guardvibe 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/build/data/rules/shell.js +4 -4
- package/build/data/rules/sql.js +4 -4
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# GuardVibe
|
|
2
2
|
|
|
3
|
-
**The security MCP built for vibe coding.**
|
|
3
|
+
**The security MCP built for vibe coding.** 191 security rules covering the entire AI-generated code journey — from first line to production deployment.
|
|
4
4
|
|
|
5
5
|
Works with **Claude Code, Cursor, Gemini CLI, Codex, Windsurf**, and any MCP-compatible coding agent.
|
|
6
6
|
|
|
@@ -8,7 +8,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, Windsurf**, and any MCP-com
|
|
|
8
8
|
|
|
9
9
|
Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
|
|
10
10
|
|
|
11
|
-
- **
|
|
11
|
+
- **191 security rules** purpose-built for the stacks AI agents generate
|
|
12
12
|
- **Zero setup friction** — `npx guardvibe` and you're scanning
|
|
13
13
|
- **No account required** — runs 100% locally, no API keys, no cloud
|
|
14
14
|
- **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
|
|
@@ -121,7 +121,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
|
|
|
121
121
|
|
|
122
122
|
All scanning tools support `format: "json"` for machine-readable output.
|
|
123
123
|
|
|
124
|
-
## Security Rules (
|
|
124
|
+
## Security Rules (191 rules across 21 modules)
|
|
125
125
|
|
|
126
126
|
| Category | Rules | Coverage |
|
|
127
127
|
|----------|-------|----------|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export const shellRules = [
|
|
2
2
|
{
|
|
3
|
-
id: "
|
|
3
|
+
id: "VG530",
|
|
4
4
|
name: "Pipe to shell execution",
|
|
5
5
|
severity: "critical",
|
|
6
6
|
owasp: "A02:2025 Injection",
|
|
@@ -12,7 +12,7 @@ export const shellRules = [
|
|
|
12
12
|
compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
|
|
13
13
|
},
|
|
14
14
|
{
|
|
15
|
-
id: "
|
|
15
|
+
id: "VG531",
|
|
16
16
|
name: "Dangerous file permissions",
|
|
17
17
|
severity: "high",
|
|
18
18
|
owasp: "A01:2025 Broken Access Control",
|
|
@@ -36,7 +36,7 @@ export const shellRules = [
|
|
|
36
36
|
compliance: ["SOC2:CC7.1"],
|
|
37
37
|
},
|
|
38
38
|
{
|
|
39
|
-
id: "
|
|
39
|
+
id: "VG533",
|
|
40
40
|
name: "Password in command line",
|
|
41
41
|
severity: "critical",
|
|
42
42
|
owasp: "A07:2025 Auth Failures",
|
|
@@ -48,7 +48,7 @@ export const shellRules = [
|
|
|
48
48
|
compliance: ["SOC2:CC6.1", "PCI-DSS:Req8", "HIPAA:§164.312(a)"],
|
|
49
49
|
},
|
|
50
50
|
{
|
|
51
|
-
id: "
|
|
51
|
+
id: "VG534",
|
|
52
52
|
name: "Unsafe eval/exec in shell",
|
|
53
53
|
severity: "high",
|
|
54
54
|
owasp: "A02:2025 Injection",
|
package/build/data/rules/sql.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export const sqlRules = [
|
|
2
2
|
{
|
|
3
|
-
id: "
|
|
3
|
+
id: "VG540",
|
|
4
4
|
name: "Destructive DDL statement",
|
|
5
5
|
severity: "critical",
|
|
6
6
|
owasp: "A01:2025 Broken Access Control",
|
|
@@ -12,7 +12,7 @@ export const sqlRules = [
|
|
|
12
12
|
compliance: ["SOC2:CC6.1", "PCI-DSS:Req7"],
|
|
13
13
|
},
|
|
14
14
|
{
|
|
15
|
-
id: "
|
|
15
|
+
id: "VG541",
|
|
16
16
|
name: "Dangerous GRANT statement",
|
|
17
17
|
severity: "critical",
|
|
18
18
|
owasp: "A01:2025 Broken Access Control",
|
|
@@ -24,7 +24,7 @@ export const sqlRules = [
|
|
|
24
24
|
compliance: ["SOC2:CC6.1", "PCI-DSS:Req7", "HIPAA:§164.312(a)"],
|
|
25
25
|
},
|
|
26
26
|
{
|
|
27
|
-
id: "
|
|
27
|
+
id: "VG542",
|
|
28
28
|
name: "DELETE/UPDATE without WHERE",
|
|
29
29
|
severity: "high",
|
|
30
30
|
owasp: "A01:2025 Broken Access Control",
|
|
@@ -36,7 +36,7 @@ export const sqlRules = [
|
|
|
36
36
|
compliance: ["SOC2:CC7.1"],
|
|
37
37
|
},
|
|
38
38
|
{
|
|
39
|
-
id: "
|
|
39
|
+
id: "VG543",
|
|
40
40
|
name: "SQL comment injection / stacked queries",
|
|
41
41
|
severity: "high",
|
|
42
42
|
owasp: "A02:2025 Injection",
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "1.1.
|
|
4
|
-
"description": "Security MCP for vibe coding.
|
|
3
|
+
"version": "1.1.1",
|
|
4
|
+
"description": "Security MCP for vibe coding. 191 rules for Next.js, React Native, Expo, Firebase, Supabase, Stripe, Clerk, Prisma, Vercel, AI agents, and the full AI-generated web + mobile stack.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
7
7
|
"guardvibe": "build/index.js",
|