npm - guardvibe - Versions diffs - 0.6.2 → 0.6.4 - Mend

guardvibe 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/README.md +93 -156
package/build/data/rules/core.js +13 -13
package/build/data/rules/core.js.map +1 -1
package/build/data/rules/index.d.ts.map +1 -1
package/build/data/rules/index.js +0 -6
package/build/data/rules/index.js.map +1 -1
package/build/index.js +5 -5
package/build/index.js.map +1 -1
package/build/tools/check-project.d.ts.map +1 -1
package/build/tools/check-project.js +4 -3
package/build/tools/check-project.js.map +1 -1
package/build/tools/compliance-report.d.ts.map +1 -1
package/build/tools/compliance-report.js +6 -7
package/build/tools/compliance-report.js.map +1 -1
package/build/tools/export-sarif.d.ts.map +1 -1
package/build/tools/export-sarif.js +6 -7
package/build/tools/export-sarif.js.map +1 -1
package/build/tools/scan-directory.d.ts.map +1 -1
package/build/tools/scan-directory.js +6 -8
package/build/tools/scan-directory.js.map +1 -1
package/build/tools/scan-secrets.d.ts.map +1 -1
package/build/tools/scan-secrets.js +98 -72
package/build/tools/scan-secrets.js.map +1 -1
package/build/tools/scan-staged.d.ts.map +1 -1
package/build/tools/scan-staged.js +5 -7
package/build/tools/scan-staged.js.map +1 -1
package/build/utils/config.d.ts.map +1 -1
package/build/utils/config.js +12 -14
package/build/utils/config.js.map +1 -1
package/build/utils/manifest-parser.d.ts.map +1 -1
package/build/utils/manifest-parser.js +89 -87
package/build/utils/manifest-parser.js.map +1 -1
package/build/utils/osv-client.js +1 -1
package/build/utils/osv-client.js.map +1 -1
package/package.json +2 -3
package/build/data/rules/java.d.ts +0 -3
package/build/data/rules/java.d.ts.map +0 -1
package/build/data/rules/java.js +0 -70
package/build/data/rules/java.js.map +0 -1
package/build/data/rules/php.d.ts +0 -3
package/build/data/rules/php.d.ts.map +0 -1
package/build/data/rules/php.js +0 -59
package/build/data/rules/php.js.map +0 -1
package/build/data/rules/ruby.d.ts +0 -3
package/build/data/rules/ruby.d.ts.map +0 -1
package/build/data/rules/ruby.js +0 -59
package/build/data/rules/ruby.js.map +0 -1

package/README.md CHANGED Viewed

@@ -1,61 +1,47 @@
-# GuardVibe Security
-**Security guardian for vibe-coders.** An MCP server that gives your AI coding assistant (Gemini, Claude, Cursor) real-time security knowledge.
-Stop shipping vulnerable code. GuardVibe checks your code against OWASP Top 10, scans dependencies for CVEs, and provides framework-specific security guides — all inside your AI workflow.
-## Features
-- **Code Security Analysis** — 60+ vulnerability patterns with auto-fix code snippets
-- **Directory Scanning** — Scan your entire project directly from the filesystem (A-F security score)
-- **Pre-Commit Scanning** — Scan only git-staged files before committing
-- **Secret Detection** — Pattern + entropy-based detection of leaked API keys, tokens, and credentials
-- **Dockerfile Scanning** — Detect root containers, exposed secrets, unpinned images, COPY ordering
-- **CI/CD Scanning** — GitHub Actions security: secrets in run steps, unpinned actions, permissions
-- **Terraform/IaC Scanning** — Public S3 buckets, open security groups, IAM wildcards, unencrypted storage
-- **Dependency CVE Check** — Parse lockfiles and batch-query Google's OSV database
-- **Compliance Mapping** — SOC2, PCI-DSS, HIPAA control mapping for every finding
-- **SARIF Export** — CI/CD integration with GitHub Code Scanning, GitLab, Azure DevOps
-- **Project Config** — `.guardviberc` for disabling rules, overriding severity, custom exclusions
-- **Auto-Fix Code** — Every finding includes copy-paste-ready secure code
-- **False Positive Suppression** — `// guardvibe-ignore VG001` comments
-- **14 Security Guides** — Express, Next.js, FastAPI, Django, NestJS, Hono, Supabase, tRPC, React, and more
-- **8 Languages + Dockerfile + YAML + Terraform** — JS, TS, Python, Go, Java, PHP, Ruby, and more
-- **OWASP Top 10:2025** — All rules mapped to latest standards
-- **Zero-Config Setup** — `npx guardvibe init claude`
+# GuardVibe
+**Local-first security MCP for vibe coding.** GuardVibe gives Cursor, Claude, Gemini, Codex, and other MCP-capable coding agents fast security guardrails while they generate code.
+GuardVibe is intentionally hard-focused on the stacks AI agents reach for most often in vibe coding workflows: **TypeScript, JavaScript, Python, Go, Dockerfile, YAML, and Terraform**. It skips legacy language packs so the MCP stays smaller, faster, and more consistent.
