From 7dfe161d98bd834187615b93f6f94fce22d2f72d Mon Sep 17 00:00:00 2001
From: Divyam Agrawal <ludicrouslytrue@gmail.com>
Date: Tue, 5 May 2026 08:49:56 +0000
Subject: [PATCH] fix: reject unknown matcher slugs

Fail scan when --matchers includes unknown slugs. Fix README grammar (deepsec is an...).

Signed-off-by: Divyam Agrawal <ludicrouslytrue@gmail.com>
---
 README.md                                |  2 +-
 e2e/scan.test.ts                         | 10 ++++++++++
 packages/scanner/src/matcher-registry.ts |  8 +++++---
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index cb239ae..7465ff2 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # deepsec
 
-`deepsec` an agent-powered vulnerability scanner that you can run in your own infrastructure, optimized to perform on-demand review of all code in existing 
+`deepsec` is an agent-powered vulnerability scanner that you can run in your own infrastructure, optimized to perform on-demand review of all code in existing 
 large-scale repos.
 
 `deepsec` is designed to surface hard-to-find issues that have been lurking in applications for a long time. It is configured to use the best models at maximum thinking levels, meaning scans can cost thousands or even tens-of-thousands of dollars for large codebases. Our customers have found the cost worth it for how quickly they were able to patch vulnerabilities that would have otherwise gone unfixed.
diff --git a/e2e/scan.test.ts b/e2e/scan.test.ts
index 95d494f..70dd2fe 100644
--- a/e2e/scan.test.ts
+++ b/e2e/scan.test.ts
@@ -86,4 +86,14 @@ describe("scan e2e", () => {
     const meta = JSON.parse(fs.readFileSync(runPath, "utf-8"));
     expect(meta.scannerConfig.matcherSlugs).toEqual(["xss", "rce"]);
   });
+
+  it("throws when matcher filter includes an unknown slug", async () => {
+    await expect(
+      scan({
+        projectId: PROJECT_ID,
+        root: FIXTURES,
+        matcherSlugs: ["xss", "does-not-exist"],
+      }),
+    ).rejects.toThrow(/Unknown matcher slug\(s\): does-not-exist/);
+  });
 });
diff --git a/packages/scanner/src/matcher-registry.ts b/packages/scanner/src/matcher-registry.ts
index 60350c7..3eb89b4 100644
--- a/packages/scanner/src/matcher-registry.ts
+++ b/packages/scanner/src/matcher-registry.ts
@@ -16,9 +16,11 @@ export class MatcherRegistry {
   }
 
   getBySlugs(slugs: string[]): MatcherPlugin[] {
-    return slugs
-      .map((s) => this.matchers.get(s))
-      .filter((m): m is MatcherPlugin => m !== undefined);
+    const missing = slugs.filter((slug) => !this.matchers.has(slug));
+    if (missing.length > 0) {
+      throw new Error(`Unknown matcher slug(s): ${missing.join(", ")}`);
+    }
+    return slugs.map((slug) => this.matchers.get(slug)!);
   }
 
   slugs(): string[] {