guardvibe 3.0.39 → 3.0.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -378,6 +378,11 @@ export function analyzeCode(code, language, framework, filePath, configDir, rule
|
|
|
378
378
|
// for batch processing, not for serving to clients.
|
|
379
379
|
if (rule.id === "VG955" && (isBatchScriptFile || isCronRoute))
|
|
380
380
|
continue;
|
|
381
|
+
// Skip VG132 (Missing Request Body Size Limit) on Next.js route handlers and
|
|
382
|
+
// pages/api endpoints — Next.js/Vercel apply a default 4.5MB body limit at the
|
|
383
|
+
// platform layer, which is what the rule is checking for.
|
|
384
|
+
if (rule.id === "VG132" && filePath && /(?:\/route\.(?:ts|tsx|js|jsx)$|\/pages\/api\/)/i.test(filePath))
|
|
385
|
+
continue;
|
|
381
386
|
// Skip VG955 in bulk-* server actions (bulk-archive, bulk-approve, bulk-ban etc.)
|
|
382
387
|
// These intentionally process a caller-provided list of IDs.
|
|
383
388
|
if (rule.id === "VG955" && filePath && /\/bulk-[\w-]+\.(?:ts|tsx|js|jsx)$/i.test(filePath))
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.40",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 365 rules, 38 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|