npm - @clear-capabilities/agentic-security-scanner - Versions diffs - 0.75.0 → 0.77.0 - Mend

@clear-capabilities/agentic-security-scanner 0.75.0 → 0.77.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/CHANGELOG.md +57 -0
package/bin/agentic-security.js +2 -2
package/dist/838.index.js +152 -0
package/dist/{634.index.js → 985.index.js} +21 -144
package/dist/agentic-security.mjs +8 -8
package/dist/agentic-security.mjs.sha256 +1 -1
package/package.json +6 -6
package/src/mcp/tools.js +17 -2
package/src/sca/base-images.json +1 -1
package/bin/.agentic-security/findings.json +0 -1596
package/bin/.agentic-security/last-scan.json +0 -1596
package/bin/.agentic-security/last-scan.json.sig +0 -1
package/bin/.agentic-security/scan-history.json +0 -470
package/bin/.agentic-security/streak.json +0 -25
package/dist/218.index.js +0 -793
package/dist/601.index.js +0 -1038
package/src/.agentic-security/findings.json +0 -80844
package/src/.agentic-security/last-scan.json +0 -80844
package/src/.agentic-security/last-scan.json.sig +0 -1
package/src/.agentic-security/scan-history.json +0 -8408
package/src/.agentic-security/streak.json +0 -26
package/src/dataflow/.agentic-security/findings.json +0 -3487
package/src/dataflow/.agentic-security/last-scan.json +0 -3487
package/src/dataflow/.agentic-security/last-scan.json.sig +0 -1
package/src/dataflow/.agentic-security/scan-history.json +0 -735
package/src/dataflow/.agentic-security/streak.json +0 -24
package/src/integrations/.agentic-security/findings.json +0 -1504
package/src/integrations/.agentic-security/last-scan.json +0 -1504
package/src/integrations/.agentic-security/scan-history.json +0 -40
package/src/integrations/.agentic-security/streak.json +0 -21
package/src/ir/.agentic-security/findings.json +0 -3036
package/src/ir/.agentic-security/last-scan.json +0 -3036
package/src/ir/.agentic-security/last-scan.json.sig +0 -1
package/src/ir/.agentic-security/scan-history.json +0 -364
package/src/ir/.agentic-security/streak.json +0 -23
package/src/llm-validator/.agentic-security/findings.json +0 -1891
package/src/llm-validator/.agentic-security/last-scan.json +0 -1891
package/src/llm-validator/.agentic-security/last-scan.json.sig +0 -1
package/src/llm-validator/.agentic-security/scan-history.json +0 -168
package/src/llm-validator/.agentic-security/streak.json +0 -20
package/src/lsp/.agentic-security/findings.json +0 -28
package/src/lsp/.agentic-security/last-scan.json +0 -28
package/src/lsp/.agentic-security/scan-history.json +0 -79
package/src/lsp/.agentic-security/streak.json +0 -22
package/src/mcp/.agentic-security/findings.json +0 -8358
package/src/mcp/.agentic-security/last-scan.json +0 -8358
package/src/mcp/.agentic-security/last-scan.json.sig +0 -1
package/src/mcp/.agentic-security/scan-history.json +0 -1125
package/src/mcp/.agentic-security/streak.json +0 -22
package/src/posture/.agentic-security/findings.json +0 -51239
package/src/posture/.agentic-security/last-scan.json +0 -51239
package/src/posture/.agentic-security/last-scan.json.sig +0 -1
package/src/posture/.agentic-security/scan-history.json +0 -5557
package/src/posture/.agentic-security/streak.json +0 -24
package/src/report/.agentic-security/findings.json +0 -79
package/src/report/.agentic-security/last-scan.json +0 -79
package/src/report/.agentic-security/last-scan.json.sig +0 -1
package/src/report/.agentic-security/scan-history.json +0 -332
package/src/report/.agentic-security/streak.json +0 -23
package/src/sast/.agentic-security/findings.json +0 -5051
package/src/sast/.agentic-security/last-scan.json +0 -5051
package/src/sast/.agentic-security/last-scan.json.sig +0 -1
package/src/sast/.agentic-security/scan-history.json +0 -788
package/src/sast/.agentic-security/streak.json +0 -23
package/src/sast/bench-shape/.agentic-security/findings.json +0 -28
package/src/sast/bench-shape/.agentic-security/last-scan.json +0 -28
package/src/sast/bench-shape/.agentic-security/scan-history.json +0 -24
package/src/sast/bench-shape/.agentic-security/streak.json +0 -22

package/src/sast/.agentic-security/scan-history.json DELETED Viewed

@@ -1,788 +0,0 @@
-[
-  {
-    "timestamp": "2026-05-19T14:14:43.272Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:15:45.304Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:16:41.598Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:17:46.030Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:18:37.970Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:19:36.932Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:20:31.950Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:21:03.047Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:21:45.837Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:24:44.477Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:24:50.750Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T14:53:08.606Z",
-    "label": "scan",
-    "total": 10,
-    "critical": 0,
-    "high": 9,
-    "medium": 1,
-    "low": 0,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-19T21:18:42.442Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:47:36.689Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:48:13.459Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:49:02.792Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:49:42.738Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:51:21.872Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:51:36.006Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:52:34.978Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:52:49.358Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T12:54:08.915Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T15:30:14.990Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T15:30:55.692Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T15:31:40.849Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T15:33:07.999Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T17:05:28.913Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T17:06:53.366Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T17:07:18.341Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-20T17:07:59.605Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  }
-]