Skip to content

Releases: NeuralRays/ghostpatch

v1.0.1 — Dependency Fix

09 Feb 02:03
@NeuralRays NeuralRays
v1.0.1
ed84984

Choose a tag to compare

View all tags
v1.0.1 — Dependency Fix Latest
Latest

GhostPatch v1.0.1 — Dependency Fix

Changes

  • Fixed deprecated node-domexception warning on install
  • Updated @anthropic-ai/sdk from 0.39.0 to 0.74.0
  • Updated openai from 4.80.0 to 6.18.0
  • Added author, repository, homepage, and bugs fields to package.json
  • Added contributing guide, creator info, and security policy to README

Install

npm install -g ghostpatch
Assets 2
Loading

v1.0.0 — Initial Release

08 Feb 23:59
@NeuralRays NeuralRays
v1.0.0
403f9a1

Choose a tag to compare

View all tags
v1.0.0 — Initial Release

GhostPatch v1.0.0 — Initial Release

AI-powered security vulnerability scanner that runs locally via npm with zero infrastructure.

Highlights

  • 131+ security rules covering all OWASP Top 10 categories
  • 10 specialized detectors: injection, auth, crypto, secrets, SSRF, path traversal, prototype pollution, deserialization, dependency, misconfiguration
  • 15 languages: TypeScript, JavaScript, Python, Java, Go, Rust, C, C++, C#, PHP, Ruby, Swift, Kotlin, Shell, SQL
  • AI-powered analysis using HuggingFace (free), Anthropic Claude, or OpenAI GPT
  • 4 output formats: Terminal, JSON, SARIF (GitHub/VS Code), HTML
  • MCP server with 8 tools for AI coding agent integration
  • CLI with scan, secrets, deps, watch, report, serve commands
  • 68 tests all passing

Install

npm install -g ghostpatch

Quick Start

ghostpatch scan              # Scan current directory
ghostpatch scan ./src        # Scan specific path
ghostpatch secrets           # Scan for hardcoded secrets
ghostpatch deps              # Check dependency vulnerabilities
ghostpatch scan --ai         # Enable AI analysis (free)
ghostpatch report            # Generate HTML report
ghostpatch serve             # Start MCP server

Security Categories

OWASP Category Rules
A01 Broken Access Control BAC001-BAC010
A02 Cryptographic Failures CRYPTO001-CRYPTO012, SEC001-SEC014
A03 Injection INJ001-INJ018, PROTO001-PROTO002
A04 Insecure Design DES001-DES007
A05 Security Misconfiguration CFG001-CFG010
A06 Vulnerable Components DEP001-DEP003
A07 Authentication Failures AUTH001-AUTH008
A08 Data Integrity Failures SER001-SER004
A09 Logging Failures LOG001-LOG003
A10 SSRF SSRF001-SSRF002
Loading