Documentation
Learn how to use GlanceVibe CLI to secure your JavaScript and TypeScript code.
Installation
Install GlanceVibe globally using npm:
npm install -g glancevibeAuthentication
Before scanning, you need to authenticate with your API key:
glancevibe auth --loginYou can also set the GLANCEVIBE_API_KEY environment variable.
Usage
Scan files
# Scan current directory
glancevibe scan
# Scan specific files or directories
glancevibe scan src/ lib/
# Scan with specific output format
glancevibe scan --format json
glancevibe scan --format sarif
glancevibe scan --format html
# Filter by severity
glancevibe scan --severity HIGH
# Filter by confidence
glancevibe scan --confidence high
# Exclude patterns
glancevibe scan --exclude "**/test/**" --exclude "**/*.spec.ts"Check account status
glancevibe statusList available rules
glancevibe list-rulesExplain a rule
glancevibe explain GV-001AI & LLM Usage
GlanceVibe is designed to work seamlessly with AI coding assistants like Cursor, Windsurf, and Codex. By providing structured security findings, you can empower your AI to not only find but also fix vulnerabilities in your codebase.
Instructions for AI Assistants
When using an AI assistant, you can provide it with the following instructions to help it secure your project:
Recommended AI Workflow:
- Install GlanceVibe:
npm install -g glancevibe - Run a scan with JSON output:
glancevibe scan --format json - Provide the JSON output to the AI and ask: "Review these security findings and propose surgical fixes for each issue, following security best practices."
AI Crawler Support (llms.txt)
We provide a standardized llms.txt file at the root of our domain for AI crawlers and LLMs to easily ingest our documentation and rule definitions.
Git-Aware Scanning
Scan only files that have changed, perfect for CI pipelines and pre-commit hooks:
# Scan uncommitted changes (staged + unstaged)
glancevibe scan --changed
# Scan only staged files (great for pre-commit hooks)
glancevibe scan --staged
# Scan files changed since a branch/tag/commit
glancevibe scan --since main
glancevibe scan --since HEAD~5
glancevibe scan --since v1.0.0Baseline / Ignore Known Findings
Suppress known findings to focus on new issues:
# Generate a baseline from current findings
glancevibe scan --generate-baseline
# Apply baseline to suppress known findings
glancevibe scan --baseline
# Use a custom baseline file path
glancevibe scan --baseline ./custom-baseline.json
glancevibe scan --generate-baseline --baseline ./custom-baseline.jsonThe baseline file (.glancevibe-baseline.json) tracks findings by fingerprint, allowing for minor code changes without losing suppressions.
Dependency Scanning
Check your npm dependencies for known vulnerabilities:
# Standalone dependency scan
glancevibe deps
# Scan a specific directory
glancevibe deps ./my-project
# JSON output
glancevibe deps --format json
# Exclude devDependencies
glancevibe deps --no-dev
# Combined with code scan
glancevibe scan --include-depsScan History & Trends
Track your security posture over time:
# View scan history for current project
glancevibe history
# Limit number of entries
glancevibe history --limit 20
# View all projects with history
glancevibe history --all
# View security trends with ASCII visualization
glancevibe trends
# Analyze different time periods
glancevibe trends --days 7
glancevibe trends --days 90
# Export trend data as JSON
glancevibe trends --format jsonRule Reference
GlanceVibe uses a robust rule engine to identify security vulnerabilities. Each rule is carefully designed to minimize false positives and provide actionable recommendations.
| ID | Name | Category | Severity | Tier |
|---|---|---|---|---|
| GV-001 | SQL Injection | Injection | CRITICAL | Base |
| GV-002 | Command Injection | Injection | CRITICAL | Base |
| GV-003 | Dangerous Eval | Injection | CRITICAL | Base |
| GV-004 | Server-Side Request Forgery | Injection | CRITICAL | Premium |
| GV-005 | NoSQL Injection | Injection | CRITICAL | Premium |
| GV-006 | Unsafe Deserialization | Injection | CRITICAL | Premium |
| GV-007 | JWT Algorithm None | Auth | CRITICAL | Premium |
| GV-008 | Cross-Site Scripting (XSS) | XSS | HIGH | Base |
| GV-009 | Hardcoded Secrets | Secrets | HIGH | Base |
| GV-010 | Path Traversal | Injection | HIGH | Base |
| GV-011 | Prototype Pollution | Injection | HIGH | Premium |
| GV-012 | Weak Cryptography | Crypto | HIGH | Premium |
| GV-013 | Missing Input Sanitization | Validation | MEDIUM | Premium |
