verification-layer 0.24.2 → 0.24.4

package/README.md

@@ -1,6 +1,6 @@
 # vlayer - HIPAA Compliance on Every Commit
 
-**Automated security scanning for healthcare applications.** 163+ detection rules that catch PHI exposures, missing encryption, and access control gaps before they reach production. HIPAA 2026 ready - 15/15 requirements covered.
+**Automated security scanning for healthcare applications.** 140+ detection rules that catch PHI exposures, missing encryption, and access control gaps before they reach production. HIPAA 2026 ready - 15/15 requirements covered.
 
 [![CI](https://github.com/Francosimon53/verification-layer/actions/workflows/ci.yml/badge.svg)](https://github.com/Francosimon53/verification-layer/actions/workflows/ci.yml)
 [![npm version](https://img.shields.io/npm/v/verification-layer)](https://www.npmjs.com/package/verification-layer)
@@ -36,7 +36,7 @@ npx vlayer scan ./src --fix
 vlayer is a CLI tool and platform that scans your codebase for HIPAA compliance issues. Built for healthcare startups and developers building applications that handle Protected Health Information (PHI).
 
 **🎯 Key Features:**
-- **163+ detection rules** across 12 categories (PHI exposure, encryption, access control, audit logging, data retention, and more)
+- **140+ detection rules** across 5 HIPAA categories (PHI exposure, encryption, access control, audit logging, data retention)
 - **HIPAA 2026 NPRM ready** - Covers all 15 new cybersecurity requirements
 - **10 training modules** with 45+ questions and SHA-256 verifiable certificates
 - **5 HIPAA templates** - IRP, BAA, NPP, Security Officer role, Physical Safeguards
@@ -62,7 +62,7 @@ vlayer is a CLI tool and platform that scans your codebase for HIPAA compliance
 
 | Plan | Price | Features |
 |------|-------|----------|
-| **Open Source** | **$0/forever** | Full scanner, CLI, 163+ rules, compliance scoring, training module, community support |
+| **Open Source** | **$0/forever** | Full scanner, CLI, 140+ rules, compliance scoring, training module, community support |
 | **Pro** | **$49/month** ($490/year) | Everything in OSS + GitHub App with PR comments, pre-commit hooks, historical scan dashboard, HIPAA document templates, team tracking (10 users), PDF audit reports, email support (48h SLA). **14-day free trial** |
 | **Enterprise** | **Custom** | Everything in Pro + custom detection rules, self-hosted deployment, SSO/RBAC integration, dedicated compliance consultant, custom training modules, audit preparation support, priority support (4h SLA). Contact: [sales@vlayer.app](mailto:sales@vlayer.app) |
 
@@ -100,7 +100,7 @@ The new HIPAA Security Rule (NPRM 2026) adds 15 cybersecurity requirements. vlay
 
 ## 📊 Detection Categories
 
-vlayer scans for **163+ security patterns** across 12 HIPAA compliance categories:
+vlayer scans for **140+ security patterns** across 5 HIPAA compliance categories:
 
 | Category | Rules | What it detects |
 |----------|-------|-----------------|
@@ -117,7 +117,7 @@ vlayer scans for **163+ security patterns** across 12 HIPAA compliance categorie
 | **Session Management** | 8 | Weak session configs, missing timeouts, insecure cookies |
 | **Third-Party Risk** | 6 | Unsafe vendor integrations, missing BAAs, unvetted third-party code |
 
-**Total: 163+ rules**
+**Total: 140+ rules**
 
 ---
 

package/dist/index.d.ts

@@ -8,4 +8,6 @@ export { calculateComplianceScore, formatScore, getScoreColor, getScoreSummary }
 export type { Finding, ScanResult, ScanOptions, Report, ReportOptions, Scanner, Severity, ComplianceCategory, Confidence, VlayerConfig, AcknowledgedFinding, ContextLine, CompiledCustomRule, CustomRuleFix, ComplianceScore, GroupedFinding, Occurrence, } from './types.js';
 export type { LoadRulesResult, RuleLoadError, CustomRuleDefinition, RulesFile } from './rules/index.js';
 export type { Baseline, BaselineEntry } from './baseline.js';
+export { scanCode } from './scan-code.js';
+export type { CodeInput, ScanCodeOptions } from './scan-code.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9G,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,MAAM,EACN,aAAa,EACb,OAAO,EACP,QAAQ,EACR,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,eAAe,EACf,cAAc,EACd,UAAU,GACX,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACxG,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC9G,YAAY,EACV,OAAO,EACP,UAAU,EACV,WAAW,EACX,MAAM,EACN,aAAa,EACb,OAAO,EACP,QAAQ,EACR,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,mBAAmB,EACnB,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,eAAe,EACf,cAAc,EACd,UAAU,GACX,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,oBAAoB,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACxG,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/index.js

