vibecheck-ai 1.0.5 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -5
- package/dist/index.js +65273 -60972
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -97,14 +97,39 @@ vibecheck analyze
|
|
|
97
97
|
| Command | Description |
|
|
98
98
|
|---------|-------------|
|
|
99
99
|
| `vibecheck init` | Initialize VibeCheck in your project |
|
|
100
|
-
| `vibecheck
|
|
101
|
-
| `vibecheck
|
|
102
|
-
| `vibecheck
|
|
103
|
-
| `vibecheck
|
|
104
|
-
| `vibecheck
|
|
100
|
+
| `vibecheck scan` | Scan codebase and generate truthpack |
|
|
101
|
+
| `vibecheck check` | Run hallucination and drift detection |
|
|
102
|
+
| `vibecheck validate [file]` | Validate files against truthpack |
|
|
103
|
+
| `vibecheck ship` | Pre-deployment security checks with auto-fix |
|
|
104
|
+
| `vibecheck fix` | Apply auto-fixes for detected issues |
|
|
105
|
+
| `vibecheck report` | Generate enterprise-grade HTML/PDF reports |
|
|
106
|
+
| `vibecheck doctor` | Validate system dependencies and configuration |
|
|
105
107
|
| `vibecheck config` | View or edit configuration |
|
|
108
|
+
| `vibecheck watch` | Watch for changes and validate continuously |
|
|
106
109
|
| `vibecheck menu` | Interactive menu for all features |
|
|
107
110
|
|
|
111
|
+
### Ship Command (Pre-deployment Checks)
|
|
112
|
+
|
|
113
|
+
The `ship` command runs comprehensive security analysis before deployment:
|
|
114
|
+
|
|
115
|
+
```bash
|
|
116
|
+
# Run all pre-deployment checks
|
|
117
|
+
vibecheck ship
|
|
118
|
+
|
|
119
|
+
# Auto-fix issues before shipping
|
|
120
|
+
vibecheck ship --fix
|
|
121
|
+
|
|
122
|
+
# Force ship despite warnings
|
|
123
|
+
vibecheck ship --force
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
**Checks include:**
|
|
127
|
+
- **Ultimate Scanner** — 80+ security patterns (credentials, SQLi, XSS, SSRF, etc.)
|
|
128
|
+
- **Truthpack validation** — Routes, env vars, auth patterns
|
|
129
|
+
- **Drift detection** — Changes from verified baseline
|
|
130
|
+
- **Secrets scanning** — API keys, tokens, passwords
|
|
131
|
+
- **Code quality** — Dead code, TODO comments, debug statements
|
|
132
|
+
|
|
108
133
|
## Features
|
|
109
134
|
|
|
110
135
|
### 🎯 Truthpack Generation
|
|
@@ -127,6 +152,32 @@ Catch AI mistakes before they become bugs:
|
|
|
127
152
|
- Incorrect type assumptions
|
|
128
153
|
- Missing error handling
|
|
129
154
|
|
|
155
|
+
### 🛡️ Ultimate Security Scanner
|
|
156
|
+
|
|
157
|
+
Industry-leading security detection with **80+ patterns**:
|
|
158
|
+
|
|
159
|
+
**Credentials:**
|
|
160
|
+
- Stripe, AWS, GitHub, Google, Azure, npm tokens
|
|
161
|
+
- OpenAI, Anthropic, SendGrid, Twilio API keys
|
|
162
|
+
- Private keys, JWT secrets, database passwords
|
|
163
|
+
|
|
164
|
+
**Security Vulnerabilities:**
|
|
165
|
+
- SQL Injection, XSS, Command Injection
|
|
166
|
+
- SSRF, Path Traversal, Open Redirect
|
|
167
|
+
- CORS misconfig, Missing CSP, Clickjacking
|
|
168
|
+
- Timing attacks, Insecure cookies
|
|
169
|
+
|
|
170
|
+
**AI Hallucinations:**
|
|
171
|
+
- Fake npm packages
|
|
172
|
+
- Deprecated APIs (React 18, moment.js)
|
|
173
|
+
- Placeholder URLs (example.com, localhost)
|
|
174
|
+
- Made-up methods
|
|
175
|
+
|
|
176
|
+
**Framework-Specific:**
|
|
177
|
+
- Next.js server actions, API route auth
|
|
178
|
+
- React hooks issues, setState in render
|
|
179
|
+
- Express without Helmet, trust-proxy issues
|
|
180
|
+
|
|
130
181
|
### 🛡️ Code Firewall
|
|
131
182
|
|
|
132
183
|
Protect critical files from AI modifications:
|