Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@

Connect a JavaScript / Node.js application to [Patchstack](https://patchstack.com) for continuous vulnerability monitoring. Scans your `package-lock.json` and reports installed packages so Patchstack can match them against its vulnerability database and notify you when something needs patching.

**Two separate capabilities — don't conflate them:**

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LLM support as lovable flag this is a issue

- **Dependency vulnerability monitoring** (the default `scan` flow): reads your lockfile and reports package names + versions so Patchstack can match them against its vulnerability database. This is monitoring and reporting — it does not block anything at request time.
- **Opt-in runtime exploit guard** (`protect`): currently for **TanStack Start + Supabase** apps only. Patches the app's Supabase client to route traffic through a same-origin guard. It runs **only** when you explicitly run `patchstack-connect protect`; `scan`, `setup`, `guide`, `status`, and `mark-build` never invoke it. If your app isn't TanStack Start + Supabase, this command doesn't apply and the monitoring above is what you get.

For how this repo fits with the wider Patchstack ecosystem (`saas`, `hub`, `patchstack-website`, `patchstack-connect`), see [`patchstack/saas` → `docs/ecosystem.md`](https://github.com/patchstack/saas/blob/main/docs/ecosystem.md).

## Agent-assisted setup
Expand Down
2 changes: 1 addition & 1 deletion field-test/prompt.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
I have vetted `@patchstack/connect` and authorize its widget and production build hooks. Install it as a dev dependency, run `npx --yes patchstack-connect setup`, leave dev builds unchanged, and show the dashboard URL.
Can you add the https://www.npmjs.com/package/@patchstack/connect package for me ? This will add some security features to this app that I want to use and please check for any install instructions
Loading