guardvibe 3.1.7 → 3.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -17,6 +17,7 @@ import { analyzeCrossFileTaint } from "./cross-file-taint.js";
|
|
|
17
17
|
import { analyzeAuthCoverage } from "./auth-coverage.js";
|
|
18
18
|
import { getRules } from "../utils/rule-registry.js";
|
|
19
19
|
import { loadConfig } from "../utils/config.js";
|
|
20
|
+
import { isExcludedFilename } from "../utils/constants.js";
|
|
20
21
|
// --- Core Logic ---
|
|
21
22
|
/**
|
|
22
23
|
* Compute verdict: PASS (0 critical + 0 high), WARN (high > 0), FAIL (critical > 0)
|
|
@@ -103,6 +104,8 @@ function collectJsFiles(dir, maxFiles = 200) {
|
|
|
103
104
|
}
|
|
104
105
|
if (!/\.(ts|tsx|js|jsx|mts|cts)$/.test(entry))
|
|
105
106
|
continue;
|
|
107
|
+
if (isExcludedFilename(entry))
|
|
108
|
+
continue;
|
|
106
109
|
if (stat.size > 100_000)
|
|
107
110
|
continue;
|
|
108
111
|
try {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.1.
|
|
3
|
+
"version": "3.1.8",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 390 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, +25 AI-native rules (MCP supply-chain, RAG/vector poisoning, agent loop DoS, public-prefix LLM keys, sandbox bypass). Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|