npm - guardvibe - Versions diffs - 0.4.0 - Mend

guardvibe 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/LICENSE +21 -0
package/README.md +205 -0
package/build/cli.d.ts +3 -0
package/build/cli.d.ts.map +1 -0
package/build/cli.js +118 -0
package/build/cli.js.map +1 -0
package/build/data/framework-guides.d.ts +8 -0
package/build/data/framework-guides.d.ts.map +1 -0
package/build/data/framework-guides.js +500 -0
package/build/data/framework-guides.js.map +1 -0
package/build/data/owasp-rules.d.ts +12 -0
package/build/data/owasp-rules.d.ts.map +1 -0
package/build/data/owasp-rules.js +469 -0
package/build/data/owasp-rules.js.map +1 -0
package/build/data/rules/core.d.ts +3 -0
package/build/data/rules/core.d.ts.map +1 -0
package/build/data/rules/core.js +245 -0
package/build/data/rules/core.js.map +1 -0
package/build/data/rules/go.d.ts +3 -0
package/build/data/rules/go.d.ts.map +1 -0
package/build/data/rules/go.js +64 -0
package/build/data/rules/go.js.map +1 -0
package/build/data/rules/index.d.ts +3 -0
package/build/data/rules/index.d.ts.map +1 -0
package/build/data/rules/index.js +13 -0
package/build/data/rules/index.js.map +1 -0
package/build/data/rules/java.d.ts +3 -0
package/build/data/rules/java.d.ts.map +1 -0
package/build/data/rules/java.js +64 -0
package/build/data/rules/java.js.map +1 -0
package/build/data/rules/php.d.ts +3 -0
package/build/data/rules/php.d.ts.map +1 -0
package/build/data/rules/php.js +54 -0
package/build/data/rules/php.js.map +1 -0
package/build/data/rules/ruby.d.ts +3 -0
package/build/data/rules/ruby.d.ts.map +1 -0
package/build/data/rules/ruby.js +54 -0
package/build/data/rules/ruby.js.map +1 -0
package/build/data/rules/types.d.ts +11 -0
package/build/data/rules/types.d.ts.map +1 -0
package/build/data/rules/types.js +2 -0
package/build/data/rules/types.js.map +1 -0
package/build/data/secret-patterns.d.ts +9 -0
package/build/data/secret-patterns.d.ts.map +1 -0
package/build/data/secret-patterns.js +87 -0
package/build/data/secret-patterns.js.map +1 -0
package/build/index.d.ts +3 -0
package/build/index.d.ts.map +1 -0
package/build/index.js +117 -0
package/build/index.js.map +1 -0
package/build/tools/check-code.d.ts +9 -0
package/build/tools/check-code.d.ts.map +1 -0
package/build/tools/check-code.js +125 -0
package/build/tools/check-code.js.map +1 -0
package/build/tools/check-deps.d.ts +8 -0
package/build/tools/check-deps.d.ts.map +1 -0
package/build/tools/check-deps.js +57 -0
package/build/tools/check-deps.js.map +1 -0
package/build/tools/check-project.d.ts +7 -0
package/build/tools/check-project.d.ts.map +1 -0
package/build/tools/check-project.js +134 -0
package/build/tools/check-project.js.map +1 -0
package/build/tools/get-security-docs.d.ts +2 -0
package/build/tools/get-security-docs.d.ts.map +1 -0
package/build/tools/get-security-docs.js +61 -0
package/build/tools/get-security-docs.js.map +1 -0
package/build/tools/scan-dependencies.d.ts +2 -0
package/build/tools/scan-dependencies.d.ts.map +1 -0
package/build/tools/scan-dependencies.js +69 -0
package/build/tools/scan-dependencies.js.map +1 -0
package/build/tools/scan-directory.d.ts +2 -0
package/build/tools/scan-directory.d.ts.map +1 -0
package/build/tools/scan-directory.js +120 -0
package/build/tools/scan-directory.js.map +1 -0
package/build/tools/scan-secrets.d.ts +11 -0
package/build/tools/scan-secrets.d.ts.map +1 -0
package/build/tools/scan-secrets.js +150 -0
package/build/tools/scan-secrets.js.map +1 -0
package/build/utils/manifest-parser.d.ts +7 -0
package/build/utils/manifest-parser.d.ts.map +1 -0
package/build/utils/manifest-parser.js +102 -0
package/build/utils/manifest-parser.js.map +1 -0
package/build/utils/osv-client.d.ts +37 -0
package/build/utils/osv-client.d.ts.map +1 -0
package/build/utils/osv-client.js +78 -0
package/build/utils/osv-client.js.map +1 -0
package/package.json +46 -0

