PUBLIC GOOD · APACHE 2.0 · NO PAYWALL EVER

Free for the world. If it helped you, help us keep it free.

Lictor's core is open source under Apache 2.0 — free forever, no strings attached. The scanner runs on Cloudflare Workers, a domain, and the maintainer's nights and weekends. If you've used Lictor and it helped, here are the ways to give back. None of them are required. All of them are appreciated.

Money

Every option below sends 100% of your gift to Lictor's running costs — and any surplus, once the project's operational floor is covered, is donated to the OWASP Foundation. Monthly receipts published at lictor-ai.com/transparency. Lictor itself will incorporate as the Lictor Foundation in Q2 2027 and donations will move under that 501(c)(3) once it's registered.

Recommended · One-time or monthly

GitHub Sponsors

$5 / $15 / $50 / mo

The most-used OSS donation rail. GitHub takes 0% fees through 2026 (then a small platform fee). One-time gifts also supported. Best for monthly recurring.

Sponsor on GitHub →

Transparent finances

Open Collective

Any amount

Every dollar in and every dollar out is publicly visible — receipts, expenses, payouts, all of it. Best if you want to see exactly where your gift went.

Give via Open Collective →

Casual · No account needed

Buy Me a Coffee

$3 / coffee

Lowest-friction option. Pay with Apple Pay / Google Pay / card. Add a note if you want — Raffa reads every one.

Buy a coffee →

One-time · Larger gifts

Stripe one-time

$50+ suggested

Best for one-off gifts or company donations. Receipts auto-emailed (works for expense reports). USD, EUR, GBP, and major currencies.

Donate via Stripe →

Where the money goes, today:

Cloudflare Workers (Patrol + Scan engine) — ~$30/mo at projected launch volumes
Domain renewal (lictor-ai.com) — $20/yr
Buttondown (waitlist + transparency report newsletter) — $9/mo
Apple Developer cert (Studio code-signing on macOS) — $99/yr
OpenAI/Anthropic API for Bridge outreach drafting — ~$20/mo
OWASP Foundation — anything above operational floor, donated forward

Operational floor today: ~$60/mo. Anything beyond that goes to OWASP. By Q2 2027 the Lictor Foundation will be the receiving entity and donations will be tax-deductible (in the US).

Ways to help that don't cost money

Honestly, these matter more than the cash. Money runs the servers; community runs the project.

⭐ Star the repo

It's the only number that helps Lictor get discovered. Takes 4 seconds.

github.com/Raffa-jarrl/Lictor-AI →

🐛 File a false-negative

If Lictor missed a real bug in your code, it's the most valuable kind of issue we can get. We fix and credit.

Open false-negative issue →

🗣 File a voice-bug

If a Lictor finding sounded too jargony, that's a bug. Voice is the product. We rewrite and credit.

Open voice-bug issue →

🔍 Contribute a pattern

If you know a vibe-coder security pattern we haven't tuned for yet, send it. Public repo URLs in the wild are best.

Suggest a pattern →

📣 Tell a builder

Know someone shipping a Lovable / Bolt / v0 app? Send them lictor-ai.com/scan. Free, 30 seconds, no signup.

Tweet about Lictor →

💻 Write code

Rust check authors, Tauri front-end, browser-extension hackers, technical writers — all welcome. Start with good-first-issue.

Browse good-first-issues →

Why we chose donations over a paywall

The security industry is built on extracting fear-rent — selling protection at the price the market will bear when someone is panicking about a breach. We didn't want to be that. Vibe-coders are exactly the audience that gets *priced out* of every existing security tool, and that's the audience most likely to ship a bug that hurts real users.

So Lictor's core stays free. The scanner is free. The CLI is free. The skill suite is free. The browser extension is free. The standard (AUDIT.json) is free. None of that has a paywall, ever.

We pay for it three ways, in this order:

The maintainer's own work (Raffa — for now)
Donations (you, if you want — this page)
A modest commercial tier (Lictor for Teams at $19/month flat, no per-seat) for companies that need continuous monitoring + Slack integration + audit log export. Optional. The free tier already does everything an individual founder needs.

That's the model. Free for the world; voluntary giving from the people it helps; a small commercial revenue stream to fund the rest. If the world treats us back the same way we treat it, this works. So far it has.

— Raffa, May 2026

Whatever way you choose: thank you.

And if you didn't choose any of them — that's fine too. Use Lictor anyway. That's why it exists.