@bryan-thompson/inspector-assessment-client 1.20.1 → 1.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/assets/{OAuthCallback-DX-BBIMw.js → OAuthCallback-C_hvEt5s.js} +1 -1
  2. package/dist/assets/{OAuthDebugCallback-Dgp5YOBI.js → OAuthDebugCallback-8Fi3YLef.js} +1 -1
  3. package/dist/assets/{index-CmFoao7k.js → index-BfOtvMZ9.js} +11 -10
  4. package/dist/index.html +1 -1
  5. package/lib/lib/moduleScoring.d.ts +1 -1
  6. package/lib/lib/moduleScoring.js +1 -1
  7. package/lib/services/assessment/modules/SecurityAssessor.d.ts.map +1 -1
  8. package/lib/services/assessment/modules/SecurityAssessor.js +7 -6
  9. package/package.json +1 -1
package/dist/assets/{OAuthCallback-DX-BBIMw.js → OAuthCallback-C_hvEt5s.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-CmFoao7k.js";
1
+ import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-BfOtvMZ9.js";
2
2
  const OAuthCallback = ({ onConnect }) => {
3
3
  const { toast } = useToast();
4
4
  const hasProcessedRef = reactExports.useRef(false);
package/dist/assets/{OAuthDebugCallback-Dgp5YOBI.js → OAuthDebugCallback-8Fi3YLef.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-CmFoao7k.js";
1
+ import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-BfOtvMZ9.js";
2
2
  const OAuthDebugCallback = ({ onConnect }) => {
3
3
  reactExports.useEffect(() => {
4
4
  let isProcessed = false;
package/dist/assets/{index-CmFoao7k.js → index-BfOtvMZ9.js} RENAMED
@@ -16320,7 +16320,7 @@ object({
16320
16320
  token_type_hint: string().optional()
16321
16321
  }).strip();
16322
16322
  const name = "@bryan-thompson/inspector-assessment-client";
16323
- const version$1 = "1.20.0";
16323
+ const version$1 = "1.20.1";
16324
16324
  const packageJson = {
16325
16325
  name,
16326
16326
  version: version$1
@@ -45352,7 +45352,7 @@ const useTheme = () => {
45352
45352
  [theme, setThemeWithSideEffect]
45353
45353
  );
45354
45354
  };
45355
- const version = "1.20.0";
45355
+ const version = "1.20.1";
45356
45356
  var [createTooltipContext] = createContextScope("Tooltip", [
45357
45357
  createPopperScope
45358
45358
  ]);
@@ -53734,12 +53734,13 @@ class SecurityAssessor extends BaseAssessor {
53734
53734
  /request\s+received:/i,
53735
53735
  // Explicit safety indicators in JSON responses (context-aware to avoid matching unrelated fields)
53736
53736
  // Require safety-related context: message, result, status, stored, reflected, etc.
