Subscribe
Sign in
Launched on September 10th, 2024
Minimal Security Measures for Everyone Vibe Coding 🔒
Security is a hot topic in the vibe coding community these days, and for a good reason!
Here's my minimalist checklist to keep your web app safe - explained in plain language, no tech jargon required.
✅ Secrets: Never keep your secret keys (like API tokens or .env files) in your code repository. Think of these like the master keys to your digital home. Keep them separate from your blueprints that others might see.
✅ Frontend code: What users see in their browser - is like an open book. Never hide sensitive API keys there - they're visible to anyone who knows where to look. Always keep secrets on your server-side. For example, do not expose your `OPENAI_API_KEY` from frontend.
✅ Database: You need security policies, also known as "row-level-security" - RLS. This ensures people only see the data they're supposed to see - like having different keys for different rooms in a building.
✅ APIs: API endpoints (your backend code) must be authenticated. If not, unauthorized users can access data and perform actions unwanted actions.
✅ Hosting: Use solutions like Cloudflare as a shield. They help protect your site from overwhelming traffic attacks (DDoS) - like having security guards who filter visitors before they reach your door.
✅ Packages: This one might be tricker - but it is as equally as important! Regularly check your building blocks (packages and libraries) for vulnerabilities. AI generated code is a convenient target for attackers that can trick AI to introduce unsafe code - it's like making sure none of your locks have known defects.
✅ Validate all user inputs: Never trust information coming from outside your system. It's like checking ID at the door - it prevents attackers from sneaking in harmful code through forms or search fields.
Lastly: If your'e not how to implement any of the above security measures, or if it's implemented - ask your AI! For example, you could use the following prompt:
Review the backend & API routes. Are all APIs authenticated?
Hope you find it useful. As always, if you need my help: I'm here for you.
Dan
Recently I've worked with a group of non-corders trying to "vibe code" their apps with AI. While knowing code is clearly not a must these days, it helps to get technical. People who were familiar with basic software engineering concepts were 10x more likely to success and get better results. So, with the hope of providing value to the non-coders people, I've created a quick roadmap for the basic terms and concepts you should be familiar with.
Requirements: Building apps with AI is all about being able to clearly guide AI and express your app features and requirements. You need to be able to express those ideas and explain them as you’d explain to a human developer. Think like a Technical Product Manager.
Frontend: The face of your app. It's what your users see and interact with. It could be a website, a mobile app, or a desktop app. Most popular frontend libraries and frameworks are React, Next.js.
UIs: They are the buttons, the forms, the modals, the tooltips, etc. In React, the UI is built with components. For design & styling, Tailwind CSS is the most popular library. For animations, Framer Motion is the most popular library.
Packages & npm: Apps are not built from scratch. They are built on top of existing libraries and frameworks, like lego blocks.
The most popular package manager is npm. For example, "react-hook-form" is a famous package that helps you build forms.
Backend: The backend is the part of your app that runs on the server.
It's where you store your data, your business logic.
e.g: If you want to send an email, or process payments - this is where you'll do it.
Vibe tip: Use minimal backends with serverless functions.
Database: The database is where you store your data.
It's where you store your users, your projects, your tasks, etc. Think of it as a big spreadsheet.
I recommend using a database that is integrated with your frontend.
For example: Fine, or Supabase.
API: Real-life apps almost always need to integrate with other apps.
For example: if you want to send email, or get weather data, or integrate with AI - it's all done through APIs.
Hosting & Deployment: For your app to be accessible to the public, you need to host it.
The code is usually hosted on GitHub, and deployed to platforms like Fine, Vercel, Netlify.
Finally, being comfortable with code is helpful - even if not a must.
AI often makes minor mistakes (like importing a wrong package), and if you’re not afraid of reviewing code - you will get better results faster.
Plan > Prototype > Production > Publish
Hey PH! 👋
After building numerous apps with AI over the past year, I wanted to share some helpful tips I've gathered along the way, to help you vibe code your next idea:
1️⃣ Follow the 4P Method: Plan > Prototype > Production > Publish. This is how I build my apps. This method helps me break down complexity and make faster progress.
2️⃣ Plan before coding. Start with a solid foundation by using AI to create a PRD and map out your features, design, and data model. If possible, add references to existing applications (e.g. “like Airbnb”) and screenshots.
3️⃣ Focus on creating a working prototype first. Save backend implementation and authentication for later to avoid unnecessary complexity early on. Once you're comfortable with the UX and design, then move forward with the backend.
4️⃣ Starting fresh > Iterate. If AI didn’t pick up on your prompt, sometimes it’s better to start fresh. For small changes, iteration makes sense. For larger issues, especially during the prototype phase, it's often more efficient to edit your initial prompt and start over.
5️⃣ Provide visual feedback. When iterating, share screenshots of your generated app with the AI. This significantly helps with resolving UI issues.
6️⃣ Name your components and versions. Thanks to @rajiv_ayyangar for this tip. Establish a shared vocabulary with the AI by asking it to enumerate, name, and describe different states of your app. This makes it easier to reference specific elements when requesting changes.
What other hacks are you using in your AI builds? Share them below! 👇
