Ripplex

Private beta -- free while we build

Not a linter.
A safety net.

Ripplex runs semgrep, oxlint, jscpd, and knip on every pull request -- in parallel. One ranked comment lands before your reviewer opens the diff.

Powered by
semgrepÂ.oxlintÂ.jscpdÂ.knip

One line of code.
Infinite consequences.

The butterfly effect in software architecture.

01
schema.ts
- age: number+ dateOfBirth: Date
02
db/users.ts
Type error: Property 'age' does not exist
03
api/users.ts
Cascading failure in serialization
!
PaymentService.ts
CRITICAL: Service unavailable
3 PRODUCTION ROUTES FAILED
TESTS: 47 FAILED

Ripplex flags this before the PR is reviewed.

One ranked comment. The reviewer sees the risk before they open the diff.

[CRITICAL] semgrep → Type mismatch: age → dateOfBirth cascade

How it works

PR in. Comment out.

Nothing to configure. Nothing to commit to your repo. Install the GitHub App, and Ripplex watches from then on.

01

PR opens

GitHub sends a webhook. Ripplex spins up an ephemeral sandbox scoped to that PR -- your code never touches a shared environment.

02

Four scanners run

semgrep, oxlint, jscpd, and knip run in parallel. Each has its own process, its own timeout, its own failure boundary.

03

Results merge

Overlapping findings are de-duplicated. Everything left gets ranked by severity. One list, not four.

04

Comment posts

A single ranked comment lands on the PR before your reviewer opens the diff. Sandbox is destroyed.

JS & TS supported today
more languages on the roadmap

In-editor intelligence.

Watch the ripple effects form as you type. Ripplex hooks into your editor to provide instant feedback without leaving your flow.

schema.ts
12345678910
import { z } from 'zod';

Ripplex Intelligence
Waiting for changes...

Four scanners, one comment

Runs the tools you'd wire up anyway.

Each scanner runs in an isolated sandbox scoped to the pull request. Results are de-duplicated, ranked by severity, and collapsed into one comment -- not four CI logs.

semgrep
Security
CRITICAL

Static analysis against 1000+ rules. Catches injection flaws, hardcoded secrets, and insecure patterns before they land in your default branch.

[CRITICAL] SQL injection via string concat in db/users.ts:42
oxlint
Lint
WARN

50--œ100x faster than ESLint. Picks up undefined variables, unreachable code, and common runtime traps that editors miss in large files.

[WARN] 'authToken' is assigned but never read (auth/session.ts:14)
jscpd
Duplicates
WARN

Finds copy-pasted blocks across the repo. Duplication is fine until one copy gets the fix and the other doesn't.

[WARN] 38-line block duplicated across api/orders.ts and api/cart.ts
knip
Dead code
INFO

Tracks exports nobody imports, dependencies nobody uses, and files that went orphan after a refactor.

[INFO] Unused export: formatCurrency (lib/utils.ts) -- 0 references
rx
ripplex-bot
just now
Ripplex scan -- 3 findings
[CRITICAL] semgrep → SQL injection via string concat db/users.ts:42
[WARN] oxlint → 'authToken' assigned but never read auth/session.ts:14
[WARN] jscpd → 38-line block duplicated in api/cart.ts (38% similarity)
knip -- no dead exports in this diff âÅ"“

Plugs into your ecosystem.

Ripplex connects to your repository, editor, and deployment pipeline. It works where you work, silently analyzing in the background.

Placeholder
C
Cl
W
4 tools
in one place
semgrep Â. oxlint Â. jscpd Â. knip
1 comment
per PR
not four CI logs to dig through
0 config
to get started
install the GitHub App and it watches
In private beta. Pricing starts soon -- early users get 30% off permanently.
Join the list →

Ripplex for Vibe Coders

You ship. We handle the technical debt.

You're building fast with an AI editor. That's the point. But every sprint leaves behind dead code, security gaps, and duplicated logic your AI didn't flag.

Ripplex developers scan your codebase on a schedule -- or whenever you ask. You get either a prioritised fix list, or a copy-paste prompt you drop straight into Cursor, Claude, or Windsurf. Keep vibing.

Fix report
A ranked list of issues with remediation steps. Read it yourself and decide what to tackle.
AI prompt
A copy-paste prompt pre-loaded with context. Drop it in your AI editor and let it fix the code.
On request48h turnaround

When you need a second pair of eyes.

$49per review
  • Full codebase scan
  • Prioritised fix list
  • Copy-prompt for your AI editor
  • One round of follow-up questions
Request a review
Monthly24h turnaround

Ship. We clean up the mess once a month.

$79/ month
  • Everything in On Request
  • Monthly scheduled scan
  • Trend report -- are things improving?
  • Slack / Discord delivery
Start monthly
Weekly12h turnaround

Zero-accumulation vibe coding.

$199/ month
  • Everything in Monthly
  • Weekly scan every Monday
  • Diff-aware -- only reviews new code
  • Priority queue
Start weekly

putting the vibe back in vibe coding

Pricing

Simple pricing.

Free during beta. Early users get 30% off forever when billing starts.

MCP
$9/mo

Connect Ripplex to your AI editor. Blast radius, security, dead code, and duplicates in your coding session.

  • MCP server access
  • All four scanners
  • Cursor, Claude, Windsurf
  • 1 user
Get early access
most popular
MCP + GitHub
$15/mo

Everything in MCP, plus automatic PR comments on every pull request you open.

  • Everything in MCP
  • GitHub App included
  • Auto PR scan comments
  • Priority scan queue
Get early access
Team
$29/mo

Full coverage for engineering teams. Shared access, unlimited repos.

  • Everything in MCP + GitHub
  • Up to 5 users
  • Unlimited repos
  • Early access to new features
Talk to us

Questions

No. Each scan runs in an ephemeral sandbox scoped to that pull request and is discarded the moment the comment posts. Nothing is retained, and nothing is used to train anything.
JavaScript and TypeScript today. More languages are on the roadmap -- join the beta list and we'll tell you when yours lands.
Yes. The MCP server connects to your AI editor and runs scans on files you're actively working on -- no GitHub required.
Ripplex runs all four in parallel, de-duplicates overlapping findings, ranks what's left by severity, and posts one clean comment instead of four separate CI logs.
We'll email you before anything changes. Early users get 30% off their plan permanently. You'll never be charged without warning.