53737
- /"safe"\s*:\s*true[^}]*("message"|"result"|"status"|"response")/i,
53738
- /("message"|"result"|"status"|"response")[^}]*"safe"\s*:\s*true/i,
53739
- /"vulnerable"\s*:\s*false[^}]*("safe"|"stored"|"reflected"|"status")/i,
53740
- /("safe"|"stored"|"reflected"|"status")[^}]*"vulnerable"\s*:\s*false/i,
53741
- /"status"\s*:\s*"acknowledged"[^}]*("message"|"result"|"safe")/i,
53742
- /("message"|"result"|"safe")[^}]*"status"\s*:\s*"acknowledged"/i
53737
+ // Bounded quantifiers prevent ReDoS attacks from malicious server responses
53738
+ /"safe"\s*:\s*true[^}]{0,500}("message"|"result"|"status"|"response")/i,
53739
+ /("message"|"result"|"status"|"response")[^}]{0,500}"safe"\s*:\s*true/i,
53740
+ /"vulnerable"\s*:\s*false[^}]{0,500}("safe"|"stored"|"reflected"|"status")/i,
53741
+ /("safe"|"stored"|"reflected"|"status")[^}]{0,500}"vulnerable"\s*:\s*false/i,
53742
+ /"status"\s*:\s*"acknowledged"[^}]{0,500}("message"|"result"|"safe")/i,
53743
+ /("message"|"result"|"safe")[^}]{0,500}"status"\s*:\s*"acknowledged"/i
53743
53744
  ];
53744
53745
  const reflectionPatterns = [
53745
53746
  ...statusPatterns,
@@ -59166,13 +59167,13 @@ const App = () => {
59166
59167
  ) });
59167
59168
  if (window.location.pathname === "/oauth/callback") {
59168
59169
  const OAuthCallback = React.lazy(
59169
- () => __vitePreload(() => import("./OAuthCallback-DX-BBIMw.js"), true ? [] : void 0)
59170
+ () => __vitePreload(() => import("./OAuthCallback-C_hvEt5s.js"), true ? [] : void 0)
59170
59171
  );
59171
59172
  return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
59172
59173
  }
59173
59174
  if (window.location.pathname === "/oauth/callback/debug") {
59174
59175
  const OAuthDebugCallback = React.lazy(
59175
- () => __vitePreload(() => import("./OAuthDebugCallback-Dgp5YOBI.js"), true ? [] : void 0)
59176
+ () => __vitePreload(() => import("./OAuthDebugCallback-8Fi3YLef.js"), true ? [] : void 0)
59176
59177
  );
59177
59178
  return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
59178
59179
  }
package/dist/index.html CHANGED
@@ -5,7 +5,7 @@
5
5
  <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
6
6
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
7
7
  <title>MCP Inspector</title>
8
- <script type="module" crossorigin src="/assets/index-CmFoao7k.js"></script>
8
+ <script type="module" crossorigin src="/assets/index-BfOtvMZ9.js"></script>
9
9
  <link rel="stylesheet" crossorigin href="/assets/index-DiyPO_Zj.css">
10
10
  </head>
11
11
  <body>
package/lib/lib/moduleScoring.d.ts CHANGED
@@ -19,5 +19,5 @@ export declare function calculateModuleScore(result: unknown): number;
19
19
  * Current inspector-assessment version for event compatibility checking.
20
20
  * This should match the version in package.json.
21
21
  */
22
- export declare const INSPECTOR_VERSION = "1.12.0";
22
+ export declare const INSPECTOR_VERSION = "1.20.1";
23
23
  //# sourceMappingURL=moduleScoring.d.ts.map
package/lib/lib/moduleScoring.js CHANGED
@@ -50,4 +50,4 @@ export function calculateModuleScore(result) {
50
50
  * Current inspector-assessment version for event compatibility checking.
51
51
  * This should match the version in package.json.
52
52
  */
53
- export const INSPECTOR_VERSION = "1.12.0";
53
+ export const INSPECTOR_VERSION = "1.20.1";
package/lib/services/assessment/modules/SecurityAssessor.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAc9D,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,iBAAiB,CAAuC;IAC1D,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;IAuKvC;;;;OAIG;YACW,qBAAqB;IA4JnC;;OAEG;YACW,WAAW;IA2HzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAgDzB;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAiDtC;;OAEG;IACH,OAAO,CAAC,aAAa;IA+BrB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAgClC;;;OAGG;IACH,OAAO,CAAC,eAAe;IA6HvB;;;;;;;OAOG;IACH,OAAO,CAAC,qBAAqB;IAiE7B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAqC5B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAsB3B;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;OAEG;YACW,+BAA+B;IAiC7C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAkEnC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAuI3B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,oBAAoB;IAuM5B;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAwDhC;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAuBtC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAoH5B;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAmB3B"}
