Hi, I'm Eli.

I build Nyx, an open-source vulnerability scanner written in Rust. It does static taint analysis across 10 languages (JavaScript, TypeScript, Python, Java, Go, Ruby, PHP, Rust, C, C++) on top of an SSA IR, walks paths symbolically to produce concrete attack witnesses, and ships a local web UI so you can triage findings without sending your source anywhere.

The point of the project is a scanner that's fast, precise, and runs on a laptop. No cloud, no telemetry, no uploading your code to anyone. The 0.5 release rebuilt the taint engine on SSA, added cross-file analysis with SQLite-backed summaries, and shipped the symbolic execution layer.

Why sponsor

I'm a college student. Most of my non-class hours go to Nyx, the rest to contract work that pays the bills. Sponsorship is the most direct way to shift that ratio toward Nyx.

Concretely, more time on Nyx means:

• More language coverage and deeper rule sets per language
• Better false-positive controls (the long tail is the real work)
• Keeping the local-first, no-telemetry posture sustainable

Links

• Repo: https://github.com/elicpeter/nyx
• Docs: https://elicpeter.github.io/nyx/
• Changelog: https://github.com/elicpeter/nyx/blob/master/CHANGELOG.md