VibeGuard: A Security Gate Framework for AI-Generated Code

Apr 1, 2026•Ying Xie•View PDF

TL;DR Highlight

A pre-publish security scanner that prevents your entire source code from leaking due to packaging misconfigurations in 'Vibe Coding' environments where AI-generated code is deployed without review.

Who Should Read

Developers deploying AI-generated code (from Claude Code, GitHub Copilot, etc.) to production. Especially DevSecOps engineers who publish npm/pip packages or want to add security gates to their CI/CD pipelines.

Core Mechanics

On March 31, 2026, Anthropic's Claude Code npm package included a 59.8MB source map file, exposing approximately 512,000 lines of TypeScript source code. The cause was not a code bug but a missing .npmignore configuration.
AI-generated code has 1.7x more security issues than human-written code, with specific vulnerabilities like XSS reaching up to 2.74x higher (CodeRabbit 2025). However, most existing research focuses on logic bugs and rarely addresses packaging/build configuration mistakes.
VibeGuard covers 5 vulnerability categories missed by existing SAST tools, secret scanners, and dependency audit tools: artifact hygiene, packaging configuration drift, source map exposure, hardcoded secrets, and supply chain risks.
Operating at publish time is a core design decision. The Claude Code leak could not have been prevented by pre-commit hooks because the source maps were legitimate build artifacts.
AI code generators are optimized for 'adding things' (adding build steps, adding dependencies) but are weak at 'excluding things' (e.g., adding files to .npmignore). Packaging security is fundamentally about exclusion.
By registering VibeGuard as a tool in AI coding assistants, the scanner can run automatically before the AI suggests a publish command — a defensive approach suited to Vibe Coding workflows where developers don't read the code directly.

Evidence

"Achieved Recall 100%, Precision 89.47%, and F1 Score 94.44% across 8 synthetic projects (7 vulnerable + 1 clean), with 100% pass/fail gate accuracy on all projects. Zero False Negatives: no planted vulnerabilities were missed. The 2 False Positives were the config scanner over-flagging missing .npmignore, an acceptable trade-off in a security gate context. The Source Map, Artifact, Secret, and Dependency categories achieved Precision 100% + Recall 100%. Only the Config category had Precision 71.4%, due to its intentionally broad scope. According to a Veracode report, 45% of LLM-generated code contains security flaws (based on 80 benchmark tasks). GitHub Copilot generates vulnerable code in approximately 40% of security-sensitive scenarios (Pearce et al., IEEE S&P 2022)."

How to Apply

"For projects publishing npm packages, simply add `\"prepublishOnly\": \"vibeguard scan\"` to the scripts section of package.json. This automatically triggers the security gate when `npm publish` is run, blocking publication if vulnerabilities are detected. Add VibeGuard as a required check in your CI/CD pipeline (e.g., GitHub Actions). Configuring it to run before merges allows packaging misconfigurations to be automatically blocked even without developers manually reviewing the code. Register VibeGuard as an MCP tool in AI coding assistants like Claude Code or Cursor so the AI automatically runs a scan before issuing deployment commands — closing the security loop within the Vibe Coding workflow."

Code Example

snippet

# Install VibeGuard and basic usage
pip install vibeguard  # or install directly from GitHub

# Scan a project (default policy)
vibeguard scan ./my-project

# Scan with strict policy (block on all findings at info level and above)
vibeguard scan ./my-project --policy strict

# Add prepublishOnly hook to package.json
# package.json
{
  "scripts": {
    "prepublishOnly": "vibeguard scan ."
  }
}

# .npmignore check example - patterns detected by VibeGuard
# If the following are missing, ConfigScanner flags them as CRITICAL
# *.map          <- exclude source maps
# .env*          <- exclude environment variable files
# tsconfig.json  <- exclude build configuration
# **/*.d.ts.map  <- exclude type definition source maps

Terminology

Vibe CodingA development style where you tell AI 'build me this feature' and use the code with minimal reading or review. Using AI as the primary author without line-by-line code review.

Source MapA file that maps compiled/minified code (minified JS) back to the original source code. Intended for debugging, but if included in a production package, it exposes the entire source code.

.npmignoreA file listing what should be excluded when publishing an npm package. Similar to .gitignore — without it, your entire project files can end up uploaded to npm.

SASTStatic Application Security Testing. Tools that find vulnerabilities by analyzing source code without executing it. Examples include Semgrep and CodeQL.

Supply Chain AttackAn attack that infects your app by compromising an external library (dependency) you use. If malicious code is injected into a popular package like axios, thousands of projects using it can be compromised at once.

CWECommon Weakness Enumeration. An internationally standardized numbered classification of software security vulnerabilities. For example, CWE-312 refers to 'Cleartext Storage of Sensitive Information'.

prepublishOnlyA script hook that runs automatically just before `npm publish`. Adding a security scan here allows automatic blocking of package publication if vulnerabilities are present.

Configuration DriftA phenomenon where the initial configuration is correct, but as the project grows and new files are added, the configuration files are not updated accordingly, causing a growing mismatch.

Related Resources

Original Abstract (Expand)

"Vibe coding," in which developers delegate code generation to AI assistants and accept the output with little manual review, has gained rapid adoption in production settings. On March 31, 2026, Anthropic's Claude Code CLI shipped a 59.8 MB source map file in its npm package, exposing roughly 512,000 lines of proprietary TypeScript. The tool had itself been largely vibe-coded, and the leak traced to a misconfigured packaging rule rather than a logic bug. Existing static-analysis and secret-scanning tools did not cover this failure mode, pointing to a gap between the vulnerabilities AI tends to introduce and the vulnerabilities current tooling is built to find. We present VibeGuard, a pre-publish security gate that targets five such blind spots: artifact hygiene, packaging-configuration drift, source-map exposure, hardcoded secrets, and supply-chain risk. In controlled experiments on eight synthetic projects (seven vulnerable, one clean control), VibeGuard achieved 100% recall, 89.47% precision (F1 = 94.44%), and correct pass/fail gate decisions on all eight projects across three policy levels. We discuss how these results inform a defense-in-depth workflow for teams that rely on AI code generation.