Skip to content
Release history
goklab/guardvibe releases
Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE version detection. Zero config, runs locally.
Review required
v3.1.25
Security relevant
·
Dependencies
Breaking upgrade
Malicious node-ipc detection + CI npm hardening
No immediate action
v3.1.24
Maintenance
·
Routine maintenance and dependency updates.
Upgrade now
v3.1.23
New feature
·
Dependencies
Breaking upgrade
dep-CVE rules + dependency hygiene
No immediate action
v3.1.22
New feature
·
Enum recognition & mock dir support
No immediate action
v3.1.21
Maintenance
·
Rule exclusions + file‑type expansions
No immediate action
v3.1.20
New feature
·
Skip scaffold files for tRPC checks
No immediate action
v3.1.19
New feature
·
ai-chatbot test repo
Review required
v3.1.18
Bug fix
·
RCE / SSRF
Prototype pollution read‑access fix
Review required
v3.1.17
Breaking risk
·
Auth
Explicit return token required
Config change
v3.1.16
Breaking risk
·
Auth
Credential‑required connection strings
Review required
v3.1.15
Bug fix
·
RCE / SSRF
Tagged‑template query handling
Review required
v3.1.14
Security relevant
·
Auth
RCE / SSRF
React CVE-2025-55182
No immediate action
v3.1.13
New feature
·
VG012 context‑aware skips
Review required
v3.1.12
Maintenance
·
RCE / SSRF
Routine maintenance and dependency updates.
Review required
v3.1.11
Bug fix
·
RCE / SSRF
SSRF pattern refinement
Review required
v3.1.10
New feature
·
Auth
Dependencies
VG106 secret comparison
No immediate action
v3.1.9
Bug fix
·
Middleware matcher fix
No immediate action
v3.1.8
Bug fix
·
Taint walker excludes minified bundles
Review required
v3.1.7
Bug fix
·
Auth
VG409 false‑positive reduction
No immediate action
v3.1.6
Maintenance
·
Scope restrictions for VG955, VG506
No immediate action
v3.1.5
Breaking risk
·
Enum regex lowercasing requirement
No immediate action
v3.1.4
Breaking risk
·
ADD matching, USER/HEALTHCHECK skipping, .env file restriction
Review required
v3.1.3
Bug fix
·
Auth
Breaking upgrade
VG010 explain correction
No immediate action
v3.1.2
Bug fix
·
Re-init upgrade flow fixed
No immediate action
v3.1.1
Bug fix
·
Manifest version fix
No immediate action
v3.1.0
New feature
·
Deep scan feature
Review required
v3.0.57
Breaking risk
·
Auth
RBAC
RCE / SSRF
SDK flag removals
Review required
v3.0.56
Feature
·
Auth
RBAC
Dependencies
AI-native security rules
No immediate action
v3.0.55
Bug fix
·
Taint walker directory skip
No immediate action
v3.0.54
Breaking risk
·
Removed markdown library names
No immediate action
v3.0.53
New feature
·
Lockfile reading for dep scanner
No immediate action
v3.0.52
Bug fix
·
Regex limit fix + enum skipping
No immediate action
v3.0.51
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v3.0.50
Bug fix
·
Uniform severity caps
No immediate action
v3.0.49
New feature
·
--full CLI flag
Review required
v3.0.48
Bug fix
·
Auth
RBAC
scan.exclude honored
No immediate action
v3.0.47
New feature
·
Suppression handling changes
Upgrade now
v3.0.46
Bugfix
·
RBAC
RPC RLS bypass fix
Review required
v3.0.45
Maintenance
·
Dependencies
CVE rule skip in lock files
Review required
v3.0.44
Bug fix
·
Auth
URL-input taint narrowing
Review required
v3.0.43
New feature
·
Auth
RBAC
Query pattern skips + App Router handler skip
No immediate action
v3.0.42
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v3.0.41
New feature
·
Skip pagination & private package checks
No immediate action
v3.0.40
Bugfix
·
VG132 fix for Next.js routes
No immediate action
v3.0.39
Bugfix
·
VG955 pagination fix
Review required
v3.0.38
Bugfix
·
Auth
VG106 check adjustment
No immediate action
v3.0.37
Bugfix
·
Unified grade boundaries
No immediate action
v3.0.36
Feature
·
Truncation hint in audit sections
No immediate action
v3.0.35
Bugfix
·
Test‑file rule skips
No immediate action
v3.0.34
Bugfix
·
VG430 conflict resolution + dedup rules
No immediate action
v3.0.33
Bugfix
·
Regex bug fix
No immediate action
v3.0.32
Bugfix
·
Suppress per-route VG030 with global rate limiter
Config change
v3.0.31
Breaking
·
Breaking upgrade
Pinned MCP config version
No immediate action
v3.0.30
Feature
·
guardvibe@latest write + pre-commit hook
Review required
v3.0.29
Bugfix
·
Auth
VG002 fix & middleware support
No immediate action
v3.0.28
Feature
·
GuardVibe skip rules
No immediate action
v3.0.27
Feature
·
CVE count reporting + rule count correction
No immediate action
v3.0.26
Breaking
·
VG964 Next.js requirement
No immediate action
v3.0.25
Feature
·
Seven new rules
No immediate action
v3.0.24
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v3.0.23
Maintenance
·
Routine maintenance and dependency updates.
