npm - @clear-capabilities/agentic-security-scanner - Versions diffs - 0.78.0 → 0.79.0 - Mend

@clear-capabilities/agentic-security-scanner 0.78.0 → 0.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/bin/.agentic-security/findings.json +16 -16
package/bin/.agentic-security/last-scan.json +16 -16
package/bin/.agentic-security/last-scan.json.sig +1 -1
package/bin/.agentic-security/scan-history.json +51 -0
package/bin/.agentic-security/streak.json +5 -5
package/bin/agentic-security.js +22 -7
package/dist/178.index.js +1 -1
package/dist/384.index.js +1 -1
package/dist/476.index.js +5 -5
package/dist/637.index.js +1 -1
package/dist/700.index.js +138 -0
package/dist/718.index.js +53 -0
package/dist/838.index.js +1 -1
package/dist/985.index.js +5 -0
package/dist/agentic-security.mjs +1 -1
package/dist/agentic-security.mjs.sha256 +1 -1
package/package.json +2 -2
package/src/dataflow/engine.js +52 -8
package/src/engine.js +107 -6
package/src/integrations/index.js +2 -1
package/src/ir/callgraph.js +27 -7
package/src/llm-validator/index.js +7 -5
package/src/mcp/audit.js +5 -0
package/src/posture/calibration-drift.js +2 -1
package/src/posture/calibration.js +3 -2
package/src/posture/fix-history.js +8 -2
package/src/posture/profile.js +4 -5
package/src/posture/rule-overrides.js +2 -3
package/src/posture/rule-pack-signing.js +2 -3
package/src/posture/rule-synthesis.js +5 -6
package/src/posture/security-trend.js +4 -7
package/src/posture/state-dir.js +124 -0
package/src/posture/streak.js +3 -0
package/src/posture/suppressions.js +5 -8
package/src/posture/triage.js +3 -5
package/src/posture/validator-metrics.js +3 -6
package/src/sast/db-taint.js +24 -0
package/src/sast/rust.js +26 -0
package/src/sca/binary-metadata.js +124 -0
package/src/sca/py-package-functions.js +118 -0
package/src/sca/vendor-detect.js +53 -0
package/src/.agentic-security/findings.json +0 -82642
package/src/.agentic-security/last-scan.json +0 -82642
package/src/.agentic-security/last-scan.json.sig +0 -1
package/src/.agentic-security/scan-history.json +0 -10054
package/src/.agentic-security/streak.json +0 -21
package/src/dataflow/.agentic-security/findings.json +0 -3515
package/src/dataflow/.agentic-security/last-scan.json +0 -3515
package/src/dataflow/.agentic-security/last-scan.json.sig +0 -1
package/src/dataflow/.agentic-security/scan-history.json +0 -702
package/src/dataflow/.agentic-security/streak.json +0 -22
package/src/ir/.agentic-security/findings.json +0 -3777
package/src/ir/.agentic-security/last-scan.json +0 -3777
package/src/ir/.agentic-security/last-scan.json.sig +0 -1
package/src/ir/.agentic-security/scan-history.json +0 -771
package/src/ir/.agentic-security/streak.json +0 -21
package/src/posture/.agentic-security/findings.json +0 -51562
package/src/posture/.agentic-security/last-scan.json +0 -51562
package/src/posture/.agentic-security/last-scan.json.sig +0 -1
package/src/posture/.agentic-security/scan-history.json +0 -650
package/src/posture/.agentic-security/streak.json +0 -20
package/src/report/.agentic-security/findings.json +0 -80
package/src/report/.agentic-security/last-scan.json +0 -80
package/src/report/.agentic-security/last-scan.json.sig +0 -1
package/src/report/.agentic-security/scan-history.json +0 -35
package/src/report/.agentic-security/streak.json +0 -22
package/src/sast/.agentic-security/findings.json +0 -5190
package/src/sast/.agentic-security/last-scan.json +0 -5190
package/src/sast/.agentic-security/last-scan.json.sig +0 -1
package/src/sast/.agentic-security/scan-history.json +0 -408
package/src/sast/.agentic-security/streak.json +0 -20
package/src/sca/.agentic-security/findings.json +0 -1587
package/src/sca/.agentic-security/last-scan.json +0 -1587
package/src/sca/.agentic-security/last-scan.json.sig +0 -1
package/src/sca/.agentic-security/scan-history.json +0 -36
package/src/sca/.agentic-security/streak.json +0 -21

package/src/sast/.agentic-security/last-scan.json.sig DELETED Viewed

	@@ -1 +0,0 @@
1	- 411dd662c96624bcc85746b90c2d1a487fd15e7da71fe116cb3d8e548071a588

package/src/sast/.agentic-security/scan-history.json DELETED Viewed

@@ -1,408 +0,0 @@
-[
-  {
-    "timestamp": "2026-05-26T16:30:07.351Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-26T16:34:28.797Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T01:10:20.082Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T03:05:16.971Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T03:18:22.550Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:09:50.637Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:10:10.121Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:12:25.348Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:17:13.165Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:21:04.965Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:21:46.189Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:24:34.687Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:43:08.807Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T09:43:30.205Z",
-    "label": "scan",
-    "total": 17,
-    "critical": 0,
-    "high": 0,
-    "medium": 2,
-    "low": 15,
-    "kev": 0,
-    "ids": [
-      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
-      "client-side:CLIENT_EVAL:client-side.js:135",
-      "client-side:CLIENT_EVAL:client-side.js:139",
-      "client-side:CLIENT_EVAL:client-side.js:140",
-      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
-      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
-      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
-      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
-      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "spec-drift:rate-limit-impl:rate-limit.js:34",
-      "spec-drift:rate-limit-impl:rate-limit.js:77",
-      "ssrf-meta-hardcoded:go-extended.js:39",
-      "ssrf-meta-hardcoded:python-sinks.js:186",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
-      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
-      "zip-slip:zip-slip.js:192:node-entry"
-    ]
-  }
-]

package/src/sast/.agentic-security/streak.json DELETED Viewed

@@ -1,20 +0,0 @@
-{
-  "firstScanDate": "2026-05-26T16:30:07.386Z",
-  "lastScanDate": "2026-05-27T09:43:30.233Z",
-  "totalScans": 14,
-  "daysCleanCritical": 2,
-  "lastCleanDate": "2026-05-27",
-  "lastCriticalDate": null,
-  "hasEverHadCritical": false,
-  "bestDaysCleanCritical": 2,
-  "totalFindingsAtFirstScan": 27,
-  "totalFindingsAtLastScan": 28,
-  "totalFixesInferred": 0,
-  "lastGrade": "A-",
-  "bestGrade": "A-",
-  "launchCheckPassedAt": null,
-  "achievements": [
-    "first-scan"
-  ],
-  "previousGrade": "A-"
-}