Securie for Clerk
Clerk handles auth correctly by default, but common integration bugs (unprotected route handlers, mis-scoped webhooks, service-key leaks) still ship. Securie catches each.
Why it matters for Clerk
Install on your Clerk-integrated repo. Every route protected by Clerk is reviewed for matcher coverage.
- Next.js + Remix + Express integration coverage
- Validates clerkMiddleware matcher coverage
- Detects auth() checks missing in server actions
- Audits webhook-secret verification
Common bugs we catch in Clerk
Missing matcher on clerkMiddleware
Routes outside the matcher are unauthenticated. Securie diffs matcher globs against your app routes.
auth() called without assertion
auth() returns { userId: null } for unauthenticated requests. Server actions must check or guard.
Webhook without svix signature verification
Clerk webhooks must verify the svix signature. Missing verification = forged events.
Install in under a minute
- Install the Securie GitHub App on your Clerk-integrated repo
- Securie detects Clerk via the @clerk package
- Push any PR.
Clerk is a trademark of Clerk Inc. Securie is independent.