xploitscan 1.0.3 → 1.0.4

package/dist/index.js

@@ -3003,13 +3003,13 @@ function renderSarifReport(result) {
           }
         },
         results: result.findings.map((f) => {
-          const entry = {
+          const messageText = f.fix ? `${f.title}: ${f.description}
+Suggested fix: ${f.fix}` : `${f.title}: ${f.description}`;
+          return {
             ruleId: f.rule,
             ruleIndex: ruleIndex.get(f.rule) ?? 0,
             level: SEVERITY_TO_SARIF[f.severity],
-            message: {
-              text: `${f.title}: ${f.description}`
-            },
+            message: { text: messageText },
             locations: [
               {
                 physicalLocation: {
@@ -3022,10 +3022,6 @@ function renderSarifReport(result) {
               }
             ]
           };
-          if (f.fix) {
-            entry.fixes = [{ description: { text: f.fix } }];
-          }
-          return entry;
         })
       }
     ]
@@ -3596,7 +3592,7 @@ async function uninstallHookCommand() {
 var program = new Command();
 program.name("xploitscan").description(
   "AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do."
-).version("1.0.3");
+).version("1.0.4");
 program.command("scan").description("Scan a directory for security vulnerabilities").argument("[directory]", "Directory to scan", ".").option("--no-ai", "Skip AI-powered analysis").option("-f, --format <format>", "Output format: terminal, json, sarif", "terminal").option("-v, --verbose", "Show detailed output", false).option("--diff [base]", "Scan only files changed vs base branch (default: main)").option("-w, --watch", "Watch for file changes and re-scan automatically", false).action(async (directory, opts) => {
   await scanCommand(directory, {
     directory,