Lately I’ve been seeing the same pain over and over: people in Lovable, Bolt, Replit, Base44 & v0 stuck in loops, getting vague outputs, or spending hours rewriting the same prompt. I kept sharing one-off fixes in DMs and threads, but that doesn’t scale—so I pulled everything together, cleaned it up, and made a simple place to start (and improve) fast. 👉 https://vibedprompts.com What you’ll find: - 120+ reusable prompts (scaffold, CRUD, auth, UI, SEO, integrations, more) - Submit your own prompts (credit on the page) - A prompting guide with a Prompt Enhancer and Chat Debugger to improve existing prompts or fix chat loops Would love your quick feedback: - What’s missing? - Any prompts to tweak for a specific tool? - Got a great prompt to share? Drop thoughts below or post a screenshot of what you shipped! 🚀

If you’re moving your prototype (especially one built quickly with Supabase, Lovable, Bolt, or similar platforms) toward a production-grade app, security must be your top priority. Follow these practical steps and use the hands-on audit prompt below to elevate your app’s defenses. Proven Security Tips 1. Lock Down Your Backend (Supabase/Firebase Policies) Most vibe-coded apps leave their backend wide open. Anyone who can find your endpoint URL might access or modify sensitive data such as user accounts, subscriptions, or payment info. - How: Don’t rely on default settings. In Supabase, navigate to your Auth Policies and set everything to “deny all” by default. Only permit authenticated users to access their own data. - Why: Even if your frontend looks secure, an exposed backend lets anyone directly access your database. - Learn more: Supabase Row-Level Security Docs 2. Never Trust the Frontend Alone No-code and rapid-build tools sometimes generate apps that do important checks (like upgrades or edits) only in the UI. - What to do: Always assume users can inspect, alter, and resend requests. Validate every action on the backend: check logged-in status, roles, and permissions. - Why: Frontend logic can easily be bypassed. Without backend validation, anyone could break or exploit your app. 3. Keep Secrets... Secret! One common mistake is leaking environment variables or keys (accidentally committing them to Git, misconfiguring servers, etc.). - How: Restrict access to env files and secrets, especially if deploying on your own server. - Why: Exposure of these can lead to total compromise of your stack. 4. Leverage Automated Security Audits Ask AI-powered coding tools or assistants to generate an actionable security audit checklist for your exact stack, then implement and verify each suggested fix. 5. Be Wary of Platform Defaults After reviewing many apps, open REST endpoints were most prevalent with Lovable (less so with Bolt, which configures Supabase rules by default). Always double-check the security settings, even if your platform claims to “secure by default.”

Inspired by the post by @Taj Sanders , I wanted to give everyone a reminder to regularly refactor your code Over time, AI gets your code to be a mess. So you should regularly ask it to clean it up Instead of asking AI to "refactor the code", ask it to: - Eliminate dead code: “Delete unused imports, variables, and functions; point out any test files that still call them.” - Kill duplication: “Detect code blocks duplicated ⩾ 3 times across modules; create a shared utility and update call sites.” - Improve architecture: "Identify features or sections of the app that could be extracted to a separate module." You can also use these to target a specific part of the application Note: the list is not exhaustive! Let me know if you want to know more about this