foxguard 0.3.1 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +27 -36
  2. package/bin/foxguard +6 -1
  3. package/package.json +2 -2
package/README.md CHANGED
@@ -1,52 +1,41 @@
1
1
  # foxguard
2
2
 
3
- Fast local security guard for changed files, built-in rules, and Semgrep-compatible YAML. Written in Rust.
3
+ Sub-second local security scanning for real codebases.
4
4
 
5
- This is the npm wrapper for foxguard. It downloads the correct prebuilt binary for your platform from GitHub Releases.
6
-
7
- foxguard scans JS/TS, Python, and Go with built-in security rules by default and can load a useful Semgrep-compatible YAML subset with `--rules`.
8
- Built-ins now cover local code risks like SSRF client variants, file/path traversal sinks, session/cookie misconfig, transport misconfig, and framework-specific auth issues.
9
- Current built-ins include Express/JWT/session lifecycle checks on JavaScript plus Flask/Django session, CSRF, Flask-WTF, host, redirect, and exemption hardening checks on Python.
5
+ ```sh
6
+ npx foxguard .
7
+ ```
10
8
 
11
- Use `--rules` to add external rules on top of the built-ins. Use `--no-builtins --rules ...` for an external-rules-only compatibility run.
9
+ ## Why people use it
12
10
 
13
- It also includes a dedicated `secrets` mode for common leaked credentials and private key material, with redacted output, binary-file skipping, and baseline-safe suppression data.
14
- Secrets mode also supports path-scoped excludes and per-rule ignores for fixtures, generated files, or intentionally fake tokens.
15
- foxguard can also auto-discover a repo config file such as `.foxguard.yml` for shared baselines, rule paths, and secrets defaults.
16
- The Semgrep-compatible subset also supports regex clauses like `pattern-regex` and `pattern-not-regex`.
17
- It also supports rule-level path filters like `paths.include` and `paths.exclude`.
18
- It also supports `metavariable-regex` for filtering bound metavariables in structural rules.
19
- It also supports `pattern-not-inside` for excluding safe wrapper contexts.
11
+ - Fast enough to run locally instead of waiting for CI
12
+ - Useful built-in rules out of the box across 10 languages
13
+ - Semgrep-compatible YAML subset when you already have existing rules
14
+ - JSON and SARIF output for automation
20
15
 
21
- Local-first workflow:
16
+ It scans for SQL injection, XSS, SSRF, hardcoded secrets, command injection, weak crypto, unsafe deserialization, and framework-specific mistakes.
22
17
 
23
- ```sh
24
- npx foxguard --changed .
25
- npx foxguard secrets --changed .
26
- npx foxguard baseline --output .foxguard/baseline.json
27
- npx foxguard init
28
- ```
18
+ **Languages:** JavaScript, TypeScript, Python, Go, Ruby, Java, PHP, Rust, C#, Swift
29
19
 
30
- `foxguard init` also writes a starter `.foxguard.yml` when the repo does not already have one.
20
+ ## How it works
31
21
 
32
- ## Usage
22
+ This is the npm wrapper. It downloads the correct prebuilt Rust binary for your platform from GitHub Releases and caches it locally.
33
23
 
34
24
  ```sh
35
- npx foxguard .
25
+ npx foxguard . # scan everything
26
+ npx foxguard --changed . # only modified files
27
+ npx foxguard secrets . # leaked credentials
28
+ npx foxguard --format sarif . # SARIF for GitHub Code Scanning
29
+ npx foxguard init # install pre-commit hook
36
30
  ```
37
31
 
38
- Or install globally:
39
-
40
- ```sh
41
- npm install -g foxguard
42
- foxguard .
43
- ```
32
+ ## Scope
44
33
 
45
- ## How it works
34
+ foxguard is built around fast local feedback.
46
35
 
47
- 1. If foxguard is installed via `cargo install foxguard`, the npm wrapper uses that binary directly.
48
- 2. Otherwise, it downloads the prebuilt binary for your platform from GitHub Releases.
49
- 3. The binary is cached in `node_modules/.cache/foxguard/` for subsequent runs.
36
+ - built-in rules are the default product
37
+ - Semgrep/OpenGrep-compatible YAML is the adoption bridge
38
+ - full external-rule-engine parity is intentionally out of scope
50
39
 
51
40
  ## Supported platforms
52
41
 
@@ -54,6 +43,8 @@ foxguard .
54
43
  - Linux (x64, arm64)
55
44
  - Windows (x64)
56
45
 
57
- ## Full documentation
46
+ ## More
58
47
 
59
- See the [main repository](https://github.com/peaktwilight/foxguard) for full documentation, rules reference, and configuration options.
48
+ - [GitHub](https://github.com/peaktwilight/foxguard)
49
+ - [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=peaktwilight.foxguard)
50
+ - [foxguard.dev](https://foxguard.dev)
package/bin/foxguard CHANGED
@@ -65,7 +65,12 @@ function findCargoInstall() {
65
65
  encoding: "utf8",
66
66
  }).trim();
67
67
  if (result && !result.includes("node_modules")) {
68
- return result;
68
+ // Resolve symlinks to avoid finding ourselves (the npm wrapper)
69
+ const resolved = fs.realpathSync(result);
70
+ const thisScript = fs.realpathSync(__filename);
71
+ if (resolved !== thisScript) {
72
+ return result;
73
+ }
69
74
  }
70
75
  } catch {}
71
76
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "foxguard",
3
- "version": "0.3.1",
4
- "description": "Security scanner as fast as a linter. 118 built-in rules, 10 languages, sub-second scans.",
3
+ "version": "0.3.3",
4
+ "description": "Security scanner as fast as a linter. 100+ built-in rules, 10 languages, sub-second scans.",
5
5
  "license": "MIT",
6
6
  "repository": {
7
7
  "type": "git",