guardvibe 1.3.2 → 1.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -0
- package/build/cli.js +0 -0
- package/build/index.js +1 -1
- package/package.json +4 -1
package/README.md
CHANGED
|
@@ -311,6 +311,19 @@ Tested on a real 644-file Next.js + Supabase project:
|
|
|
311
311
|
- False positive rate: **near zero** (comment/string filtering, human-readable text detection)
|
|
312
312
|
- Detection rate: **100%** on known vulnerability patterns
|
|
313
313
|
|
|
314
|
+
## Security
|
|
315
|
+
|
|
316
|
+
GuardVibe takes supply chain security seriously:
|
|
317
|
+
|
|
318
|
+
- **npm provenance** — every published version is cryptographically signed via Sigstore, linking the package to this exact GitHub repo and commit. Verify with `npm audit signatures`
|
|
319
|
+
- **2FA enabled** — npm account protected with two-factor authentication
|
|
320
|
+
- **Branch protection** — force push disabled on main, admin enforcement enabled
|
|
321
|
+
- **Tag protection** — version tags (`v*`) cannot be deleted or force-pushed
|
|
322
|
+
- **Minimal CI permissions** — GitHub Actions workflows use `permissions: contents: read` only
|
|
323
|
+
- **Zero runtime dependencies** — only MCP SDK and Zod (both widely audited)
|
|
324
|
+
|
|
325
|
+
To report a vulnerability, please email security@goklab.com or open a GitHub issue.
|
|
326
|
+
|
|
314
327
|
## License
|
|
315
328
|
|
|
316
329
|
Apache 2.0 — open source, patent-safe, enterprise-ready. Built by [GokLab](https://github.com/goklab).
|
package/build/cli.js
CHANGED
|
File without changes
|
package/build/index.js
CHANGED
|
@@ -19,7 +19,7 @@ import { builtinRules } from "./data/rules/index.js";
|
|
|
19
19
|
import { loadConfig } from "./utils/config.js";
|
|
20
20
|
const server = new McpServer({
|
|
21
21
|
name: "guardvibe",
|
|
22
|
-
version: "1.3.
|
|
22
|
+
version: "1.3.3",
|
|
23
23
|
});
|
|
24
24
|
// Tool 1: Analyze code for security vulnerabilities
|
|
25
25
|
server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "1.3.
|
|
3
|
+
"version": "1.3.3",
|
|
4
4
|
"description": "Security MCP for vibe coding. 239 rules for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -98,5 +98,8 @@
|
|
|
98
98
|
},
|
|
99
99
|
"engines": {
|
|
100
100
|
"node": ">=18.0.0"
|
|
101
|
+
},
|
|
102
|
+
"publishConfig": {
|
|
103
|
+
"provenance": true
|
|
101
104
|
}
|
|
102
105
|
}
|