← Back to thuban.dev
Changelog
Every version. Every fix. Every feature. Shipped fast, documented honestly.
npm install -g thuban@latest — always get the newest version
- Added VS Code extension — real-time diagnostics, squiggly underlines, scan-on-save
- Added MCP Server (
thuban-mcp) — let AI agents call Thuban directly from Claude, Cursor, Copilot
- Added GitHub Action for CI/CD — auto-scan PRs, post inline comments, block merges below threshold
- Added OWASP Top 10 + CWE mapping on all security findings
- Added Privacy policy and terms of service pages
- Added Stripe payment integration — $9/$49/$299 tiers live
- Added SendGrid license key delivery — automated post-purchase email with install steps
- Fixed Ghost detection regression — unused functions now correctly detected alongside classes, consts, imports
- Fixed Clone detection regression — restored cross-file duplicate detection for JS, Go, Ruby
- Fixed SEC009 false positives —
lodash.map, .filter, .reduce no longer flagged as hallucinated APIs
- Fixed AI-score module now generates scores correctly
- Fixed Drift detection now produces non-zero results on files with contradictory headers
- Improved AST-based taint tracking for more precise data flow analysis
- Improved Comprehensive test suite — 47 test files, 200+ test cases covering all detectors
- Improved Performance benchmarks added — sub-second scan times on typical projects
- Added The Crucible — adversarial stress testing engine (fuzz, chaos, attack simulation)
- Added Investor audit reports — dual-scan due diligence for technical investors
- Added 120+ language support via tree-sitter AST parsing
- Added Dashboard telemetry — scan history, trend tracking, team metrics
- Improved Hallucination detection engine with known-API allowlists
- Changed Moved to Ed25519-signed license keys for tamper-proof validation
- Added Hallucination detection — catches AI-generated fake API calls, non-existent methods, phantom imports
- Added Ghost code detection — finds unused functions, dead imports, orphaned classes
- Added Copy-paste / clone detection — identifies duplicated code blocks across files
- Added Complexity analysis with cyclomatic + cognitive scoring
- Added Taint tracking — traces unsanitised user input through data flows
- Added Security scanner with 69 rule patterns across injection, auth, crypto, config
- Added HTML report generation with trust scores and fix recommendations
- Added Multi-language support — JavaScript, TypeScript, Python, Go, Rust, Ruby, Java, C#, Kotlin, PHP
- Added Baseline management — track improvements between scans