+## Why GuardVibe
+- **Hard-focused on vibe coding stacks** instead of trying to scan every language badly
+- **40+ security patterns** across application code, infra, CI, and containers
+- **Dependency CVE checks** via Google's OSV database
+- **Secret detection** with pattern matching, entropy checks, and `.gitignore` coverage
+- **Filesystem-native scanning** for full projects, staged files, compliance, and SARIF export
+- **Project-level config** with `.guardviberc`
+- **Security docs for agent workflows** covering modern web and API topics
+## Supported Surface
+- Languages: `typescript`, `javascript`, `python`, `go`
+- Infra and config: `dockerfile`, `yaml`, `terraform`
+- Supporting files: `html`, `sql`, `shell`
+- Dependency manifests: `package.json`, `package-lock.json`, `requirements.txt`, `go.mod`
 ## Quick Start
-### Auto Setup (Recommended)
+### Auto setup
 ```bash
-# Set up for your AI coding assistant
-npx guardvibe init claude    # Claude Code
-npx guardvibe init gemini    # Gemini CLI
-npx guardvibe init cursor    # Cursor / VS Code
-npx guardvibe init all       # All platforms
+npx guardvibe init claude
+npx guardvibe init gemini
+npx guardvibe init cursor
+npx guardvibe init all
 ```
-### Manual Setup
+### Manual MCP setup
+**Claude Code**
-**Claude Code:**
 ```bash
 claude mcp add guardvibe -- npx guardvibe
 ```
-**Gemini CLI** — add to `~/.gemini/settings.json`:
-```json
-{
-  "mcpServers": {
-    "guardvibe": {
-      "command": "npx",
-      "args": ["-y", "guardvibe"]
-    }
-  }
-}
-```
+**Gemini CLI** or **Cursor / VS Code**
-**Cursor / VS Code** — add to MCP settings:
 ```json
 {
   "mcpServers": {
@@ -70,193 +56,144 @@ claude mcp add guardvibe -- npx guardvibe
 ## Tools
 ### `check_code`
-Analyze a single code snippet for security vulnerabilities.
-```
-Input: { code: string, language: "javascript"|"typescript"|"python"|"go"|"java"|"php"|"ruby"|..., framework?: string }
+Analyze a single snippet for security issues.
+```text
+Input: { code: string, language: "javascript"|"typescript"|"python"|"go"|"dockerfile"|"html"|"sql"|"shell"|"yaml"|"terraform", framework?: string }
 Output: Security report with findings, severity, OWASP mapping, and fix suggestions
 ```
 ### `check_project`
-Scan multiple files and generate a project-wide security report with a score (A-F).
-```
+Scan multiple in-memory files and return a project security score.
+```text
 Input: { files: [{ path: "src/app.ts", content: "..." }, ...] }
-Output: Project security report with score, summary table, and per-file findings
+Output: Project report with score, summary, and per-file findings
 ```
 ### `get_security_docs`
-Get security best practices for a topic or framework.
-```
-Input: { topic: "express authentication" | "sql injection" | "nextjs csrf" | ... }
-Output: Markdown guide with code examples
+Return best practices for framework or vulnerability topics.
+```text
+Input: { topic: "nextjs csrf" | "express authentication" | "sql injection" | ... }
+Output: Markdown guide with examples
 ```
 ### `scan_staged`
-Scan git-staged files before committing. No input needed.
-```
-Input: {} (automatic — reads git staged files)
-Output: Pre-commit security report with A-F score
+Scan git-staged files before commit.
+```text
+Input: {}
+Output: Pre-commit report with A-F security score
 ```
 ### `scan_directory`
-Scan an entire project directory directly from the filesystem. No need to pass file contents.
-```
-Input: { path: "./src", recursive?: true, exclude?: ["vendor"] }
-Output: Project security report with A-F score, summary, and per-file findings
+Scan a project directory directly from disk.
+```text
+Input: { path: ".", recursive?: true, exclude?: ["fixtures"] }
+Output: Directory security report with score, summary, and detailed findings
 ```
 ### `scan_dependencies`
-Parse a lockfile/manifest and check all dependencies for CVEs in one batch query.
-```
-Input: { manifest_path: "package.json" }
-Supported: package.json, package-lock.json, requirements.txt, go.mod, Gemfile.lock, Cargo.lock
+Parse a supported manifest and batch-check dependencies for known CVEs.
+```text
+Input: { manifest_path: "package-lock.json" }
+Supported: package.json, package-lock.json, requirements.txt, go.mod
 Output: Vulnerability report with normalized severity and fix versions
 ```
 ### `scan_secrets`
-Detect leaked secrets, API keys, and tokens in code and config files.
-```
+Detect leaked secrets in source and config files.
