Your AI Wrote the Code. Who's Checking It?

I review a lot of PRs at work. Over the last year, I started noticing patterns in AI-generated code that kept showing up. Same five or six things, every time. Empty catch blocks. as any sprinkled everywhere. Comments that just restate what the code does. Hardcoded API keys. except: pass in Python. The code works, it passes tests, but it's the kind of stuff you'd flag in a review and ask someone to fix. The numbers back this up. CodeRabbit found AI-generated PRs have 1.7x more issues than human PRs. Veracode says 45% of AI code samples contain security vulnerabilities. ESLint catches syntax issues. But nobody's catching the behavioral patterns that AI tools leave behind. So I built one. vibecheck 24 rules across JS/TS and Python. Zero config. Runs offline. Regex-based, so it's fast. npx @yuvrajangadsingh/vibecheck . src/api/routes.ts 12:5 error no-hardcoded-secrets Hardcoded secret detected 45:3 error no-empty-catch Empty catch block swallows errors 89:1 warn no-console-pollution consol