I'm 21, spent a year building a backend code generator, found 57 security vulnerabilities in my own output. Honest feedback needed.
I'm 21, solo developer from India. For the past year I've been
building a CLI tool that generates Node.js/Express backends from
plain English descriptions — with auth, Supabase, Stripe,
WebSockets, admin panel, the whole stack.
Last week I audited what it actually generates. An UberEats clone
output had:
- 57 routes with zero authentication
- 140 SQL queries with no tenant isolation
- 15 hard DELETEs on user data (no soft delete)
- 0 XSS protection
I built a "Security Gate" that catches and auto-fixes all of
these before the code ships. Now the output passes 11 security
rules automatically.
But I'm questioning everything:
- Claude/Cursor can generate backends for $19-99/month
- Security scanners like Snyk/Semgrep already exist
- I have zero users after a year
Before I spend another month on this, I want honest feedback
from working developers:
Would you use a tool that generates a full backend
(auth, payments, admin, websockets, SDKs) from one sentence?
Is the security gate actually valuable or is it table stakes?
What would you actually pay for this (if anything)?
Here's a generated output you can browse:
[github link to your demo repo]
Roast me. I'd rather hear the truth now than after another
6 months.