Browse

All Challenges

13 challenges across 3 categories

Red Button: Minimal Prompt, Maximum Polish

Prompt Golf
beginner

Generate a beautiful, accessible red button using the fewest prompt characters possible.

react
css
accessibility
components
prompt-engineering
styling
hover-states
beginner-friendly

Secure Login Form: Auth UI with Full Validation

Prompt Golf
intermediate

Prompt the AI to create a complete login form with validation and security best practices.

react
forms
validation
security
accessibility
state-management
ux
error-handling

Hardcoded Secrets: API Credential Exposure & Env Var Remediation

Security Audit
beginner

Find and fix hardcoded API keys and secrets in this AI-generated Express.js server.

security
node.js
express
environment-variables
secrets-management
api-keys
owasp
compliance

SQL Injection: Parameterized Query Defense Against OWASP A03

Security Audit
intermediate

Fix SQL injection vulnerabilities in this database query handler by implementing parameterized queries.

security
sql
database
postgres
input-validation
parameterized-queries
owasp
injection

XSS Attack Surface: React DOM Sanitization & dangerouslySetInnerHTML Audit

Security Audit
advanced

Find and fix cross-site scripting (XSS) vulnerabilities in this React comment system.

security
react
xss
cross-site-scripting
sanitization
owasp
dom-security
user-input

Python → Rust: Idiomatic FizzBuzz with Match & Iterators

Stack Surfer
advanced

Convert this Python FizzBuzz implementation to idiomatic Rust with identical output.

rust
python
language-conversion
algorithms
type-safety
pattern-matching
iterators
systems-programming

Todo App: CRUD State Management via Prompt Engineering

Prompt Golf
intermediate

Generate a fully functional Todo app with add, toggle, and delete using the fewest characters.

react
state-management
crud
hooks
component-design
event-handling
list-rendering
keyboard-input

React → Vue 3: Composition API Migration with ref, computed & watch

Stack Surfer
intermediate

Convert this React counter component to Vue 3 Composition API with identical behavior.

vue
react
framework-conversion
composition-api
reactivity
state-management
template-syntax
sfc

Capability-Gated Plugin Sandbox

Security Audit
advanced

Fix the security bugs in this plugin sandbox — a shallow Object.freeze, toString spoofing, and missing call-time enforcement let untrusted plugins escape their permission boundaries.

security
javascript
proxy
capabilities
sandbox
object-freeze
least-privilege
advanced

Live Module Graph: Hot-Reload Engine

Security Audit
advanced

Fix two critical bugs in this incremental hot-reload dependency graph: a missing removeEdge causes phantom dirty cascades, and the cycle-detection DFS can infinite-loop.

javascript
graphs
dependency-analysis
hot-reload
dfs
cycle-detection
algorithms
advanced

Deterministic Event Loop Simulator

Security Audit
advanced

Fix the microtask starvation bug in this virtual event loop — the tick loop executes one microtask per macrotask instead of draining the entire microtask queue first, violating the ES spec.

javascript
event-loop
promises
microtasks
macrotasks
async
es-spec
advanced

AST Codemod Engine: Safe Symbol Rename

Stack Surfer
advanced

Implement a codemod engine that safely renames JavaScript symbols using AST analysis — fixing var-hoisting scope bugs and adding conflict detection before applying patches.

javascript
ast
codemod
scope-analysis
var-hoisting
refactoring
static-analysis
advanced

Source Map Compiler: VLQ Sign Bit Bug

Security Audit
advanced

Fix the VLQ encoder's sign-bit bug — it uses two's complement instead of the VLQ sign encoding, causing all negative position deltas in source maps to decode to wrong values.

javascript
source-maps
vlq
encoding
base64
debugging
compilers
advanced