Skip to content

goklab/guardvibe

MCP Security & Auth

Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE version detection. Zero config, runs locally.

Track releases GitHub Website
TypeScript Latest v3.1.25 · 18d ago Security brief →

Features

  • Scans AI‑generated code with 422 security rules and 36 built‑in tools
  • Zero‑setup local execution via `npx guardvibe`
  • Detects vulnerable package versions from daily GHSA/OSV.dev/CISA feeds
  • Provides auto‑fix suggestions (`fix_code`) for AI agents
  • Exports SARIF reports for CI/CD integration

Recent releases

View all 101 releases →
Review required
v3.1.25 Security relevant
Dependencies Breaking upgrade

Malicious node-ipc detection + CI npm hardening

Open
Upgrade now
v3.1.23 New feature
Dependencies Breaking upgrade

dep-CVE rules + dependency hygiene

Open
No immediate action
v3.1.22 New feature

Enum recognition & mock dir support

Open
No immediate action
v3.1.20 New feature

Skip scaffold files for tRPC checks

Open
No immediate action
v3.1.19 New feature

ai-chatbot test repo

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
1
Forks
0
Languages
TypeScript JavaScript
Downloads/week
738 ↑74%
NPM Maintainers
1 Single npm maintainer
Contributors
3
TypeScript
Types included ✓
View on GitHub View on npm Homepage

Install & Platforms

Install via
npm

Similar tools

shyshlakov/pci-dss-mcp
girste/mcp-cybersec-watchdog
UPinar/contrastapi
jnMetaCode/shellward
82ch/MCP-Dandan

Alternative to

Traditional SAST Dependency Scanners

Beta — feedback welcome: [email protected]