# Derek Ouellette, Solo Founder (ex-backend eng, 8 yrs) at Loopform.io — read of Shipcheck, May 22 2026

> Eight years writing Rails and Node at agencies, now building my first solo SaaS. Two kids under six. I ship after bedtime. I do not always remember what I shipped.

## How I got here

Searched "how to audit a Next.js app before launch" at about 11pm on a Tuesday. Third result was a Reddit thread where someone mentioned Shipcheck in a comment that had 4 upvotes. Not a top answer, just a mention. Clicked through, expected a landing page that would make me feel dumb for not using it. Got something weirder: a page that actually seemed to know what I was worried about.

## What I clicked first

The sample report. Immediately. The hero has a fake UI mockup that shows a "B-" grade and "Hardcoded API key in lib/db.ts" and I skipped past the entire above-the-fold copy to get to the real one. The real sample report is what sold me on reading the rest of the page. Specifically: "app/api/webhooks/stripe/route.ts · line 18" -- that specificity is doing a lot of work. Every other tool in this category says "your auth flow could be better" and this one names the file. That's the whole bet, and they bet it up front.

## Where I paused

The "How it works" section, step 2: "Static analysis plus a Claude-driven semantic pass that looks for things linters miss." I stopped here because I wanted to understand what that actually means in practice. Does Claude read the whole repo? What's the context window situation on 4,000 lines of code across 247 files? I have a repo with 31 files and one with 380. Are those the same scan? The 90-second claim feels calibrated for something small. I genuinely do not know what happens to my repo at scale and the page does not tell me.

## What I distrusted

"4,200+ repos scanned." That number is sitting in the hero with no date, no growth curve, no context. It could be from a ProductHunt launch two years ago. It could be from last month. It's the kind of social proof number that's supposed to make me feel like other people are using this, but it doesn't have enough specificity to actually do that job. Also the one testimonial: "Marcus T., shipped his first paid SaaS in March." No last name, no repo, no link. Marcus T. is doing the same work as "4,200+ repos" -- it's a number I can't verify attached to a person I can't find. If Marcus T. is real, Marcus T. should have a Twitter handle.

The comparison table also does the thing where you list competitors' pricing at their worst and your pricing at your best. "$25/dev/mo" for Snyk Team is their team pricing. I'm a solo dev. Snyk has a free tier. That table is not wrong, it's just selective.

## What would convince me

One thing specifically: a before/after from a real repo I can click to. Not redacted. An actual open-source project (or a founder's public repo) where Shipcheck found something embarrassing, the founder fixed it, and I can read both the report and the commit. That would take me from "this seems plausible" to "I understand exactly what I'm buying." The sample report is close but it's redacted. Redacted feels like a demo environment. A real repo with a real fix is evidence.

## What I'd ask in an email reply

1. What actually happens on step 2 when the repo is 400+ files? Does the Claude pass read the whole thing or does it sample? What does "semantic" mean at that scale?
2. The page says "public GitHub repos only for now" -- what's the timeline on private repo support, and what would that cost? Because my actual launch-day repo is private.
3. Is there a way to re-run a scan after I close findings and see a diff between scan 1 and scan 2, not just "re-scan free for 24 hours"? I want to see the delta, not start from scratch.

## Verdict: curious-enough-to-reply

Nine dollars is not a decision. The sample report is specific enough that I believe the product does something real. I want the private repo answer before I wire anything sensitive through it, but I'd send that email tonight.

---
*Memo by skeptic persona, generated 2026-05-22. Studio breaks own self-grading loop.*
