npm - diffprism - Versions diffs - 0.11.2 → 0.12.1 - Mend

diffprism 0.11.2 → 0.12.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/bin.js +2 -2
package/dist/{chunk-Z6JCMILV.js → chunk-LOX6GE37.js} +64 -1
package/dist/mcp-server.js +2 -2
package/package.json +1 -1
package/ui-dist/assets/{index-BNkJBAwp.js → index-CpWq5K0r.js} +53 -53
package/ui-dist/assets/index-GiCSAMgl.css +1 -0
package/ui-dist/index.html +2 -2
package/ui-dist/assets/index-DI7hAuU3.css +0 -1

package/dist/bin.js CHANGED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   startReview
-} from "./chunk-Z6JCMILV.js";
+} from "./chunk-LOX6GE37.js";
 // cli/src/index.ts
 import { Command } from "commander";
@@ -254,7 +254,7 @@ async function setup(flags) {
 // cli/src/index.ts
 var program = new Command();
-program.name("diffprism").description("Local-first code review tool for agent-generated changes").version(true ? "0.11.2" : "0.0.0-dev");
+program.name("diffprism").description("Local-first code review tool for agent-generated changes").version(true ? "0.12.1" : "0.0.0-dev");
 program.command("review [ref]").description("Open a browser-based diff review").option("--staged", "Review staged changes").option("--unstaged", "Review unstaged changes").option("-t, --title <title>", "Review title").option("--dev", "Use Vite dev server with HMR instead of static files").action(review);
 program.command("serve").description("Start the MCP server for Claude Code integration").action(serve);
 program.command("setup").description("Configure DiffPrism for Claude Code integration").option("--global", "Install skill globally (~/.claude/skills/)").option("--force", "Overwrite existing configuration files").action(setup);

package/dist/{chunk-Z6JCMILV.js → chunk-LOX6GE37.js} RENAMED Viewed

@@ -597,6 +597,67 @@ function detectPatterns(files) {
   results.sort((a, b) => a.file.localeCompare(b.file) || a.line - b.line);
   return results;
 }
+var SECURITY_MATCHERS = [
+  {
+    pattern: "eval",
+    severity: "critical",
+    test: (l) => /\beval\s*\(/.test(l)
+  },
+  {
+    pattern: "inner_html",
+    severity: "warning",
+    test: (l) => /\.innerHTML\b|dangerouslySetInnerHTML/.test(l)
+  },
+  {
+    pattern: "sql_injection",
+    severity: "critical",
+    test: (l) => /`[^`]*\b(SELECT|INSERT|UPDATE|DELETE)\b/i.test(l) || /\b(SELECT|INSERT|UPDATE|DELETE)\b[^`]*\$\{/i.test(l)
+  },
+  {
+    pattern: "exec",
+    severity: "critical",
+    test: (l) => /child_process/.test(l) || /\bexec\s*\(/.test(l) || /\bexecSync\s*\(/.test(l)
+  },
+  {
+    pattern: "hardcoded_secret",
+    severity: "critical",
+    test: (l) => /\b(token|secret|api_key|apikey|password|passwd|credential)\s*=\s*["']/i.test(l)
+  },
+  {
+    pattern: "insecure_url",
+    severity: "warning",
+    test: (l) => /http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0)/.test(l)
+  }
+];
+function detectSecurityPatterns(files) {
+  const results = [];
+  for (const file of files) {
+    for (const hunk of file.hunks) {
+      for (const change of hunk.changes) {
+        if (change.type !== "add") continue;
+        for (const matcher of SECURITY_MATCHERS) {
+          if (matcher.test(change.content)) {
+            results.push({
+              file: file.path,
+              line: change.lineNumber,
+              pattern: matcher.pattern,
+              content: change.content.trim(),
+              severity: matcher.severity
+            });
+          }
+        }
+      }
+    }
+  }
+  results.sort((a, b) => {
+    const severityOrder = { critical: 0, warning: 1 };
+    const aSev = severityOrder[a.severity];
+    const bSev = severityOrder[b.severity];
+    if (aSev !== bSev) return aSev - bSev;
+    return a.file.localeCompare(b.file) || a.line - b.line;
+  });
+  return results;
+}
 // packages/analysis/src/index.ts
 function analyze(diffSet) {
@@ -609,7 +670,9 @@ function analyze(diffSet) {
   const summary = generateSummary(files);
   const complexity = computeComplexityScores(files);
   const testCoverage = detectTestCoverageGaps(files);
-  const patterns = detectPatterns(files);
+  const codePatterns = detectPatterns(files);
+  const securityPatterns = detectSecurityPatterns(files);
+  const patterns = [...securityPatterns, ...codePatterns];
   return {
     summary,
     triage,

package/dist/mcp-server.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import {
   startReview
-} from "./chunk-Z6JCMILV.js";
+} from "./chunk-LOX6GE37.js";
 // packages/mcp-server/src/index.ts
 import fs from "fs";
@@ -11,7 +11,7 @@ import { z } from "zod";
 async function startMcpServer() {
   const server = new McpServer({
     name: "diffprism",
-    version: true ? "0.11.2" : "0.0.0-dev"
+    version: true ? "0.12.1" : "0.0.0-dev"
   });
   server.tool(
     "open_review",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "diffprism",
-  "version": "0.11.2",
+  "version": "0.12.1",
   "type": "module",
   "description": "Local-first code review tool for agent-generated code changes",
   "bin": {