guardvibe 1.8.5 → 1.8.7

package/build/tools/check-code.js

@@ -76,6 +76,19 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
         // Skip npm package rules (VG863/VG864/VG865): only apply to package.json files
         if ((rule.id === "VG863" || rule.id === "VG864" || rule.id === "VG865") && filePath && !filePath.endsWith("package.json"))
             continue;
+        // Skip server-only import rule (VG964) for files that are inherently server-only:
+        // Route Handlers (app/api/), middleware, instrumentation, next.config
+        if (rule.id === "VG964" && filePath && /(?:\/api\/|middleware\.|instrumentation\.|next\.config\.)/.test(filePath))
+            continue;
+        // Skip React Native/mobile-only rules (VG70x) in web projects:
+        // only apply when framework is react-native/expo or path suggests mobile
+        const mobileRuleIds = new Set(["VG705", "VG706", "VG707", "VG709"]);
+        if (mobileRuleIds.has(rule.id)) {
+            const isMobileContext = framework === "react-native" || framework === "expo" ||
+                (filePath && /(?:react.native|expo|\.native\.|android|ios)/i.test(filePath));
+            if (!isMobileContext)
+                continue;
+        }
         rule.pattern.lastIndex = 0;
         // Apply severity override from config
         const effectiveRule = config.rules.severity[rule.id]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "1.8.5",
+  "version": "1.8.7",
   "description": "Security MCP for vibe coding. 277 rules, 22 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {