Securie for Remix

Securie covers Remix's loader/action security model. Missing auth in `loader` and `action` functions, session-cookie misconfigurations, and exposed env vars are detected pre-merge.

Start free — one repoRead the guides

Why it matters for Remix

Install on your Remix repo. Securie reviews every route file's `loader` and `action` for authorization, validates session-cookie configuration, and blocks env-var leaks through `loader` responses.

  • Designed for the Remix route + loader/action model
  • Validates session-cookie options (httpOnly, secure, sameSite)
  • Detects server-only env vars accidentally returned from loaders
  • Covers Remix + Vite adapter output

Common bugs we catch in Remix

Missing auth in loader/action

Remix loaders are called on every navigation. Without an auth check, they leak data. Securie requires explicit auth in every loader/action.

Read the guide →

Session cookie missing secure flags

createCookieSessionStorage defaults are often left loose. Securie flags cookies missing httpOnly, secure, or sameSite='lax'.

Read the guide →

Server secret returned in loader data

Loaders serialize to the client. Secrets returned from them end up in the document HTML and the client bundle.

Install in under a minute

  1. Install the Securie GitHub App on your Remix repo
  2. Securie auto-detects Remix via remix.config.js / vite.config + remix plugin
  3. Push any PR. Review findings within minutes.

Remix is a project of Shopify. Securie is independent.