COPPA 2.0 takes effect April 22, 2026 — penalties up to $53,088 per violation per day.

Is your code safe for kids?

Halo scans your codebase against 114 compliance rules across 10 regulatory frameworks — COPPA, UK AADC, EU DSA, and more. AST-aware analysis. AI-powered review. Two minutes to your first scan.

terminal
Copied!
Free & Open Source | 25 COPPA rules | View on GitHub
npx runhalo scan .
halo v0.4.2 — COPPA Risk Scanner
Scanning 847 files...
 
HIGH coppa-audio-007 src/lib/audio-recorder.js:26
Unauthorized Audio Recording: getUserMedia({audio: true})
Penalty: $54,540 per violation per child
MED coppa-ext-017 src/components/header.jsx:70
Unwarned External Links: Missing "You are leaving..." modal
MED coppa-ui-008 src/pages/signup.tsx:42
Missing Privacy Policy on Registration Form
───────────────────────────────────────────
3 potential issues found across 847 files
1 high · 2 medium · 0 low
100
Repos scanned
3,569
Violations found
114
Compliance rules
10
Regulatory packs

What Halo Does

Static analysis, AI-powered review, and compliance tracking — in one CLI.

Scan

Static analysis with AST-aware intelligence. Halo understands your code's context, traces data flows, and recognizes framework-specific patterns. Next.js, Django, and Rails profiles built in.

Review

AI-powered compliance review by the Halo Review Board. Every violation is assessed by Claude Sonnet with clinical evidence from peer-reviewed developmental psychology research. True positives confirmed. False positives suppressed.

Track

Compliance posture scoring from A+ to F. Track your grade over time. Get regression alerts when new violations appear. Generate PDF compliance reports for audits and board presentations.

10 packs. 114 rules. The regulations that matter.

Pack Rules Jurisdiction
COPPA 2.0 25 US Federal
UK Age Appropriate Design Code 15 United Kingdom
EU Digital Services Act 10 European Union
California AADCA 15 US State
Australia Online Safety Act 12 AU Federal
Australia Safety by Design 6 AU Federal
Utah SB142 5 US State
AI-Generated Code Audit 6 International
Ethical Design Standards 5 International
EU AI Act (Children) 15 European Union

New packs ship regularly. Custom rule development available for Enterprise.

We scanned 100 repos. Here's what we found.

100 public repositories. 1.5M+ combined GitHub stars. Apps and platforms that children use every day.

3,569 violations. Average: 35+ per repo.

Top violation categories

Data collection without consent 31%
Dark patterns & manipulative design 24%
Missing age verification 18%
Behavioral tracking 15%
Retention & deletion gaps 8%
Missing parental controls 4%

Theoretical penalty exposure across all 100 repos: $189M per day.

How It Works

Three steps. No signup. No config.

1

Run the scan

npx runhalo scan .

No signup. No config. Results in under two minutes.

2

Review findings

Every finding includes the regulation cited, severity level, developmental context, and a fix suggestion. AST-aware analysis suppresses false positives automatically.

3

Ship with confidence

Add Halo to your CI/CD pipeline. GitHub Action runs on every PR. VS Code extension flags issues in real time. Compliance tracking keeps your grade current.

Built for engineers, not lawyers.

CLI

npx runhalo scan . in any directory. Supports JS, TS, Python, Ruby, Go, Java, Swift.

GitHub Action

One YAML block. Compliance checks on every PR before merge.

VS Code Extension

Real-time scanning with AST intelligence. Version 0.4.2 on the marketplace.

AI Review Board

--review-board flag for AI-powered violation assessment with clinical evidence citations.

.halorc.json

Configure framework profiles, pack selection, severity thresholds, and ignore paths.

Reports

JSON, SARIF, HTML, and PDF output. Enterprise-grade compliance documentation.

Simple, Transparent Pricing

Start scanning for free. Upgrade when your team needs more.

Free

$0 /forever

For individual developers and open source projects.

  • 5 scans per day
  • 25 COPPA 2.0 rules
  • CLI + VS Code extension
  • GitHub Action
  • Text + JSON output
  • .halorc.json config
Get Started
Most Popular

Pro

$29 /month

For teams building products children use.

  • Unlimited scans
  • All 114 rules, all 10 packs
  • AI Review Board (Sonnet-powered)
  • AST-aware analysis + framework profiles
  • Compliance posture scoring (A+ to F)
  • PDF compliance reports
  • SARIF + HTML output
  • Regression alerts
  • Priority support

Enterprise

Custom

For regulated industries, government, and large teams.

  • Everything in Pro
  • Custom rule development
  • Dedicated onboarding
  • SLA + priority support
  • Team management
  • API access
  • Audit-ready documentation
Contact Us

All plans include the open-source CLI. Cancel anytime.

FAQ

When does COPPA 2.0 take effect?
April 22, 2026. The age threshold is extended to under 17. Penalties up to $53,088 per violation per day.
Is Halo free?
Yes. 5 scans per day with 25 COPPA rules, completely free. Pro ($29/mo) unlocks all 114 rules across 10 packs, plus the AI Review Board, compliance scoring, and PDF reports.
What does Halo scan for?
COPPA violations, dark patterns, data collection risks, missing consent flows, tracking, age verification gaps, retention issues, and ethical design concerns — across 10 regulatory frameworks covering US, UK, EU, and Australian law.
How is Halo different from Semgrep or Snyk?
They scan for security vulnerabilities. Halo scans for children's regulatory compliance. Different problem. Complementary, not replacement.
What frameworks does Halo support?
JS, TS, Python, Ruby, Go, Java, Swift. Built-in profiles for Next.js, Django, and Rails.
What is the AI Review Board?
A Pro feature. Each violation is assessed by Claude Sonnet with clinical evidence from peer-reviewed developmental psychology research. Confirms true positives. Suppresses false positives.

Find out where you stand.

Two minutes. Free. Before the FTC finds out for you.

Stay updated on new rule packs, framework support, and compliance intelligence.