Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (foxguard) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
foxguard
A security scanner as fast as a linter, written in Rust.
npx foxguard .Why people use it
- Fast enough to run locally instead of waiting for CI
- Useful built-in rules out of the box across 10 languages
- Semgrep-compatible YAML subset when you already have existing rules
- JSON and SARIF output for automation
It scans for SQL injection, XSS, SSRF, hardcoded secrets, command injection, weak crypto, unsafe deserialization, and framework-specific mistakes.
Languages: JavaScript, TypeScript, Python, Go, Ruby, Java, PHP, Rust, C#, Swift
How it works
This is the npm wrapper. It downloads the correct prebuilt Rust binary for your platform from GitHub Releases and caches it locally.
npx foxguard . # scan everything
npx foxguard --changed . # only modified files
npx foxguard secrets . # leaked credentials
npx foxguard --format sarif . # SARIF for GitHub Code Scanning
npx foxguard init # install pre-commit hookScope
foxguard is built around fast local feedback.
- built-in rules are the default product
- Semgrep/OpenGrep-compatible YAML is the adoption bridge
- full external-rule-engine parity is intentionally out of scope
Supported platforms
- macOS (x64, arm64)
- Linux (x64, arm64)
- Windows (x64)