAuth callback missing state validation(Py, JS/TS)
  • SEC009User input in email headers enables injection(Py, JS/TS)
  • SEC011HTML stored without sanitization(Py, JS/TS)

and 2 more checks

๐ŸŽฏ

Determinism

8 checks
  • DET001Dictionary iteration without sorting causes flaky behavior
  • DET004list(set()) scrambles element order silently
  • DET005Random without seed causes non-reproducible results(Py, JS/TS)

and 5 more checks

โšก

Async & Concurrency

6 checks
  • ASYNC001Async function called without await(Py, JS/TS)
  • ASYNC002Blocking calls inside async functions(Py, JS/TS)
  • CONC001Check-then-act race conditions(Py, JS/TS)
  • SESS001Database session passed to background task

and 2 more checks

โœจ

Code Quality

13 checks
  • QUAL004Mutable default arguments shared between calls
  • QUAL001Silently swallowed exceptions hide real bugs(Py, JS/TS)
  • QUAL011Functions with excessive cyclomatic complexity

and 10 more checks

๐Ÿท

Type Safety

10 checks
  • TYPE008Explicit 'any' type usage defeats TypeScript's purpose(TS)
  • TYPE009process.env.VAR! non-null assertion can crash at runtime(TS)
  • TYPE010JSON.parse without validation is unsafe(Py, TS)

and 7 more checks

๐Ÿ”Œ

API Design

5 checks
  • API001API calls without error handling(Py, JS/TS)
  • API005Frontend/backend type definitions drift apart

and 3 more checks

๐Ÿงช

Testing

7 checks
  • TEST001Tests marked as skipped accumulate silently(Py, JS/TS)
  • TEST007Critical user flows missing E2E test coverage

and 5 more checks

๐Ÿ“

Project Structure

14 checks
  • STRUCT004Direct sys.path manipulation breaks packaging
  • STRUCT010No clear frontend/backend separation(JS/TS)
  • PROJ001No CLAUDE.md file for AI assistant context

and 11 more checks

๐Ÿ–ฅ

Frontend

3 checks
  • FRONT002window/document access without SSR guard(JS/TS)
  • FRONT001Tab state not synced with URL routing(JS/TS)

and 1 more check

โ˜ธ

Infrastructure

5 checks
  • KUBE001Local filesystem used for application data(Py, JS/TS)
  • DATE002Datetime without timezone causes silent bugs
  • RATE001API endpoint without rate limiting(Py, JS/TS)

and 2 more checks

๐Ÿš€

Performance

1 check
  • PERF001Database calls inside loops (N+1 queries)(Py, JS/TS)
โ™ฟ

Accessibility

1 check
  • A11Y001Button text may be invisible on background color

Try it now

Free tier runs instantly with no signup. Upgrade anytime to unlock all 87 checks.

pip install stablestack