guardvibe 1.9.0 → 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/tools/check-code.js +17 -0
- package/package.json +1 -1
|
@@ -218,6 +218,23 @@ function isDuplicatePair(a, b) {
|
|
|
218
218
|
return true;
|
|
219
219
|
if (a.rule.name.includes("Unsafe innerHTML") && b.rule.name.includes("XSS via innerHTML"))
|
|
220
220
|
return true;
|
|
221
|
+
// Both are auth/unprotected route rules — VG420+VG952+VG002 duplicate case
|
|
222
|
+
const authPatterns = ["Unprotected Route", "Without Authentication", "Missing authentication"];
|
|
223
|
+
const aIsAuth = authPatterns.some(p => a.rule.name.includes(p));
|
|
224
|
+
const bIsAuth = authPatterns.some(p => b.rule.name.includes(p));
|
|
225
|
+
if (aIsAuth && bIsAuth)
|
|
226
|
+
return true;
|
|
227
|
+
// Both are CORS wildcard rules — VG040+VG403+VG973 duplicate case
|
|
228
|
+
const aIsCors = a.rule.name.includes("CORS") && a.rule.name.includes("ildcard");
|
|
229
|
+
const bIsCors = b.rule.name.includes("CORS") && b.rule.name.includes("ildcard");
|
|
230
|
+
if (aIsCors && bIsCors)
|
|
231
|
+
return true;
|
|
232
|
+
// Both are admin role check rules — VG426+VG957 duplicate case
|
|
233
|
+
const adminPatterns = ["Admin", "Role Check", "Role Verification"];
|
|
234
|
+
const aIsAdmin = adminPatterns.some(p => a.rule.name.includes(p));
|
|
235
|
+
const bIsAdmin = adminPatterns.some(p => b.rule.name.includes(p));
|
|
236
|
+
if (aIsAdmin && bIsAdmin)
|
|
237
|
+
return true;
|
|
221
238
|
return false;
|
|
222
239
|
}
|
|
223
240
|
/** Check if rule A is more specific than rule B (framework rules > core rules). */
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "1.9.
|
|
3
|
+
"version": "1.9.1",
|
|
4
4
|
"description": "Security MCP for vibe coding. 277 rules, 24 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|