npm - guardvibe - Versions diffs - 0.6.4 → 0.7.0 - Mend

guardvibe 0.6.4 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/build/data/rules/auth.d.ts +3 -0
package/build/data/rules/auth.d.ts.map +1 -0
package/build/data/rules/auth.js +100 -0
package/build/data/rules/auth.js.map +1 -0
package/build/data/rules/database.d.ts +3 -0
package/build/data/rules/database.d.ts.map +1 -0
package/build/data/rules/database.js +100 -0
package/build/data/rules/database.js.map +1 -0
package/build/data/rules/deployment.d.ts +3 -0
package/build/data/rules/deployment.d.ts.map +1 -0
package/build/data/rules/deployment.js +192 -0
package/build/data/rules/deployment.js.map +1 -0
package/build/data/rules/index.d.ts.map +1 -1
package/build/data/rules/index.js +8 -0
package/build/data/rules/index.js.map +1 -1
package/build/data/rules/nextjs.d.ts +3 -0
package/build/data/rules/nextjs.d.ts.map +1 -0
package/build/data/rules/nextjs.js +148 -0
package/build/data/rules/nextjs.js.map +1 -0
package/build/index.js +32 -15
package/build/index.js.map +1 -1
package/build/tools/check-code.d.ts +2 -1
package/build/tools/check-code.d.ts.map +1 -1
package/build/tools/check-code.js +22 -1
package/build/tools/check-code.js.map +1 -1
package/build/tools/check-package-health.d.ts +29 -0
package/build/tools/check-package-health.d.ts.map +1 -0
package/build/tools/check-package-health.js +142 -0
package/build/tools/check-package-health.js.map +1 -0
package/build/tools/check-project.d.ts +1 -1
package/build/tools/check-project.d.ts.map +1 -1
package/build/tools/check-project.js +20 -2
package/build/tools/check-project.js.map +1 -1
package/build/tools/compliance-report.d.ts +1 -1
package/build/tools/compliance-report.d.ts.map +1 -1
package/build/tools/compliance-report.js +26 -2
package/build/tools/compliance-report.js.map +1 -1
package/build/tools/scan-dependencies.d.ts +1 -1
package/build/tools/scan-dependencies.d.ts.map +1 -1
package/build/tools/scan-dependencies.js +25 -2
package/build/tools/scan-dependencies.js.map +1 -1
package/build/tools/scan-directory.d.ts +1 -1
package/build/tools/scan-directory.d.ts.map +1 -1
package/build/tools/scan-directory.js +26 -3
package/build/tools/scan-directory.js.map +1 -1
package/build/tools/scan-secrets.d.ts +1 -1
package/build/tools/scan-secrets.d.ts.map +1 -1
package/build/tools/scan-secrets.js +10 -1
package/build/tools/scan-secrets.js.map +1 -1
package/build/tools/scan-staged.d.ts +1 -1
package/build/tools/scan-staged.d.ts.map +1 -1
package/build/tools/scan-staged.js +20 -2
package/build/tools/scan-staged.js.map +1 -1
package/build/utils/typosquat.d.ts +9 -0
package/build/utils/typosquat.d.ts.map +1 -0
package/build/utils/typosquat.js +101 -0
package/build/utils/typosquat.js.map +1 -0
package/package.json +3 -3