Upgrade now
v3.0.22
Security relevant
·
Auth
RCE / SSRF
Security fixes
Upgrade now
v3.0.21
Security
·
Auth
RCE / SSRF
Dependencies
Security fixes
Review required
v3.0.20
Breaking risk
·
Auth
RCE / SSRF
Rate limiter improvement
No immediate action
v3.0.19
Feature
·
Taint chain breaking
Review required
v3.0.18
Feature
·
Auth
RBAC
Taint chain broken by sanitizers
Review required
v3.0.17
Feature
·
Auth
Diff‑to‑audit prevention
Review required
v3.0.16
Bugfix
·
Auth
RBAC
Config fixes + audit JSON details
No immediate action
v3.0.15
Feature
·
sectionFindings detail
Config change
v3.0.14
Breaking
·
Breaking upgrade
GuardVibe npx invocation
Review required
v3.0.13
Breaking
·
Auth
Breaking upgrade
Score includes all sections
Config change
v3.0.12
Feature
·
Auth
authExceptions + CLI support
Review required
v3.0.11
Bugfix
·
Auth
RCE / SSRF
Scanner fixes + stronger AI remediation
Review required
v3.0.10
Feature
·
Auth
Dependencies
Remediation plan embedded
Review required
v3.0.9
New feature
·
Remediation plan + verification
Review required
v3.0.8
Feature
·
Auth
Audit output & CLI wrappers
Review required
v3.0.7
Bugfix
·
Auth
VG1005 false‑positive fix
No immediate action
v3.0.6
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v3.0.4
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v3.0.3
Maintenance
·
Routine maintenance and dependency updates.
Review required
v3.0.2
Feature
·
Auth
New security workflows
No immediate action
v3.0.1
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v3.0.0
New feature
·
Git‑aware secret scanner
No immediate action
v2.9.9
Bugfix
·
False positive fixes
No immediate action
v2.9.8
Bugfix
·
CLI exit code fix
No immediate action
v2.9.7
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v2.9.6
Bugfix
·
False‑positive fixes
Review required
v2.9.5
New feature
·
RCE / SSRF
Breaking upgrade
Import-aware fix detection
No immediate action
v2.9.4
Bug fix
·
Remediation pattern recognition
Review required
v2.9.3
New feature
·
RCE / SSRF
Auth
Priority summary table
No immediate action
v2.9.2
Breaking risk
·
Truncated scan_directory
No immediate action
v2.9.1
Breaking risk
·
compliance_mapping rename
No immediate action
v2.9.0
New feature
·
Structured patches + verify_fix
Review required
v2.8.0
New feature
·
Dependencies
RCE / SSRF
EU AI Act compliance + new security rules
No immediate action
v2.7.4
New feature
·
Security summary after CLI commands
Monitor
v2.7.3
New feature
·
Auth
Host security audit CLI
Monitor
v2.5.0
New feature
·
Cross-file taint analysis
No immediate action
v2.4.5
New feature
·
MCP Registry support
No immediate action
v2.4.4
New feature
·
Code coverage reporting
No immediate action
v2.4.3
Maintenance
·
Routine maintenance and dependency updates.
No immediate action
v2.4.2
Maintenance
·
Routine maintenance and dependency updates.
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for ""
⌘K to open
↑↓ navigate
⏎ open