Security Scannerfor React Native
Detect vulnerabilities, hardcoded secrets, and security misconfigurations before they reach production.
Find vulnerabilities before they reach user
Real-time vulnerability detection with actionable insights and explenations
Security Analysis
Scan completed•959 files analyzed
Get started with one command
One command. Zero configuration. Instant security insights.
Built for React Native developers
Specialized security analysis for mobile-first applications
68+ Security Rules
Comprehensive detection of insecure storage, cleartext traffic, hardcoded secrets, and more.
Zero Configuration
Works out of the box with React Native and Expo. No setup files or configuration needed.
NPM Vulnerability Scanner
Real-time npm audit integration detects vulnerable and deprecated packages in your dependencies.
100% Private
All scanning happens locally on your machine. Your code never leaves your system.
CI/CD Ready
Seamless integration with GitHub Actions, GitLab CI, and other CI/CD platforms.
JSON & HTML Reports
Export detailed reports in HTML, JSON, or CLI format for easy sharing and integration.
What it catches
From hardcoded secrets to platform misconfigurations
Hardcoded API Keys & Secrets
Detects exposed API keys, JWT tokens, AWS credentials, and other secrets in source code that can be extracted from app bundles.
Insecure Data Storage
Identifies sensitive data stored in AsyncStorage without encryption. AsyncStorage is plaintext and accessible with root access.
Android Cleartext Traffic
Detects when usesCleartextTraffic is enabled in AndroidManifest.xml, allowing unencrypted HTTP connections.
Vulnerable NPM Packages
Scans dependencies for known vulnerabilities via npm audit and identifies deprecated packages like request, node-uuid, and colors.
Insecure Deeplink Handler
Deep link handlers without proper URL validation. Malicious apps can trigger arbitrary deep links to execute unauthorized actions.
Root/Jailbreak Detection Absent
No root/jailbreak detection for sensitive apps. Rooted/jailbroken devices can bypass security controls and expose sensitive data.
WebView Security Issues
Finds dangerous WebView configurations like JavaScript injection, file access enabled, and missing URL validation.
iOS App Transport Security
Catches disabled ATS or overly permissive exceptions that allow insecure HTTP connections on iOS.
Weak Authentication Patterns
Detects insecure random generators for tokens, missing JWT expiry checks, and insecure password input fields.
Trusted by devs and teams
See what the community is saying about rnsec
"Zero setup" is the killer feature here. Security tooling is notoriously painful to configure, which is why most devs skip it until it's too late. If you can actually deliver on the "one command" promise, you aren't just selling security; you're selling time. Starred.
finally, peace of mind for devs
We identified and resolved potential security risks in our code before deploying to production, thanks to RNSec.
This is pretty cool! Just tried it
"in the age of AI and vibe coding" is the most accurate description of 2025 development i've heard. zero-setup security scanner that actually works in CI is exactly what mobile devs need when you're shipping 3x faster with claude
rnsec.dev is really awesome bro. Helped me a lot. Killed the huge pain point for native apps: Security. Waiting for more rules.
Umm thank you whoever made this.. you? This is awesome and as and indie developers I worry about stuff like this slipping through the cracks.
I really loved the project, thanks Adnan 💙
Awesome 🔥
amazing!!! 😙😃
Just tried on some of my hobby projects, and absolutely loved it!! Thanks for this Adnan, really appreciate it mann!
Ready to secure your app?
Start scanning for vulnerabilities in seconds