package/build/utils/typosquat.js ADDED Viewed

@@ -0,0 +1,101 @@
+// Popular npm packages for typosquat detection
+export const POPULAR_PACKAGES = [
+    // React ecosystem
+    "react", "react-dom", "react-router", "react-router-dom", "react-hook-form",
+    "@tanstack/react-query", "react-icons", "react-select",
+    // Next.js
+    "next", "@next/font", "@next/mdx",
+    // Vue / Svelte / Angular
+    "vue", "svelte", "nuxt", "@angular/core",
+    // State management
+    "zustand", "jotai", "redux", "@reduxjs/toolkit", "mobx", "valtio",
+    // Styling
+    "tailwindcss", "postcss", "autoprefixer", "sass", "styled-components",
+    "@emotion/react", "@emotion/styled", "clsx", "tailwind-merge",
+    // UI frameworks
+    "@radix-ui/react-dialog", "@radix-ui/react-popover", "@radix-ui/react-select",
+    "@radix-ui/react-tooltip", "@radix-ui/react-dropdown-menu",
+    "class-variance-authority", "lucide-react",
+    // Build tools
+    "typescript", "vite", "esbuild", "webpack", "turbo", "tsup", "tsx",
+    // Testing
+    "vitest", "jest", "@testing-library/react", "playwright", "cypress",
+    // HTTP / API
+    "axios", "ky", "got", "node-fetch", "undici",
+    // Validation
+    "zod", "yup", "joi", "valibot", "ajv",
+    // Database / ORM
+    "prisma", "@prisma/client", "drizzle-orm", "drizzle-kit",
+    "mongoose", "typeorm", "knex", "pg", "mysql2", "better-sqlite3",
+    // Auth
+    "@clerk/nextjs", "@clerk/clerk-sdk-node", "next-auth", "@auth/core",
+    "passport", "jsonwebtoken", "bcrypt", "bcryptjs",
+    // Supabase
+    "@supabase/supabase-js", "@supabase/ssr",
+    // Payments
+    "stripe", "@stripe/stripe-js",
+    // Email
+    "resend", "nodemailer", "@sendgrid/mail",
+    // AI
+    "ai", "@ai-sdk/react", "@ai-sdk/openai", "@ai-sdk/anthropic", "@ai-sdk/google",
+    "openai", "@anthropic-ai/sdk",
+    // Server frameworks
+    "express", "fastify", "hono", "koa",
+    // Utilities
+    "lodash", "lodash-es", "date-fns", "dayjs", "uuid", "nanoid",
+    "dotenv", "chalk", "commander", "inquirer", "ora", "execa",
+    "fs-extra", "glob", "minimatch", "semver", "debug",
+    // File handling
+    "sharp", "multer", "formidable",
+    // Logging / monitoring
+    "winston", "pino", "@sentry/nextjs",
+    // MCP
+    "@modelcontextprotocol/sdk",
+];
+export function levenshtein(a, b) {
+    const m = a.length;
+    const n = b.length;
+    const dp = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
+    for (let i = 0; i <= m; i++)
+        dp[i][0] = i;
+    for (let j = 0; j <= n; j++)
+        dp[0][j] = j;
+    for (let i = 1; i <= m; i++) {
+        for (let j = 1; j <= n; j++) {
+            if (a[i - 1] === b[j - 1]) {
+                dp[i][j] = dp[i - 1][j - 1];
+            }
+            else {
+                dp[i][j] = 1 + Math.min(dp[i - 1][j], dp[i][j - 1], dp[i - 1][j - 1]);
+            }
+        }
+    }
+    return dp[m][n];
+}
+export function detectTyposquat(name) {
+    const lower = name.toLowerCase();
+    // Exact match = not a typosquat
+    if (POPULAR_PACKAGES.includes(lower))
+        return null;
+    // Strip scope for comparison
+    const bareName = lower.startsWith("@") ? lower.split("/").pop() ?? lower : lower;
+    let bestMatch = null;
+    let bestDistance = Infinity;
+    for (const popular of POPULAR_PACKAGES) {
+        const popularBare = popular.startsWith("@") ? popular.split("/").pop() ?? popular : popular;
+        // Only compare if lengths are within 2 chars
+        if (Math.abs(bareName.length - popularBare.length) > 2)
+            continue;
+        const dist = levenshtein(bareName, popularBare);
+        if (dist > 0 && dist <= 2 && dist < bestDistance) {
+            bestDistance = dist;
+            bestMatch = popular;
+        }
+    }
+    if (!bestMatch)
+        return null;
+    // Confidence: distance 1 = 0.9, distance 2 = 0.7
+    const confidence = bestDistance === 1 ? 0.9 : 0.7;
+    return { similarTo: bestMatch, confidence };
+}
+//# sourceMappingURL=typosquat.js.map