+```text
 Input: { path: ".", recursive?: true }
-Output: Secret scan report with provider identification, .gitignore coverage check, entropy-based detection
+Output: Secret scan report with provider identification, entropy detection, and .gitignore coverage checks
 ```
 ### `compliance_report`
-Generate a compliance-focused report mapped to SOC2, PCI-DSS, or HIPAA controls.
-```
-Input: { path: "./src", framework: "SOC2" | "PCI-DSS" | "HIPAA" | "all" }
+Map findings to `SOC2`, `PCI-DSS`, `HIPAA`, or `all`.
+```text
+Input: { path: ".", framework: "SOC2" | "PCI-DSS" | "HIPAA" | "all" }
 Output: Findings grouped by compliance control
 ```
 ### `export_sarif`
-Export scan results in SARIF v2.1.0 format for CI/CD integration.
-```
+Export directory findings as SARIF v2.1.0.
+```text
 Input: { path: "." }
-Output: SARIF JSON (GitHub Code Scanning, GitLab, Azure DevOps compatible)
+Output: SARIF JSON for GitHub Code Scanning and compatible platforms
 ```
 ### `check_dependencies`
-Check individual packages for known CVEs via Google OSV.
-```
+Check individual packages directly against OSV.
+```text
 Input: { packages: [{ name: "lodash", version: "4.17.20", ecosystem: "npm" }] }
-Output: Vulnerability report with CVE IDs, severity, and fix versions
+Output: Vulnerability report with CVE IDs, severity, and fix guidance
 ```
-## Supported Topics
-| Topic | Coverage |
-|-------|----------|
-| OWASP Top 10 | Full 2025 reference |
-| Express.js | Helmet, CORS, rate limiting, sessions, input validation |
-| Next.js | Server Components, Server Actions, CSRF, CSP, env vars |
-| FastAPI | Pydantic, CORS, rate limiting, SQLAlchemy, auth |
-| React | XSS prevention, secure API calls, state management |
-| SQL Injection | Parameterized queries, ORMs (Prisma, Drizzle, SQLAlchemy) |
-| XSS | DOM sanitization, CSP, React escaping |
-| Authentication | bcrypt, JWT, OAuth, session security |
-| Environment Variables | .env management, Vercel, secret rotation |
-| Django | CSRF, ORM, settings, ALLOWED_HOSTS, password hashing |
-| NestJS | Guards, Helmet, ValidationPipe, rate limiting |
-| Hono | Middleware auth, CORS, zod validation, secure headers |
-| Supabase | Row Level Security, anon vs service key, auth |
-| tRPC | Input validation, auth middleware, rate limiting |
-## Security Rules (55+ patterns)
-### Core Rules (All supported languages)
-| ID | Rule | Severity | Languages |
-|----|------|----------|-----------|
-| VG001 | Hardcoded credentials | Critical | All |
-| VG003 | Cloud provider API keys (AWS, GitHub, OpenAI, Stripe) | Critical | All |
-| VG010 | SQL injection | Critical | All |
-| VG011 | Command injection | Critical | All |
-| VG014 | Dynamic code execution (eval) | Critical | JS/TS/Python/PHP/Ruby |
-| VG060 | Weak password hashing (MD5/SHA-1) | Critical | All |
-| VG040 | CORS wildcard | High | All |
-| VG030 | Missing rate limiting | Medium | All |
-### Language-Specific Rules
-| ID Range | Language | Rules |
-|----------|----------|-------|
-| VG002, VG012-VG015 | JavaScript/TypeScript | Missing auth, XSS, NoSQL injection, JWT |
-| VG005 | Python | Missing auth (FastAPI/Flask) |
-| VG110-VG115 | Go | SQL injection (fmt.Sprintf), os/exec, template.HTML, handler auth, weak hash, CORS |
-| VG120-VG125 | Java | SQL concat, Runtime.exec, JSP XSS, Spring auth, MessageDigest, @CrossOrigin |
-| VG130-VG134 | PHP | $_GET/$_POST SQL injection, shell_exec, echo XSS, md5/sha1, eval |
-| VG140-VG144 | Ruby | String interpolation SQL, backtick injection, html_safe XSS, route auth, Digest |
-| VG200-VG204 | Dockerfile | Root container, COPY ordering, latest tag, secrets in ENV, ADD vs COPY |
-| VG210-VG213 | GitHub Actions | Secrets in run steps, pull_request_target, unpinned actions, permissions |
-| VG300-VG304 | Terraform | Public S3, open security groups, unencrypted RDS, IAM wildcards, hardcoded secrets |
+## Coverage
+- Web/API issues: auth gaps, SQL injection, command injection, XSS, CORS, SSRF, weak hashing
+- Containers: root user, unpinned images, secret leakage, unsafe Dockerfile patterns
+- CI/CD: GitHub Actions permissions, unpinned actions, risky event triggers
+- Terraform: public buckets, open security groups, wildcard IAM, hardcoded secrets
+- Secrets: AWS, GitHub, OpenAI, Stripe, private keys, `NEXT_PUBLIC_*` exposures
 ## Configuration
-Create a `.guardviberc` file in your project root to customize behavior:
+Create a `.guardviberc` file in your project root:
 ```json
 {
   "rules": {
-    "disable": ["VG030", "VG042"],
-    "severity": { "VG002": "medium" }
+    "disable": ["VG030"],
+    "severity": {
+      "VG002": "medium"
+    }
   },
   "scan": {
-    "exclude": ["test/", "fixtures/"],
+    "exclude": ["fixtures/", "coverage/"],
     "maxFileSize": 1048576
   }
 }
 ```
-## Suppressing False Positives
+## Suppression
-Add `guardvibe-ignore` comments to suppress specific findings:
+GuardVibe supports inline suppression comments:
 ```javascript
-// Suppress a specific rule on this line
 const password = process.env.DB_PASSWORD; // guardvibe-ignore VG001
-// Suppress a rule on the next line
 // guardvibe-ignore-next-line VG002
-app.get('/api/health', (req, res) => res.json({ ok: true }));
-// Suppress all rules on this line
-const x = something; // guardvibe-ignore
+app.get("/api/health", (req, res) => res.json({ ok: true }));
 ```
 Supports `//`, `#`, and `<!-- -->` comment styles.
