Frontguard by Pubflow CLI scans frontend builds, public URLs, localhost apps, HAR files, and interactive browser traffic for client-side exposure risks.
It includes the same defensive platform-aware direction as the extension: WordPress/WooCommerce, Shopify, no-code builders, CMS assets, commerce fields, Replit/dev-hosting signals, and third-party script surface are reported as review context rather than exploit claims.
frontguard start
fguard start
frontguard scan ./dist
frontguard scan http://localhost:3000
frontguard scan-har ./session.har
frontguard deep-scan http://localhost:3000
frontguard report report.json --markdown
frontguard rules list
frontguard initfrontguard start opens a friendly guided wizard for normal scans, deep active scans, HAR files, saved reports, output formats, third-party evidence, and CI behavior.
deep-scan opens a browser with Playwright and captures request/response data while you use the app. Press Enter in the terminal to stop and analyze.
It does not replay requests, submit forms automatically, fuzz endpoints, or mutate data by itself.
Example:
frontguard deep-scan http://localhost:3000 --copyFlow:
- The browser opens.
- Use the app normally.
- Trigger the flows you want to review.
- Return to the terminal.
- Press Enter to stop and analyze.
frontguard scan ./dist --copy
frontguard scan ./dist --json
frontguard scan ./dist --sarif
frontguard scan ./dist --markdown --output frontguard-report.md
frontguard scan ./dist --ci --fail-on highSecret values are masked by default.