1
+ {"version":3,"file":"SecurityAssessor.d.ts","sourceRoot":"","sources":["../../../../src/services/assessment/modules/SecurityAssessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,kBAAkB,EAInB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAc9D,qBAAa,gBAAiB,SAAQ,YAAY;IAChD,OAAO,CAAC,iBAAiB,CAAuC;IAC1D,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuFrE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkC7B;;;;OAIG;YACW,yBAAyB;IAuKvC;;;;OAIG;YACW,qBAAqB;IA4JnC;;OAEG;YACW,WAAW;IA2HzB;;;;;OAKG;IACH,OAAO,CAAC,iBAAiB;IAgDzB;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAiDtC;;OAEG;IACH,OAAO,CAAC,aAAa;IA+BrB;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAgClC;;;OAGG;IACH,OAAO,CAAC,eAAe;IA6HvB;;;;;;;OAOG;IACH,OAAO,CAAC,qBAAqB;IAiE7B;;;;;;;;;OASG;IACH,OAAO,CAAC,oBAAoB;IAqC5B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAsB3B;;;;;;;OAOG;IACH,OAAO,CAAC,oBAAoB;IAkC5B;;OAEG;YACW,+BAA+B;IAiC7C;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAYjC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IA0B/B;;OAEG;IACH,OAAO,CAAC,2BAA2B;IAkEnC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAuI3B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAsB5B;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,oBAAoB;IAwM5B;;;;;;;;;OASG;IACH,OAAO,CAAC,wBAAwB;IAwDhC;;;OAGG;IACH,OAAO,CAAC,8BAA8B;IAuBtC;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IA8BhC;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAO1B,OAAO,CAAC,oBAAoB;IAoH5B;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;;OAGG;IACH,OAAO,CAAC,eAAe;IASvB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;;OAGG;IACH,OAAO,CAAC,kBAAkB;CAmB3B"}
package/lib/services/assessment/modules/SecurityAssessor.js CHANGED
@@ -1096,12 +1096,13 @@ export class SecurityAssessor extends BaseAssessor {
1096
1096
  /request\s+received:/i,
1097
1097
  // Explicit safety indicators in JSON responses (context-aware to avoid matching unrelated fields)
1098
1098
  // Require safety-related context: message, result, status, stored, reflected, etc.
1099
- /"safe"\s*:\s*true[^}]*("message"|"result"|"status"|"response")/i,
1100
- /("message"|"result"|"status"|"response")[^}]*"safe"\s*:\s*true/i,
1101
- /"vulnerable"\s*:\s*false[^}]*("safe"|"stored"|"reflected"|"status")/i,
1102
- /("safe"|"stored"|"reflected"|"status")[^}]*"vulnerable"\s*:\s*false/i,
1103
- /"status"\s*:\s*"acknowledged"[^}]*("message"|"result"|"safe")/i,
1104
- /("message"|"result"|"safe")[^}]*"status"\s*:\s*"acknowledged"/i,
1099
+ // Bounded quantifiers prevent ReDoS attacks from malicious server responses
1100
+ /"safe"\s*:\s*true[^}]{0,500}("message"|"result"|"status"|"response")/i,
1101
+ /("message"|"result"|"status"|"response")[^}]{0,500}"safe"\s*:\s*true/i,
1102
+ /"vulnerable"\s*:\s*false[^}]{0,500}("safe"|"stored"|"reflected"|"status")/i,
1103
+ /("safe"|"stored"|"reflected"|"status")[^}]{0,500}"vulnerable"\s*:\s*false/i,
1104
+ /"status"\s*:\s*"acknowledged"[^}]{0,500}("message"|"result"|"safe")/i,
1105
+ /("message"|"result"|"safe")[^}]{0,500}"status"\s*:\s*"acknowledged"/i,
1105
1106
  ];
1106
1107
  const reflectionPatterns = [
1107
1108
  ...statusPatterns,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bryan-thompson/inspector-assessment-client",
3
- "version": "1.20.1",
3
+ "version": "1.20.2",
4
4
  "description": "Client-side application for the Enhanced MCP Inspector with assessment capabilities",
5
5
  "license": "MIT",
6
6
  "author": "Bryan Thompson <bryan@triepod.ai>",