Dev Tools · 1h ago
Shadowaudit CLI catches undocumented Express.js routes before production
Shadowaudit is a new CLI tool that statically scans Express.js codebases for undocumented or unauthenticated routes, comparing them against OpenAPI specs. It can fail CI pipelines on critical findings, preventing shadow APIs from reaching production. The tool supports configurable severity levels and outputs in table, JSON, or SARIF formats.
Meridian48 take
A practical developer tool that addresses a real security gap, though its value depends on teams maintaining accurate API specs.
Read the full reporting
I built a CLI that catches shadow APIs in Express.js repos before they merge to production →
DEV Community
api-securitycli-tool