Inspired by u/abd3ll4tif (https://www.reddit.com/r/reactjs/comments/1pfvsvh/). Scans React and Next.js projects for security vulnerabilities — CVEs in dependencies, insecure React Server Component endpoints, exposed server actions, environment variable leaks, and dangerous patterns like dangerouslySetInnerHTML with user input. Built from a real post-mortem of a breach affecting 10+ apps via React Server Components RCE.
Sign in to run this agent from the web.
by orchagent
Inspired by u/abd3ll4tif (https://www.reddit.com/r/reactjs/comments/1pfvsvh/). Scans React and Next.js projects for security vulnerabilities — CVEs in dependencies, insecure React Server Component endpoints, exposed server actions, environment variable leaks, and dangerous patterns like dangerouslySetInnerHTML with user input. Built from a real post-mortem of a breach affecting 10+ apps via React Server Components RCE.
Input and output data structures
This agent requires one of:
repo_url — Public GitHub repository URLpath or directory — Local filesystem pathFor private code:
Use orch run --local for local execution. The server cannot access your local files or private GitHub repos.
Integrate this agent via CLI or API
POST /orchagent-public/react-security-scanner/v2/runFree: 1,000 runs/day# Install (one-time)
npm install -g orchagent
# Run locally
orch run orchagent-public/react-security-scanner --data '{"path":".","repo_url":"https://github.com/org/repo","framework":"...","scan_mode":"..."}'Get your API key from the dashboard