-## How It Works
-GuardVibe runs as a local MCP server (stdio transport). When your AI assistant needs security guidance, it calls GuardVibe's tools:
-1. **Writing code?** → `check_code` scans for vulnerability patterns with auto-fix
-2. **Reviewing a project?** → `scan_directory` scans your entire codebase
-3. **About to commit?** → `scan_staged` checks only staged files
-4. **Adding a package?** → `scan_dependencies` checks your lockfile for CVEs
-5. **Worried about leaks?** → `scan_secrets` detects API keys and tokens
-6. **Building Docker?** → `check_code` with language `dockerfile` scans your Dockerfile
-7. **Need guidance?** → `get_security_docs` for 14 framework guides
-No API keys needed. No cloud dependency. Runs entirely on your machine.
 ## Development
 ```bash
 git clone https://github.com/goklab/guardvibe.git
 cd guardvibe
 npm install
-npm run dev    # watch mode
-npm run build  # compile
-npm test       # run tests
-npm start      # run server
+npm run build
+npm test
 ```
 ## License

package/build/data/rules/core.js CHANGED Viewed

@@ -8,7 +8,7 @@ export const coreRules = [
         owasp: "A01:2025 Broken Access Control",
         description: "Hardcoded passwords, API keys, or secrets detected in source code.",
         pattern: /(?:secret_?key|api_?key|api_?secret|private_?key|access_?key|password|passwd|pwd|secret|token|auth_?token)\w*\s*[:=]\s*['"][^'"]{3,}['"]/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Use environment variables (process.env.SECRET) or a secrets manager. Never commit credentials to source code.",
         fixCode: "// Use environment variables instead\nconst password = process.env.DB_PASSWORD;\nconst apiKey = process.env.API_KEY;",
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "PCI-DSS:Req8", "HIPAA:§164.312(a)"],
@@ -20,7 +20,7 @@ export const coreRules = [
         owasp: "A01:2025 Broken Access Control",
         description: "Cloud provider API key or token pattern detected in source code (AWS, GitHub, OpenAI, Stripe).",
         pattern: /(?:AKIA[0-9A-Z]{16}|(?:ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,}|sk-[A-Za-z0-9]{20,}|sk_live_[A-Za-z0-9]{20,})/g,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby", "html", "shell"],
+        languages: ["javascript", "typescript", "python", "go", "html", "shell"],
         fix: "Remove hardcoded keys immediately. Use environment variables or a secrets manager (AWS Secrets Manager, Vault). Rotate any compromised keys.",
         fixCode: "// Store keys in environment variables\nconst awsKey = process.env.AWS_ACCESS_KEY_ID;\nconst githubToken = process.env.GITHUB_TOKEN;",
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3", "HIPAA:§164.312(a)"],
@@ -55,8 +55,8 @@ export const coreRules = [
         severity: "critical",
         owasp: "A02:2025 Injection",
         description: "String concatenation, template literals, or f-strings used in SQL queries. This allows SQL injection attacks.",
-        pattern: /(?:query|execute|raw|sql)\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+\s*|f"[^"]*\{|f'[^']*\{|['"][^'"]*['"]\s*%\s*|['"][^'"]*['"]\s*\.format\s*\(|['"][^'"]*['"]\s*,\s*(?:req\.|request\.|params\.|body\.|args))/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        pattern: /(?:query|execute|raw|sql|all|run|get|exec|prepare|QueryRow|QueryContext)\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+\s*|f"[^"]*\{|f'[^']*\{|['"][^'"]*['"]\s*%\s*|['"][^'"]*['"]\s*\.format\s*\(|['"][^'"]*['"]\s*,\s*(?:req\.|request\.|params\.|body\.|args))/gi,
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Use parameterized queries: db.query('SELECT * FROM users WHERE id = $1', [userId]). Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,)). Never concatenate user input into SQL strings.",
         fixCode: "// Use parameterized queries\ndb.query('SELECT * FROM users WHERE id = $1', [userId]);\n// Python: cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1", "HIPAA:§164.312(a)"],
@@ -67,8 +67,8 @@ export const coreRules = [
         severity: "critical",
         owasp: "A02:2025 Injection",
         description: "User input passed to shell command functions. This allows arbitrary command execution.",
-        pattern: /(?:exec(?:Sync)?|spawn(?:Sync)?|system|popen|subprocess\.(?:call|run|Popen))\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+|f['"][^'"]*\{|.*(?:req\.|request\.|params\.|body\.|input|argv))/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby", "shell"],
+        pattern: /(?:exec(?:Sync)?|spawn(?:Sync)?|system|popen|subprocess\.(?:call|run|Popen)|shell_exec|sh|bash)\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+|f['"][^'"]*\{|.*(?:req\.|request\.|params\.|body\.|input|argv))/gi,
+        languages: ["javascript", "typescript", "python", "go", "shell"],
         fix: "Avoid shell commands with user input. Use allowlists and input validation. Prefer spawn() with array arguments. Python: use subprocess.run([...]) with list arguments, never shell=True with user input.",
         fixCode: "// Use spawn with array arguments (no shell)\nimport { spawn } from 'child_process';\nspawn('ls', ['-la', directory]);",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
