guardvibe 3.0.18 → 3.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/cli/hook.js +1 -1
- package/build/tools/check-code.js +8 -3
- package/package.json +1 -1
package/build/cli/hook.js
CHANGED
|
@@ -11,7 +11,7 @@ const HOOK_SCRIPT = `#!/bin/sh
|
|
|
11
11
|
echo "🔒 GuardVibe: scanning staged files..."
|
|
12
12
|
|
|
13
13
|
# Run guardvibe scan on staged files
|
|
14
|
-
RESULT=$(npx -y guardvibe
|
|
14
|
+
RESULT=$(npx -y guardvibe scan --staged 2>&1)
|
|
15
15
|
EXIT_CODE=$?
|
|
16
16
|
|
|
17
17
|
if [ $EXIT_CODE -ne 0 ]; then
|
|
@@ -5,18 +5,23 @@ import { loadIgnoreFile, isIgnored } from "../utils/ignore.js";
|
|
|
5
5
|
import { securityBanner } from "../utils/banner.js";
|
|
6
6
|
function parseSuppressionsFromCode(lines) {
|
|
7
7
|
const suppressions = [];
|
|
8
|
-
const pattern = /(?:\/\/|#|<!--)\s*guardvibe-ignore(?:-next-line)?\s*(VG\d+)
|
|
8
|
+
const pattern = /(?:\/\/|#|<!--)\s*guardvibe-ignore(?:-next-line)?\s*(VG\d+)?(?:\s.*)?(?:-->)?/i;
|
|
9
9
|
for (let i = 0; i < lines.length; i++) {
|
|
10
10
|
const match = pattern.exec(lines[i]);
|
|
11
11
|
if (!match)
|
|
12
12
|
continue;
|
|
13
13
|
const ruleId = match[1] || null;
|
|
14
14
|
const isNextLine = lines[i].includes("guardvibe-ignore-next-line");
|
|
15
|
+
const isCommentOnlyLine = /^\s*(?:\/\/|#|<!--)/.test(lines[i]);
|
|
15
16
|
if (isNextLine) {
|
|
16
|
-
suppressions.push({ line: i + 2, ruleId });
|
|
17
|
+
suppressions.push({ line: i + 2, ruleId });
|
|
18
|
+
}
|
|
19
|
+
else if (isCommentOnlyLine) {
|
|
20
|
+
suppressions.push({ line: i + 1, ruleId });
|
|
21
|
+
suppressions.push({ line: i + 2, ruleId });
|
|
17
22
|
}
|
|
18
23
|
else {
|
|
19
|
-
suppressions.push({ line: i + 1, ruleId });
|
|
24
|
+
suppressions.push({ line: i + 1, ruleId });
|
|
20
25
|
}
|
|
21
26
|
}
|
|
22
27
|
return suppressions;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.19",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 335 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|