xploitscan 1.1.9 → 1.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/{api-RWL62YT4.js → api-62XVZKRV.js} +2 -2
- package/dist/{chunk-E2ZW662G.js → chunk-GPJLFSUZ.js} +12 -2
- package/dist/{chunk-E2ZW662G.js.map → chunk-GPJLFSUZ.js.map} +1 -1
- package/dist/index.js +5 -5
- package/dist/index.js.map +1 -1
- package/package.json +2 -2
- /package/dist/{api-RWL62YT4.js.map → api-62XVZKRV.js.map} +0 -0
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
|
|
6
6
|
**Security scanner for AI-generated code.** Find vulnerabilities before attackers do.
|
|
7
7
|
|
|
8
|
-
Built for developers shipping code via Cursor, Lovable, Bolt, Replit, and Claude Code.
|
|
8
|
+
Built for developers shipping code via Cursor, Lovable, Bolt, Replit, and Claude Code. 210 security rules. Plain-English results. Copy-paste fixes.
|
|
9
9
|
|
|
10
10
|
## Quick Start
|
|
11
11
|
|
|
@@ -17,7 +17,7 @@ No install, no config, no account required. Your code stays 100% local.
|
|
|
17
17
|
|
|
18
18
|
## What It Catches
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
210 rules across 15+ categories:
|
|
21
21
|
|
|
22
22
|
| Category | Examples | Rules |
|
|
23
23
|
|----------|---------|-------|
|
|
@@ -142,7 +142,7 @@ Scan via the web at [xploitscan.com](https://xploitscan.com):
|
|
|
142
142
|
- SOC2/ISO27001 compliance mapping
|
|
143
143
|
- Slack and Discord webhook notifications
|
|
144
144
|
|
|
145
|
-
**Free**: 5 scans/day, 30 core rules. **Indie** ($9/mo): 500 scans/month, all
|
|
145
|
+
**Free**: 5 scans/day, 30 core rules. **Indie** ($9/mo): 500 scans/month, all 210 rules, scan history. **Pro** ($19/mo): unlimited scans, all 210 rules, PDF reports, compliance mapping, webhooks, AI false-positive filter. **Team** ($99/mo): everything in Pro plus 5 seats, shared scan history, RBAC, and portfolio reports. Annual plans save 40%.
|
|
146
146
|
|
|
147
147
|
## Supported Languages
|
|
148
148
|
|
|
@@ -14,7 +14,7 @@ import {
|
|
|
14
14
|
storeToken,
|
|
15
15
|
syncUser,
|
|
16
16
|
uploadScanResults
|
|
17
|
-
} from "./chunk-
|
|
17
|
+
} from "./chunk-GPJLFSUZ.js";
|
|
18
18
|
export {
|
|
19
19
|
checkUsage,
|
|
20
20
|
clearProRulesCache,
|
|
@@ -29,4 +29,4 @@ export {
|
|
|
29
29
|
syncUser,
|
|
30
30
|
uploadScanResults
|
|
31
31
|
};
|
|
32
|
-
//# sourceMappingURL=api-
|
|
32
|
+
//# sourceMappingURL=api-62XVZKRV.js.map
|
|
@@ -45175,8 +45175,18 @@ var complianceMap = {
|
|
|
45175
45175
|
// no query depth limit
|
|
45176
45176
|
VC205: { owasp: "A04:2021", cwe: "CWE-770" },
|
|
45177
45177
|
// no query complexity limit
|
|
45178
|
-
VC206: { owasp: "A01:2021", cwe: "CWE-352" }
|
|
45178
|
+
VC206: { owasp: "A01:2021", cwe: "CWE-352" },
|
|
45179
45179
|
// Apollo csrfPrevention: false
|
|
45180
|
+
// VC207–VC208: AI/LLM data-flow
|
|
45181
|
+
VC207: { owasp: "A03:2021", cwe: "CWE-94" },
|
|
45182
|
+
// model output → code/cmd/query/fs sink
|
|
45183
|
+
VC208: { owasp: "A09:2021", cwe: "CWE-532" },
|
|
45184
|
+
// secret interpolated into LLM prompt
|
|
45185
|
+
// VC209–VC210: advisory heuristics
|
|
45186
|
+
VC209: { owasp: "A04:2021", cwe: "CWE-799" },
|
|
45187
|
+
// webhook missing idempotency
|
|
45188
|
+
VC210: { owasp: "A01:2021", cwe: "CWE-862" }
|
|
45189
|
+
// middleware matcher excludes /api
|
|
45180
45190
|
};
|
|
45181
45191
|
var consoleLogProduction = {
|
|
45182
45192
|
id: "VC097",
|
|
@@ -45886,4 +45896,4 @@ export {
|
|
|
45886
45896
|
loadCachedProRules,
|
|
45887
45897
|
clearProRulesCache
|
|
45888
45898
|
};
|
|
45889
|
-
//# sourceMappingURL=chunk-
|
|
45899
|
+
//# sourceMappingURL=chunk-GPJLFSUZ.js.map
|