@@ -117,7 +117,7 @@ export const coreRules = [
         owasp: "A02:2025 Injection",
         description: "Dynamic code execution function detected. This can run arbitrary code and is a major security risk.",
         pattern: /\beval\s*\(/gi,
-        languages: ["javascript", "typescript", "python", "php", "ruby"],
+        languages: ["javascript", "typescript", "python"],
         fix: "Avoid dynamic code execution. Use JSON.parse() for JSON data. Use a sandboxed environment if absolutely required.",
         fixCode: "// Use JSON.parse for data\nconst data = JSON.parse(input);\n// Alternatives: use a proper parser for your data format\n// const fn = new " + "Function('x', 'return x * 2'); // only if absolutely needed",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
@@ -140,7 +140,7 @@ export const coreRules = [
         owasp: "A04:2025 Insecure Design",
         description: "Authentication or API endpoints without rate limiting are vulnerable to brute force attacks.",
         pattern: /(?:\/login|\/auth|\/api\/|\/signin|\/register|\/signup|\/forgot-password)/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Add rate limiting middleware. Express: npm install express-rate-limit. FastAPI: use slowapi. Apply stricter limits on auth endpoints (e.g. 5 requests/minute).",
         fixCode: "// Express rate limiting\nimport rateLimit from 'express-rate-limit';\napp.use('/api/', rateLimit({ windowMs: 15 * 60 * 1000, max: 100 }));",
     },
@@ -151,7 +151,7 @@ export const coreRules = [
         owasp: "A05:2025 Security Misconfiguration",
         description: "CORS configured with wildcard (*) origin allows any website to make requests to your API.",
         pattern: /(?:(?:cors|Access-Control-Allow-Origin)['"]?\]?\s*[:=(]\s*['"]?\s*\*|origin\s*:\s*['"]?\s*\*\s*['"]?|CORS_ORIGINS['"]?\]?\s*=\s*['"]?\s*\*)/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Set specific allowed origins: cors({ origin: ['https://myapp.com'] }). Never use wildcard with authentication.",
         fixCode: "// Specify allowed origins\nimport cors from 'cors';\napp.use(cors({ origin: ['https://myapp.com'] }));",
         compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
@@ -185,7 +185,7 @@ export const coreRules = [
         owasp: "A07:2025 Auth Failures",
         description: "Using MD5 or SHA-1 for password hashing. These are fast hashes, not designed for passwords.",
         pattern: /(?:md5|sha1|sha-1|createHash\s*\(\s*['"](?:md5|sha1)['"]\s*\))/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Use bcrypt, scrypt, or argon2 for password hashing. Use at least 12 salt rounds.",
         fixCode: "// Use bcrypt for password hashing\nimport bcrypt from 'bcrypt';\nconst hash = await bcrypt.hash(password, 12);\nconst valid = await bcrypt.compare(input, hash);",
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.4", "PCI-DSS:Req8.2.1", "HIPAA:§164.312(a)"],
@@ -221,7 +221,7 @@ export const coreRules = [
         owasp: "A09:2025 Logging Failures",
         description: "Logging sensitive information like passwords, tokens, or personal data.",
         pattern: /(?:console\.log|logger\.\w+|print)\s*\([^)]*(?:password|token|secret|ssn|credit.?card|api.?key)/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Never log sensitive data. Redact or mask sensitive fields before logging.",
         fixCode: "// Redact sensitive fields\nconst safeUser = { ...user, password: '[REDACTED]' };\nconsole.log('User:', safeUser);",
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req3.4", "HIPAA:§164.312(a)"],
@@ -233,7 +233,7 @@ export const coreRules = [
         owasp: "A10:2025 SSRF",
         description: "User-supplied URLs passed to fetch/request functions can be used for SSRF attacks.",
         pattern: /(?:fetch|axios|request|http\.get|urllib|requests\.get)\s*\(\s*(?:req\.|request\.|body\.|params\.|query\.|input|url|href)/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Validate and allowlist URLs before making requests. Block internal IP ranges.",
         fixCode: "// Validate URL against allowlist\nconst allowed = ['https://api.example.com'];\nconst url = new URL(input);\nif (!allowed.some(a => url.origin === a)) throw new Error('Blocked');",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
@@ -269,7 +269,7 @@ export const coreRules = [
         owasp: "A01:2025 Broken Access Control",
         description: "User input used in file paths without sanitization.",
         pattern: /(?:readFile|readFileSync|createReadStream|open|path\.join|path\.resolve)\s*\([^)]*(?:req\.|request\.|params\.|body\.|query\.)/gi,
-        languages: ["javascript", "typescript", "python", "go", "java", "php", "ruby"],
+        languages: ["javascript", "typescript", "python", "go"],
         fix: "Sanitize file paths: remove ../ sequences, verify the result is within the expected directory.",
         fixCode: "import path from 'path';\nconst safePath = path.resolve('/uploads', filename);\nif (!safePath.startsWith('/uploads/')) throw new Error('Invalid path');",
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],

