devys is a real marketplace — buyers pay real money, so nothing broken or unsafe reaches them. Every upload passes two automatic checks in seconds. Here's exactly how to package your app so it clears both on the first try.
When you upload, devys runs both of these before your app can go live. Pass → it's listed instantly. Fail → you get the exact reason, so you fix it and re-submit.
A deep scan of every file — it unpacks archives layer by layer and blocks anything dangerous.
Confirms your upload is a complete, runnable app — not a broken folder with missing pieces.
Drop your .zip (or a single .html) and we'll run the real security + completeness checks right here — no account needed. The final run-test happens when you upload to a listing.
Six things. Tick them all and your app sails through.
index.html at its rootIt should run by double-clicking index.html — no build step, no install.index.html.<script src="https://…">..exe/.dmg/.sh, no installers, nothing that touches the user's files or system.README.txtOne line on what it does, one line on how to run it.Vibe-coded it with an AI? Paste this prompt with your app and it'll hand you a folder that passes both checks. Copy it, drop your code in at the bottom, done.
# Paste this into your AI (Claude, ChatGPT, Cursor…) along with your app. You are packaging a web app to sell on the devys marketplace. It must pass TWO automated checks or it can't be listed: • SAFE — a deep security scan: no executables, installers, obfuscated code, trackers, or crypto/wallet code, and nothing that touches the user's files or system. • WORKS — a functional check that opens the app and confirms it actually runs, with every file it needs included. Package my app so it passes 100%. Follow these rules exactly: 1. Ship ONE self-contained folder with an `index.html` at its root that runs by double-clicking it — no build step, no install, no server. 2. Include EVERY file the app references (JS, CSS, images, fonts). Nothing missing, no broken links. When in doubt, INLINE the CSS and JS into index.html. 3. Work fully OFFLINE. No calls to a backend, API, or external CDN. If you use a library, bundle a local copy — never <script src="https://…">. 4. 100% client-side. No executables (.exe/.dmg/.sh), no installers, and no code that reads or writes the user's files. 5. Family-friendly and digital-only. No adult content. 6. Add a short `README.txt`: what it does + "open index.html in a browser". Then output the final file tree and the full contents of every file, ready for me to zip and upload. Here is my app: [paste your code, or describe what you want it to do]
Attach your app folder to a listing in the app and hit publish.
Security + functional, in seconds. We open it, resolve every asset, and confirm it runs.
Pass and it's listed. Fail and you get the exact reason, e.g. index.html references app.js but that file isn't in the package.