| Hi HN, I'm a solo dev and student, and I recently built API Radar — a real-time tool that monitors public GitHub commits for leaked API keys (OpenAI, Google Gemini, Anthropic Claude, and more). What it does:
Scans public GitHub commits in real time
Detects API keys using pattern matching and validation heuristics
Redacts most of the key, but allows copying for verified leaks (for security teams)
Leaderboards by leaky repositories and exposed providers
Built to promote developer hygiene and security awareness Stack:
Backend: Node.js (Fastify), MongoDB, Redis, custom TruffleHog-like scanner
Frontend: Next.js 14, TailwindCSS, shadcn/ui
Infra: VPS, NGINX + SSL, background worker farm, rate-limit handling Current stats (soft launch):
210 active users
208 new users
2.6K total events
53s average engagement time Built fully solo — from design to deployment, analytics to queue resilience. My goal was to ship something fast, security-aware, and production-grade. Would love feedback on:
Improving UX for security teams
Ethics around redaction and disclosure
Ideas to scale this into an OSS tool or API service Thanks for reading!
https://apiradar.live — Zaim |
Nice work again.