package/build/data/rules/core.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL,4IAA4I;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,+GAA+G;QACpH,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAClF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gGAAgG;QAClG,OAAO,EACL,8GAA8G;QAChH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,~~KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,~~OAAO,CAAC;~~QAC/F~~,GAAG,EAAE,8IAA8I;QACnJ,OAAO,EAAE,sIAAsI;QAC/I,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oEAAoE;QACtE,OAAO,EACL,2GAA2G;QAC7G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uJAAuJ;QAC5J,OAAO,EAAE,2HAA2H;QACpI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,kEAAkE;QACpE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,GAAG,EAAE,2IAA2I;QAChJ,OAAO,EAAE,4GAA4G;QACrH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,~~iNAAiN~~;~~QACnN~~,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,6MAA6M;QAClN,OAAO,EAAE,oKAAoK;QAC7K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACpE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,wFAAwF;QACrG,OAAO,EACL,~~yLAAyL~~;~~QAC3L~~,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,~~MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,~~OAAO,CAAC;~~QACvF~~,GAAG,EAAE,0MAA0M;QAC/M,OAAO,EAAE,wHAAwH;QACjI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oFAAoF;QACtF,OAAO,EAAE,yEAAyE;QAClF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC;QAC/C,GAAG,EAAE,qIAAqI;QAC1I,6FAA6F;QAC7F,OAAO,EAAE,qJAAqJ,GAAG,+CAA+C;QAChN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EACL,qEAAqE;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mKAAmK;QACxK,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,8DAA8D;QAChE,OAAO,EACL,oGAAoG;QACtG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iIAAiI;QACtI,OAAO,EAAE,+JAA+J;QACxK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qGAAqG;QACvG,OAAO,EAAE,eAAe;QACxB,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,~~EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAChE~~,GAAG,EAAE,mHAAmH;QACxH,OAAO,EAAE,4IAA4I,GAAG,6DAA6D;QACrN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,8FAA8F;QAChG,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8FAA8F;QACnG,OAAO,EAAE,sGAAsG;KAChH;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,gKAAgK;QACrK,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,2FAA2F;QAC7F,OAAO,EACL,+IAA+I;QACjJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,gHAAgH;QACrH,OAAO,EAAE,yGAAyG;QAClH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EAAE,uFAAuF;KACjG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,yCAAyC;QAClD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oEAAoE;QACzE,OAAO,EAAE,sFAAsF;KAChG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,6FAA6F;QAC/F,OAAO,EACL,kEAAkE;QACpE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,kFAAkF;QACvF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACtF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,0FAA0F;QACnG,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,4EAA4E;QACjF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,2EAA2E;QAChF,OAAO,EAAE,oHAAoH;QAC7H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,oFAAoF;QACtF,OAAO,EACL,4HAA4H;QAC9H,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,qLAAqL;QAC9L,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,0DAA0D;QACvE,OAAO,EACL,+FAA+F;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,mHAAmH;QAC5H,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,wDAAwD;QACrE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,yFAAyF;QAC9F,OAAO,EAAE,wLAAwL;QACjM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,qDAAqD;QAClE,OAAO,EACL,iIAAiI;QACnI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,~~EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,~~CAAC;~~QAC9E~~,GAAG,EAAE,gGAAgG;QACrG,OAAO,EAAE,yJAAyJ;QAClK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kFAAkF;QACpF,OAAO,EACL,sFAAsF;QACxF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oHAAoH;QACzH,OAAO,EAAE,2NAA2N;QACpO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}
1	+ {"version":3,"file":"core.js","sourceRoot":"","sources":["../../../src/data/rules/core.ts"],"names":[],"mappings":"AAEA,6EAA6E;AAC7E,6EAA6E;AAC7E,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,oEAAoE;QACjF,OAAO,EACL,4IAA4I;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,+GAA+G;QACpH,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,mBAAmB,CAAC;KAClF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gGAAgG;QAClG,OAAO,EACL,8GAA8G;QAChH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC;QACxE,GAAG,EAAE,8IAA8I;QACnJ,OAAO,EAAE,sIAAsI;QAC/I,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oEAAoE;QACtE,OAAO,EACL,2GAA2G;QAC7G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uJAAuJ;QAC5J,OAAO,EAAE,2HAA2H;QACpI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,kEAAkE;QACpE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,GAAG,EAAE,2IAA2I;QAChJ,OAAO,EAAE,4GAA4G;QACrH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,gQAAgQ;QAClQ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,6MAA6M;QAClN,OAAO,EAAE,oKAAoK;QAC7K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACpE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EAAE,wFAAwF;QACrG,OAAO,EACL,4MAA4M;QAC9M,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC;QAChE,GAAG,EAAE,0MAA0M;QAC/M,OAAO,EAAE,wHAAwH;QACjI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,oFAAoF;QACtF,OAAO,EAAE,yEAAyE;QAClF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,MAAM,CAAC;QAC/C,GAAG,EAAE,qIAAqI;QAC1I,6FAA6F;QAC7F,OAAO,EAAE,qJAAqJ,GAAG,+CAA+C;QAChN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kHAAkH;QACpH,OAAO,EACL,qEAAqE;QACvE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mKAAmK;QACxK,OAAO,EAAE,sHAAsH;QAC/H,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,8DAA8D;QAChE,OAAO,EACL,oGAAoG;QACtG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iIAAiI;QACtI,OAAO,EAAE,+JAA+J;QACxK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qGAAqG;QACvG,OAAO,EAAE,eAAe;QACxB,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,mHAAmH;QACxH,OAAO,EAAE,4IAA4I,GAAG,6DAA6D;QACrN,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,yCAAyC;QAChD,WAAW,EACT,8FAA8F;QAChG,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8FAA8F;QACnG,OAAO,EAAE,sGAAsG;KAChH;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,6EAA6E;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gKAAgK;QACrK,OAAO,EAAE,6IAA6I;KACvJ;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,2FAA2F;QAC7F,OAAO,EACL,+IAA+I;QACjJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gHAAgH;QACrH,OAAO,EAAE,yGAAyG;QAClH,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,6DAA6D;QAC1E,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EAAE,uFAAuF;KACjG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,gDAAgD;QAC7D,OAAO,EAAE,yCAAyC;QAClD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oEAAoE;QACzE,OAAO,EAAE,sFAAsF;KAChG;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,6FAA6F;QAC/F,OAAO,EACL,kEAAkE;QACpE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,kFAAkF;QACvF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,mBAAmB,CAAC;KACtF;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,4CAA4C;QACzD,OAAO,EAAE,+CAA+C;QACxD,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,0FAA0F;QACnG,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,GAAG,EAAE,4EAA4E;QACjF,OAAO,EAAE,mKAAmK;QAC5K,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,2BAA2B;QAClC,WAAW,EACT,yEAAyE;QAC3E,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,2EAA2E;QAChF,OAAO,EAAE,oHAAoH;QAC7H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EACT,oFAAoF;QACtF,OAAO,EACL,4HAA4H;QAC9H,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,qLAAqL;QAC9L,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,0DAA0D;QACvE,OAAO,EACL,+FAA+F;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EAAE,mHAAmH;QAC5H,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,wDAAwD;QACrE,OAAO,EACL,yGAAyG;QAC3G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,yFAAyF;QAC9F,OAAO,EAAE,wLAAwL;QACjM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EAAE,qDAAqD;QAClE,OAAO,EACL,iIAAiI;QACnI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC;QACvD,GAAG,EAAE,gGAAgG;QACrG,OAAO,EAAE,yJAAyJ;QAClK,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,kFAAkF;QACpF,OAAO,EACL,sFAAsF;QACxF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oHAAoH;QACzH,OAAO,EAAE,2NAA2N;QACpO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;CACF,CAAC"}

package/build/data/rules/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;~~AAU~~/C,eAAO,MAAM,UAAU,~~qCAStB~~,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAO/C,eAAO,MAAM,UAAU,qCAMtB,CAAC"}

package/build/data/rules/index.js CHANGED Viewed

@@ -1,17 +1,11 @@
 import { coreRules } from "./core.js";
 import { goRules } from "./go.js";
-import { javaRules } from "./java.js";
-import { phpRules } from "./php.js";
-import { rubyRules } from "./ruby.js";
 import { dockerfileRules } from "./dockerfile.js";
 import { cicdRules } from "./cicd.js";
 import { terraformRules } from "./terraform.js";
 export const owaspRules = [
     ...coreRules,
     ...goRules,
-    ...javaRules,
-    ...phpRules,
-    ...rubyRules,
     ...dockerfileRules,
     ...cicdRules,
     ...terraformRules,

package/build/data/rules/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,~~SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,~~eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,GAAG,SAAS;IACZ,GAAG,OAAO;IACV,GAAG,~~SAAS;IACZ,GAAG,QAAQ;IACX,GAAG,SAAS;IACZ,GAAG,~~eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,cAAc;CAClB,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/data/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,GAAG,SAAS;IACZ,GAAG,OAAO;IACV,GAAG,eAAe;IAClB,GAAG,SAAS;IACZ,GAAG,cAAc;CAClB,CAAC"}

package/build/index.js CHANGED Viewed

@@ -14,13 +14,13 @@ import { complianceReport } from "./tools/compliance-report.js";
 import { exportSarif } from "./tools/export-sarif.js";
 const server = new McpServer({
     name: "guardvibe",
-    version: "0.6.2",
+    version: "0.6.4",
 });
 // Tool 1: Analyze code for security vulnerabilities
 server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
     code: z.string().describe("The code snippet to analyze"),
     language: z
-        .enum(["javascript", "typescript", "python", "go", "java", "php", "ruby", "dockerfile", "html", "sql", "shell", "yaml", "terraform"])
