Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lintliot.com/llms.txt

Use this file to discover all available pages before exploring further.

LintLiot is a security platform built for indie developers and small teams who ship fast and don’t have a dedicated security engineer. One command — npx lintliot init — protects your entire application across every layer: your code, your runtime, your data, your users’ identities, and your compliance posture. Everything feeds into a single number on your dashboard: your Security Score.

The six protection layers

LintLiot is structured in six concentric layers. Each layer provides complete protection at its level. Together they cover every attack surface of a modern web application. 
┌─────────────────────────────────────────────────────────────┐
│  Layer 6 — NETWORK: Global Threat Intelligence Network      │
│  ┌───────────────────────────────────────────────────────┐  │
│  │  Layer 5 — COMPLIANCE: Security Certificate           │  │
│  │  ┌─────────────────────────────────────────────────┐  │  │
│  │  │  Layer 4 — CAMERAS: 24/7 Monitoring             │  │  │
│  │  │  ┌───────────────────────────────────────────┐  │  │  │
│  │  │  │  Layer 3 — LOCKS: Identity & Access       │  │  │  │
│  │  │  │  ┌─────────────────────────────────────┐  │  │  │  │
│  │  │  │  │  Layer 2 — WALLS: Threat Blocking   │  │  │  │  │
│  │  │  │  │  ┌───────────────────────────────┐  │  │  │  │  │
│  │  │  │  │  │  Layer 1 — FOUNDATION: SDK    │  │  │  │  │  │
│  │  │  │  │  │  Install once. Always on.     │  │  │  │  │  │
│  │  │  │  │  └───────────────────────────────┘  │  │  │  │  │
│  │  │  │  └─────────────────────────────────────┘  │  │  │  │
│  │  │  └───────────────────────────────────────────┘  │  │  │
│  │  └─────────────────────────────────────────────────┘  │  │
│  └───────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────┘

Layer 1 — Foundation

The SDK wraps your entire request lifecycle at the framework level. Every request — before routing, before your code — passes through LintLiot first. It detects your framework automatically during npx lintliot init and inserts itself in the correct place.

Layer 2 — The Walls

Real-time threat blocking stops attacks before they reach your application code. This includes a WAF with 150+ rules (SQLi, XSS, SSRF, path traversal, and more), bot detection across 12 browser signals, baseline-relative rate limiting, and account takeover prevention including impossible travel detection and session fingerprinting.

Layer 3 — The Locks

Automatic route sensitivity detection applies the right protection level to sensitive endpoints like /admin*, /payment*, and /export* — regardless of whether your application code adds its own checks. You also get an explicit permission system (lintliot.can('permission')) for routes where you want fine-grained control.

Layer 4 — The Cameras

LintLiot monitors everything and alerts you when something needs attention, without requiring you to check a dashboard. Critical events — active attacks, impossible travel, credential stuffing — trigger an immediate push notification. Daily digests summarize what was blocked overnight. You never need to set up monitoring rules.

Layer 5 — Compliance

Every security event LintLiot records is simultaneously evidence mapped to specific compliance controls for SOC 2, GDPR, HIPAA, PCI-DSS v4.0, and ISO 27001. You can generate a compliance PDF in 30 seconds, or share a live public Security Certificate page at lintliot.com/verify/[your-app] — useful for closing enterprise deals.

Layer 6 — The Network

Every LintLiot-protected app contributes anonymized threat data to a shared intelligence network. An IP that attacks one app is blocked across all apps within 60 seconds. New CVEs affecting your dependencies trigger an alert before most developers have heard about them. The network gets smarter as it grows.

Who it’s for

LintLiot is designed for:
  • Indie founders and solo developers shipping production apps without a security background
  • Small teams who want enterprise-grade protection without enterprise-grade complexity or price
  • Vibe coders using AI tools like Cursor, v0, or Bolt — who may be shipping apps faster than security can keep up
If you’re paying 200/monthforCloudflareWAFconfigurationyoudontunderstand,oryouveneverheardofVantas200/month for Cloudflare WAF configuration you don't understand, or you've never heard of Vanta's 15,000/year compliance product, LintLiot was built for you.

Start here

Quick start

Install LintLiot and send your first protected request in under 5 minutes.

How it works

Understand the 7-day learning mode, request lifecycle, and security score.

SDK reference

Integrate with Next.js, Express, Fastify, Koa, and more.

Security score

Learn how your 0–100 score is calculated and how to improve it.