Security Scannerfor React Native
Detect vulnerabilities, hardcoded secrets, and security misconfigurations before they reach production.
Find vulnerabilities before they ship
Real-time detection with actionable insights
Security Analysis
Scan completed|959 files analyzed
Get started with one command
Zero configuration. Instant security insights.
Built for React Native developers
Specialized security analysis for mobile-first applications
85+ Security Rules
Comprehensive detection across storage, network, crypto, authentication, and platform security.
Zero Configuration
Works out of the box with React Native and Expo. No setup files needed.
NPM Vulnerability Scanner
Real-time npm audit integration detects vulnerable and deprecated packages.
100% Private
All scanning happens locally on your machine. Your code never leaves your system.
CI/CD Ready
Seamless integration with GitHub Actions, GitLab CI, and other platforms.
JSON & HTML Reports
Export detailed reports in HTML, JSON, or CLI format for easy sharing.
What it catches
From hardcoded secrets to platform misconfigurations
Hardcoded API Keys & Secrets
Detects exposed API keys, JWT tokens, AWS credentials, and other secrets that can be extracted from app bundles.
Insecure Data Storage
Identifies sensitive data stored in AsyncStorage without encryption, accessible with root access.
Android Cleartext Traffic
Detects when usesCleartextTraffic is enabled, allowing unencrypted HTTP connections.
Vulnerable NPM Packages
Scans dependencies for known vulnerabilities via npm audit and identifies deprecated packages.
Insecure Deeplink Handler
Deep link handlers without proper URL validation, allowing unauthorized actions.
Root/Jailbreak Detection Absent
No root/jailbreak detection for sensitive apps that can bypass security controls.
WebView Security Issues
Finds dangerous WebView configurations like JavaScript injection and file access.
iOS App Transport Security
Catches disabled ATS or overly permissive exceptions that allow insecure HTTP.
Weak Authentication Patterns
Detects insecure random generators, missing JWT expiry checks, and insecure inputs.
Trusted by devs and teams
See what the community is saying about rnsec
"Zero setup" is the killer feature here. Security tooling is notoriously painful to configure, which is why most devs skip it until it's too late. If you can actually deliver on the "one command" promise, you aren't just selling security; you're selling time. Starred.
finally, peace of mind for devs
We identified and resolved potential security risks in our code before deploying to production, thanks to RNSec.
This is pretty cool! Just tried it
"in the age of AI and vibe coding" is the most accurate description of 2025 development i've heard. zero-setup security scanner that actually works in CI is exactly what mobile devs need when you're shipping 3x faster with claude
rnsec.dev is really awesome bro. Helped me a lot. Killed the huge pain point for native apps: Security. Waiting for more rules.
Umm thank you whoever made this.. you? This is awesome and as and indie developers I worry about stuff like this slipping through the cracks.
I really loved the project, thanks Adnan
Awesome
amazing!!!
Just tried on some of my hobby projects, and absolutely loved it!! Thanks for this Adnan, really appreciate it mann!
Gives me a fast security analysis of my project in just seconds. Legend @adnansahinovich. Also, vibe coders are gonna love this tool.
Ready to secure your app?
Start scanning for vulnerabilities in seconds