Is mkcert safe to use?

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • SaaSHub - Software Alternatives and Reviews
  • mkcert

    A simple zero-config tool to make locally trusted development certificates with any names you'd like.

    It kinda looks like, if the mkcert repo (or brew package) were to be compromised, an attacker could pretty easily cause your system (and every other system that subsequently uses mkcert) to trust any certificate they wanted, or literally do anything they pleased. mkcert will ask for your credentials to be able to trust the CA; but there's no guarantee the script is using those credentials for good.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts