Supaleak – Secret scanning for shipped-too-fast websites

Summary: Supaleak scans live websites to detect exposed API keys, tokens, JWTs, Supabase keys, and other sensitive data. It validates leaked secrets and sends alerts to help teams fix issues before production deployment.

What it does

Supaleak monitors real JavaScript files on live sites, performs scheduled scans, validates if leaked secrets are usable, and sends email alerts with CSV export options for audits.

Who it's for

It is designed for teams shipping fast with vibe coding who need to prevent accidental secret exposure in production.

Why it matters

It helps identify and fix exposed secrets before attackers can exploit them, reducing security risks in deployed websites.