+        .enum(["javascript", "typescript", "python", "go", "dockerfile", "html", "sql", "shell", "yaml", "terraform"])
         .describe("Programming language of the code"),
     framework: z
         .string()
@@ -62,11 +62,11 @@ const packageSchema = z.object({
     name: z.string().describe("Package name (e.g. lodash, express, django)"),
     version: z.string().describe("Package version (e.g. 4.17.20)"),
     ecosystem: z
-        .enum(["npm", "PyPI", "Go", "crates.io", "Maven", "NuGet", "RubyGems"])
+        .enum(["npm", "PyPI", "Go"])
         .default("npm")
         .describe("Package ecosystem"),
 });
-server.tool("check_dependencies", "Check npm/python packages for known security vulnerabilities (CVEs) using the OSV database. Use this before adding new dependencies or to audit existing ones.", {
+server.tool("check_dependencies", "Check npm, PyPI, or Go packages for known security vulnerabilities (CVEs) using the OSV database. Use this before adding new dependencies or to audit existing ones.", {
     packages: z.preprocess((val) => {
         if (typeof val === "string") {
             try {
@@ -94,7 +94,7 @@ server.tool("scan_directory", "Scan an entire project directory for security vul
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 6: Scan manifest/lockfile for dependency vulnerabilities
-server.tool("scan_dependencies", "Parse a lockfile or manifest (package.json, requirements.txt, go.mod, Gemfile.lock, Cargo.lock) and check all dependencies for known CVEs via the OSV database. Reads the file directly.", {
+server.tool("scan_dependencies", "Parse a lockfile or manifest (package.json, package-lock.json, requirements.txt, go.mod) and check all dependencies for known CVEs via the OSV database. Reads the file directly.", {
     manifest_path: z.string().describe("Path to manifest file (e.g. 'package.json', 'requirements.txt', 'go.mod')"),
 }, async ({ manifest_path }) => {
     const results = await scanDependencies(manifest_path);

package/build/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,~~MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,~~YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;~~SACpI~~,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;IACtC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;CACxD,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,~~EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,~~CAAC,CAAC;~~SACtE~~,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,~~gKAAgK~~,~~EAChK~~;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CAClG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE;IACrC,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACxD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,~~0LAA0L~~,~~EAC1L~~;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;CAChH,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;IAC1B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,CAAC,CAAC;IACtD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC7C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACxF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAClD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;SAC7G,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,EAAE;IACtC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACrD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;CACxD,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;SAC3B,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,sKAAsK,EACtK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CAClG,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE;IACrC,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACxD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,mLAAmL,EACnL;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;CAChH,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;IAC1B,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,CAAC,CAAC;IACtD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAChF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC7C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACxF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAClD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/tools/check-project.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"check-project.d.ts","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAEA,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;~~AAgDD~~,wBAAgB,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,CAkJvD"}
1	+ {"version":3,"file":"check-project.d.ts","sourceRoot":"","sources":["../../src/tools/check-project.ts"],"names":[],"mappings":"AAEA,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAiDD,wBAAgB,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,CAkJvD"}

package/build/tools/check-project.js CHANGED Viewed

@@ -2,13 +2,14 @@ import { analyzeCode } from "./check-code.js";
 const extensionMap = {
     ".js": "javascript",
     ".jsx": "javascript",
+    ".mjs": "javascript",
+    ".cjs": "javascript",
     ".ts": "typescript",
     ".tsx": "typescript",
+    ".mts": "typescript",
+    ".cts": "typescript",
     ".py": "python",
     ".go": "go",
-    ".java": "java",
-    ".php": "php",
-    ".rb": "ruby",
     ".html": "html",
     ".sql": "sql",
     ".sh": "shell",