REDWOOD LABS

Precision Tools for AI-Native Software

Zero dependencies. 91 detection patterns. 8 languages.
Scan your codebase in seconds, not minutes.

terminal
$ npm i -g @redwood-labs/scanner

or run directly: npx @redwood-labs/scanner scan .

001 Zero dependencies 002 MIT licensed 003 AI-native fix prompts

SEE IT IN ACTION

Scan results + AI-ready fix prompt

scan results
$ redwood scan ./demo-server
Building orchestration graph...
 
──────────────────────────────────────
Found 4 issue(s):
──────────────────────────────────────
 
CRITICAL SQL template literal injection
Vulnerable to injection attack
Fix: Use parameterized queries
- server.ts:11
 
HIGH eval() usage
Can execute arbitrary code
Fix: Use JSON.parse() or a proper parser
- server.ts:17
 
HIGH Generic API Key Assignment
Hardcoded API key in source
Fix: Move to environment variable
- server.ts:5
 
HIGH Password Assignment
Hardcoded database password
Fix: Move to environment variable
- server.ts:4
 
──────────────────────────────────────
Summary
──────────────────────────────────────
CRITICAL 1
HIGH 3
AI fix prompt
Paste this to Claude, ChatGPT, or Cursor:
 
Please fix the following security issues
in my codebase:
 
1. SQL template literal injection
File: server.ts, Line 11
Problem: SQL query built with template
literal is vulnerable to injection
Current code:
`SELECT * FROM users WHERE id = ${userId}`
Required fix: Use parameterized queries
with prepared statements
 
2. eval() usage
File: server.ts, Line 17
Problem: eval() can execute arbitrary
code and is a security risk
Required fix: Replace eval() with
JSON.parse() or a proper parser
 
3. Generic API Key Assignment
File: server.ts, Line 5
Required fix: Move this secret to an
environment variable
 
4. Password Assignment
File: server.ts, Line 4
Required fix: Move this secret to an
environment variable
 
For each issue, show me the exact code
change needed.

CAPABILITIES

What Redwood catches

Figure 001

PATTERN DETECTION

Identifies 90+ security vulnerabilities across multiple programming languages.

  • 001 90+ detection patterns
  • 002 Cross-language support
  • 003 High-precision analysis
Figure 002

SECRET SCANNING

Detects exposed credentials, API keys, and tokens before they reach production.

  • 001 API key detection
  • 002 Token scanning
  • 003 Credential protection
Figure 003

CODE QUALITY

Ensures code meets security best practices and compliance standards.

  • 001 Security best practices
  • 002 Compliance checking
  • 003 Risk assessment
Figure 004

CI/CD INTEGRATION

Seamlessly integrates into your existing development workflow and pipelines.

  • 001 GitHub Actions support
  • 002 GitLab CI compatible
  • 003 Fast feedback loops
B+

SPECIFICATIONS

Why teams trust Redwood

ZERO DEPENDENCIES

Completely dependency-free runtime. We've eliminated all external packages to minimize your attack surface.

  • 001 Socket.dev A+ score
  • 002 Supply chain security guaranteed
  • 003 No transitive dependency risks

OPEN SOURCE

Full transparency with MIT licensing. Audit our code, contribute improvements, trust what you can see.

  • 001 MIT licensed
  • 002 100% auditable codebase
  • 003 Community contributions welcome

ENTERPRISE READY

Built from day one for production environments. Integrate seamlessly with your existing workflows.

  • 001 CI/CD integration
  • 002 Detailed reporting
  • 003 Configurable policies

BLAZING FAST

Optimized for speed without sacrificing accuracy. Scan entire codebases in seconds, not minutes.

  • 001 Instant feedback
  • 002 No build step required
  • 003 Scales with your codebase

ALSO FROM REDWOOD LABS

More tools for AI-native work

Figure 001

CAMBIUM

Rails for generation engineering

A DSL and runtime for building reliable LLM programs. Write readable Ruby, compile to auditable JSON, run with typed contracts, repair loops, tool sandboxing, scheduled runs, and full tracing.

  • 001 Ruby DSL → JSON IR
  • 002 TypeScript runtime
  • 003 MIT · v0.1.0
Install
$ npm i @redwood-labs/cambium-runner
Learn more