@@ -5,4 +5,5 @@ export { loadBaseline, saveBaseline, applyBaseline, generateFindingHash } from '
 export { checkInlineSuppression, applyInlineSuppressions } from './suppression.js';
 export { checkAcknowledgment, applyAcknowledgments } from './acknowledgments.js';
 export { calculateComplianceScore, formatScore, getScoreColor, getScoreSummary } from './compliance-score.js';
+export { scanCode } from './scan-code.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAsB9G,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/scan-code.d.ts

@@ -0,0 +1,12 @@
+import type { ScanResult, ScanOptions } from './types.js';
+export interface CodeInput {
+    filename: string;
+    content: string;
+}
+export interface ScanCodeOptions {
+    files: CodeInput[];
+    categories?: ScanOptions['categories'];
+    minConfidence?: ScanOptions['minConfidence'];
+}
+export declare function scanCode(options: ScanCodeOptions): Promise<ScanResult>;
+//# sourceMappingURL=scan-code.d.ts.map

package/dist/scan-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-code.d.ts","sourceRoot":"","sources":["../src/scan-code.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE1D,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,UAAU,CAAC,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC;IACvC,aAAa,CAAC,EAAE,WAAW,CAAC,eAAe,CAAC,CAAC;CAC9C;AAED,wBAAsB,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC,CA+B5E"}

package/dist/scan-code.js

@@ -0,0 +1,34 @@
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as os from 'os';
+import { scan } from './scan.js';
+export async function scanCode(options) {
+    // Create temp directory
+    const tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'vlayer-api-'));
+    try {
+        // Write files to temp directory preserving structure
+        for (const file of options.files) {
+            const filePath = path.join(tmpDir, file.filename);
+            const dir = path.dirname(filePath);
+            await fs.mkdir(dir, { recursive: true });
+            await fs.writeFile(filePath, file.content, 'utf-8');
+        }
+        // Run scan on temp directory
+        const result = await scan({
+            path: tmpDir,
+            categories: options.categories,
+            minConfidence: options.minConfidence,
+        });
+        // Clean file paths — remove temp dir prefix
+        result.findings = result.findings.map(f => ({
+            ...f,
+            file: f.file.replace(tmpDir + path.sep, ''),
+        }));
+        return result;
+    }
+    finally {
+        // Always clean up temp files
+        await fs.rm(tmpDir, { recursive: true, force: true });
+    }
+}
+//# sourceMappingURL=scan-code.js.map

package/dist/scan-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan-code.js","sourceRoot":"","sources":["../src/scan-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAcjC,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAwB;IACrD,wBAAwB;IACxB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC;IAEvE,IAAI,CAAC;QACH,qDAAqD;QACrD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,6BAA6B;QAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC;YACxB,IAAI,EAAE,MAAM;YACZ,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC,CAAC;QAEH,4CAA4C;QAC5C,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC1C,GAAG,CAAC;YACJ,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;SAC5C,CAAC,CAAC,CAAC;QAEJ,OAAO,MAAM,CAAC;IAChB,CAAC;YAAS,CAAC;QACT,6BAA6B;QAC7B,MAAM,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "verification-layer",
-  "version": "0.24.2",
-  "description": "CLI tool for HIPAA compliance scanning and reporting",
+  "version": "0.24.4",
+  "description": "Open-source HIPAA compliance scanner for healthcare code. 140+ rules, 5 HIPAA categories. CLI + CI/CD + VS Code.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
@@ -49,7 +49,9 @@
     "hipaa-compliance",
     "baseline",
     "suppression",
-    "github-action"
+    "github-action",
+    "devsecops",
+    "healthtech"
   ],
   "author": "Simon Franco",
   "license": "MIT",