| GV-014 | Sensitive Data in Storage | Storage | HIGH | Premium |
| GV-015 | Unrestricted File Upload | Upload | HIGH | Premium |
| GV-016 | Missing Auth Middleware | Auth | HIGH | Premium |
| GV-017 | Missing CSRF Protection | Auth | HIGH | Premium |
| GV-018 | Client-side Only Auth | Auth | HIGH | Premium |
| GV-019 | Insecure Randomness | Crypto | HIGH | Premium |
| GV-020 | Prompt Injection | LLM | HIGH | Premium |
| GV-021 | Vulnerable Dependencies | Dependencies | MEDIUM | Base |
| GV-022 | Open Redirect | Redirect | MEDIUM | Premium |
| GV-023 | ReDoS | Regex | MEDIUM | Premium |
| GV-024 | Sensitive Data Logging | Logging | MEDIUM | Premium |
| GV-025 | CORS Misconfiguration | CORS | MEDIUM | Premium |
| GV-026 | Insecure Cookies | Cookies | MEDIUM | Premium |
| GV-027 | Missing Error Handling | Error | MEDIUM | Premium |
| GV-028 | Timing Attack | Crypto | MEDIUM | Premium |
| GV-029 | Missing Security Headers | Headers | MEDIUM | Premium |
| GV-030 | Sensitive Files Exposed | Gitignore | MEDIUM | Base |
| GV-031 | Debug Endpoints | Debug | MEDIUM | Premium |
| GV-032 | No Rate Limiting | Ratelimit | MEDIUM | Premium |
| GV-033 | Verbose Error Messages | Error | MEDIUM | Premium |
| GV-034 | Host Header Injection | Injection | MEDIUM | Premium |
| GV-035 | Quantity Not Validated | Validation | MEDIUM | Premium |
| GV-036 | System Prompt Leakage | LLM | HIGH | Base |
| GV-037 | Unsafe URL Schemes | XSS | HIGH | Base |
| GV-038 | Unsafe postMessage Origin | Web | HIGH | Base |
| GV-040 | GraphQL Introspection Enabled | API | MEDIUM | Premium |
| GV-041 | GraphQL Query DoS | API | MEDIUM | Premium |
| GV-042 | Mass Assignment | Validation | HIGH | Premium |
| GV-046 | IDOR Pattern | Auth | HIGH | Premium |
| GV-047 | In-Memory Rate Limiting | Ratelimit | LOW | Premium |
Configuration
Create a .glanceviberc file in your project root:
{
"severity": "MEDIUM",
"format": "pretty",
"exclude": ["**/node_modules/**", "**/*.test.ts"],
"apiUrl": "https://api.glancevibe.com"
}Or add a glancevibe key in your package.json:
{
"glancevibe": {
"severity": "MEDIUM",
"exclude": ["**/test/**"]
}
}Output Formats
- pretty(default): Colored terminal output with code snippets
- jsonFull findings as JSON
- sarifSARIF format for CI/CD integration (GitHub, GitLab)
- htmlInteractive HTML report
Exit Codes
0- No critical or high severity findings1- Critical or high severity findings detected, or scan error
CI/CD Integration
GitHub Actions
- name: Security Scan
run: |
npm install -g glancevibe
glancevibe scan --format sarif > results.sarif
env:
GLANCEVIBE_API_KEY: ${{ secrets.GLANCEVIBE_API_KEY }}
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarifPR-Only Scanning
Scan only changed files in pull requests:
- name: Security Scan (Changed Files)
run: |
npm install -g glancevibe
glancevibe scan --since origin/main
env:
GLANCEVIBE_API_KEY: ${{ secrets.GLANCEVIBE_API_KEY }}With Baseline
Ignore known findings and fail only on new issues:
- name: Security Scan with Baseline
run: |
npm install -g glancevibe
glancevibe scan --baseline
env:
GLANCEVIBE_API_KEY: ${{ secrets.GLANCEVIBE_API_KEY }}Pre-commit Hook
Add to .husky/pre-commit:
#!/bin/sh
glancevibe scan --staged --severity HIGHCommands Reference
| Command | Description |
|---|---|
| scan [targets...] | Scan files for security vulnerabilities |
| deps [target] | Scan dependencies for known vulnerabilities |
| history | Show scan history for current project |
| trends | Show security trend visualization |
| auth | Manage API authentication |
| status | Show account status and usage |
| list-rules | List available security rules |
| explain <rule> | Explain a security rule |
Scan Options
| Option | Description |
|---|---|
| -f, --format <format> | Output format: pretty, json, sarif, html |
| -o, --output <path> | Output file path |
| -s, --severity <level> | Minimum severity: LOW, MEDIUM, HIGH, CRITICAL |
| -c, --confidence <level> | Minimum confidence: low, medium, high |
| -e, --exclude <patterns...> | Glob patterns to exclude |
| -i, --include <patterns...> | Glob patterns to include |
| --changed | Scan only uncommitted changes |
| --staged | Scan only staged files |
| --since <ref> | Scan files changed since ref |
| --generate-baseline | Generate baseline file |
| --baseline [path] | Apply baseline to suppress findings |
| --include-deps | Include dependency vulnerability scan |
| -v, --verbose | Verbose output |
GlanceVibe CLI is licensed under the MIT License.