package/build/utils/typosquat.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"typosquat.js","sourceRoot":"","sources":["../../src/utils/typosquat.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,kBAAkB;IAClB,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,kBAAkB,EAAE,iBAAiB;IAC3E,uBAAuB,EAAE,aAAa,EAAE,cAAc;IACtD,UAAU;IACV,MAAM,EAAE,YAAY,EAAE,WAAW;IACjC,yBAAyB;IACzB,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe;IACxC,mBAAmB;IACnB,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,QAAQ;IACjE,UAAU;IACV,aAAa,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB;IACrE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,EAAE,gBAAgB;IAC7D,gBAAgB;IAChB,wBAAwB,EAAE,yBAAyB,EAAE,wBAAwB;IAC7E,yBAAyB,EAAE,+BAA+B;IAC1D,0BAA0B,EAAE,cAAc;IAC1C,cAAc;IACd,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK;IAClE,UAAU;IACV,QAAQ,EAAE,MAAM,EAAE,wBAAwB,EAAE,YAAY,EAAE,SAAS;IACnE,aAAa;IACb,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ;IAC5C,aAAa;IACb,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;IACrC,iBAAiB;IACjB,QAAQ,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa;IACxD,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,gBAAgB;IAC/D,OAAO;IACP,eAAe,EAAE,uBAAuB,EAAE,WAAW,EAAE,YAAY;IACnE,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU;IAChD,WAAW;IACX,uBAAuB,EAAE,eAAe;IACxC,WAAW;IACX,QAAQ,EAAE,mBAAmB;IAC7B,QAAQ;IACR,QAAQ,EAAE,YAAY,EAAE,gBAAgB;IACxC,KAAK;IACL,IAAI,EAAE,eAAe,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,gBAAgB;IAC9E,QAAQ,EAAE,mBAAmB;IAC7B,oBAAoB;IACpB,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK;IACnC,YAAY;IACZ,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ;IAC5D,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO;IAC1D,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO;IAClD,gBAAgB;IAChB,OAAO,EAAE,QAAQ,EAAE,YAAY;IAC/B,uBAAuB;IACvB,SAAS,EAAE,MAAM,EAAE,gBAAgB;IACnC,MAAM;IACN,2BAA2B;CAC5B,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,CAAS,EAAE,CAAS;IAC9C,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACnB,MAAM,EAAE,GAAe,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC1B,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAOD,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IAEjC,gCAAgC;IAChC,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAElD,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;IAEjF,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,YAAY,GAAG,QAAQ,CAAC;IAE5B,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QAE5F,6CAA6C;QAC7C,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC;YAAE,SAAS;QAEjE,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEhD,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,GAAG,YAAY,EAAE,CAAC;YACjD,YAAY,GAAG,IAAI,CAAC;YACpB,SAAS,GAAG,OAAO,CAAC;QACtB,CAAC;IACH,CAAC;IAED,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,iDAAiD;IACjD,MAAM,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAElD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AAC9C,CAAC"}

package/package.json CHANGED Viewed

@@ -1,11 +1,11 @@
 {
   "name": "guardvibe",
-  "version": "0.6.4",
+  "version": "0.7.0",
   "description": "Local-first security MCP for vibe coding. Focused on TypeScript, JavaScript, Python, Go, Dockerfile, YAML, and Terraform.",
   "type": "module",
   "bin": {
-    "guardvibe": "./build/index.js",
-    "guardvibe-init": "./build/cli.js"
+    "guardvibe": "build/index.js",
+    "guardvibe-init": "build/cli.js"
   },
   "files": [
     "build"