package/build/utils/osv-client.js ADDED Viewed

@@ -0,0 +1,78 @@
+export async function queryOsv(name, version, ecosystem) {
+    const response = await fetch("https://api.osv.dev/v1/query", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            version,
+            package: { name, ecosystem },
+        }),
+        signal: AbortSignal.timeout(5000),
+    });
+    if (!response.ok) {
+        throw new Error(`OSV API error: ${response.status} ${response.statusText}`);
+    }
+    const data = (await response.json());
+    return data.vulns ?? [];
+}
+export async function queryOsvBatch(packages) {
+    const queries = packages.map(pkg => ({
+        package: { name: pkg.name, ecosystem: pkg.ecosystem },
+        version: pkg.version,
+    }));
+    const response = await fetch("https://api.osv.dev/v1/querybatch", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ queries }),
+        signal: AbortSignal.timeout(10000),
+    });
+    const results = new Map();
+    if (!response.ok)
+        return results;
+    const data = await response.json();
+    for (let i = 0; i < packages.length; i++) {
+        const key = `${packages[i].name}@${packages[i].version}`;
+        results.set(key, data.results[i]?.vulns || []);
+    }
+    return results;
+}
+export function normalizeSeverity(vuln) {
+    if (!vuln.severity || vuln.severity.length === 0)
+        return "unknown";
+    const cvss = vuln.severity.find((s) => s.type === "CVSS_V3");
+    if (!cvss)
+        return "unknown";
+    const score = parseFloat(cvss.score);
+    if (score >= 9.0)
+        return "critical";
+    if (score >= 7.0)
+        return "high";
+    if (score >= 4.0)
+        return "medium";
+    return "low";
+}
+export function formatVulnerability(vuln) {
+    const severity = normalizeSeverity(vuln);
+    const fixedVersions = [];
+    for (const affected of vuln.affected ?? []) {
+        for (const range of affected.ranges ?? []) {
+            for (const event of range.events) {
+                if (event.fixed)
+                    fixedVersions.push(event.fixed);
+            }
+        }
+    }
+    const fixInfo = fixedVersions.length > 0
+        ? `Fixed in: ${fixedVersions.join(", ")}`
+        : "No fix available yet";
+    const refUrl = vuln.references?.[0]?.url ?? "";
+    return [
+        `### ${vuln.id}`,
+        `**Severity:** ${severity}`,
+        `**Summary:** ${vuln.summary}`,
+        `**${fixInfo}**`,
+        refUrl ? `**Reference:** ${refUrl}` : "",
+    ]
+        .filter(Boolean)
+        .join("\n");
+}
+//# sourceMappingURL=osv-client.js.map

package/build/utils/osv-client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"osv-client.js","sourceRoot":"","sources":["../../src/utils/osv-client.ts"],"names":[],"mappings":"AAmBA,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,IAAY,EACZ,OAAe,EACf,SAAiB;IAEjB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO;YACP,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC7B,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,kBAAkB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;IACzD,OAAO,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;AAC1B,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAsB;IAEtB,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnC,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE;QACrD,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC,CAAC;IAEJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mCAAmC,EAAE;QAChE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;QACjC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiB,CAAC;IACzC,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,OAAO,OAAO,CAAC;IAEjC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA2C,CAAC;IAE5E,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAS;IACzC,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACnE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAClE,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,UAAU,CAAC;IACpC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,KAAK,IAAI,GAAG;QAAE,OAAO,QAAQ,CAAC;IAClC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAsB;IACxD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QAC3C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC1C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,KAAK;oBAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GACX,aAAa,CAAC,MAAM,GAAG,CAAC;QACtB,CAAC,CAAC,aAAa,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACzC,CAAC,CAAC,sBAAsB,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,OAAO,IAAI,CAAC,EAAE,EAAE;QAChB,iBAAiB,QAAQ,EAAE;QAC3B,gBAAgB,IAAI,CAAC,OAAO,EAAE;QAC9B,KAAK,OAAO,IAAI;QAChB,MAAM,CAAC,CAAC,CAAC,kBAAkB,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE;KACzC;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "guardvibe",
+  "version": "0.4.0",
+  "description": "GuardVibe — Security MCP server for vibe-coders. OWASP rules, dependency CVE checks, secret detection, and framework security guides — right inside your AI coding assistant.",
+  "type": "module",
+  "bin": {
+    "guardvibe": "./build/index.js",
+    "guardvibe-init": "./build/cli.js"
+  },
+  "files": [
+    "build"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node build/index.js",
+    "prepare": "npm run build",
+    "test": "node --import tsx --test tests/**/*.test.ts"
+  },
+  "keywords": [
+    "mcp",
+    "security",
+    "vibe-coding",
+    "owasp",
+    "vulnerability",
+    "gemini",
+    "claude",
+    "cursor",
+    "ai-security",
+    "code-audit"
+  ],
+  "author": "VibeGuard Security",
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "zod": "^3.25.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.7.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}