@sigildev/sigil 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +6 -6
- package/dist/index.js +1 -1
- package/dist/scanner.js +1 -1
- package/package.json +2 -2
package/LICENSE
CHANGED
package/README.md
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Deep static security analysis for MCP servers. Finds command injection, path traversal, tool poisoning, credential leaks, and 12 other vulnerability classes — source code analysis that goes beyond description scanning.
|
|
4
4
|
|
|
5
5
|
[](LICENSE)
|
|
6
|
-
[](https://www.npmjs.com/package/sigil)
|
|
6
|
+
[](https://www.npmjs.com/package/@sigildev/sigil)
|
|
7
7
|
|
|
8
8
|
---
|
|
9
9
|
|
|
@@ -20,7 +20,7 @@ MCP servers are the bridge between AI agents and the real world — file systems
|
|
|
20
20
|
## Quick Start
|
|
21
21
|
|
|
22
22
|
```bash
|
|
23
|
-
npx sigil .
|
|
23
|
+
npx @sigildev/sigil .
|
|
24
24
|
```
|
|
25
25
|
|
|
26
26
|
```
|
|
@@ -68,13 +68,13 @@ npx sigil .
|
|
|
68
68
|
|
|
69
69
|
```bash
|
|
70
70
|
# Run without installing
|
|
71
|
-
npx sigil .
|
|
71
|
+
npx @sigildev/sigil .
|
|
72
72
|
|
|
73
73
|
# Install globally
|
|
74
|
-
npm install -g sigil
|
|
74
|
+
npm install -g @sigildev/sigil
|
|
75
75
|
|
|
76
76
|
# Install as dev dependency
|
|
77
|
-
npm install -D sigil
|
|
77
|
+
npm install -D @sigildev/sigil
|
|
78
78
|
```
|
|
79
79
|
|
|
80
80
|
## Usage
|
|
@@ -234,7 +234,7 @@ Contributions welcome. Areas where help is needed:
|
|
|
234
234
|
- **Real-world validation** — Run the scanner on your MCP servers and share results (with permission).
|
|
235
235
|
|
|
236
236
|
```bash
|
|
237
|
-
git clone https://github.com/
|
|
237
|
+
git clone https://github.com/sigildev/sigil
|
|
238
238
|
cd sigil
|
|
239
239
|
npm install
|
|
240
240
|
npm test
|
package/dist/index.js
CHANGED
|
@@ -8,7 +8,7 @@ const program = new Command();
|
|
|
8
8
|
program
|
|
9
9
|
.name("sigil")
|
|
10
10
|
.description("Security scanner for MCP (Model Context Protocol) servers")
|
|
11
|
-
.version("0.1.
|
|
11
|
+
.version("0.1.2")
|
|
12
12
|
.argument("<target>", "Path to MCP server directory, file, or config")
|
|
13
13
|
.option("-o, --output <format>", "Output format: text, json, sarif", "text")
|
|
14
14
|
.option("-s, --severity <level>", "Minimum severity to report: low, medium, high, critical", "low")
|
package/dist/scanner.js
CHANGED
|
@@ -6,7 +6,7 @@ import { parseManifest } from "./discovery/manifest.js";
|
|
|
6
6
|
import { parseConfig } from "./discovery/config-parser.js";
|
|
7
7
|
import { rules } from "./rules/index.js";
|
|
8
8
|
import { detectVulnerableDeps } from "./rules/deps.js";
|
|
9
|
-
const PKG_VERSION = "0.1.
|
|
9
|
+
const PKG_VERSION = "0.1.2";
|
|
10
10
|
const SEVERITY_ORDER = {
|
|
11
11
|
critical: 0,
|
|
12
12
|
high: 1,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sigildev/sigil",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Security scanner for MCP (Model Context Protocol) servers — static analysis, trust scoring, and vulnerability detection",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
},
|
|
9
9
|
"repository": {
|
|
10
10
|
"type": "git",
|
|
11
|
-
"url": "git+https://github.com/
|
|
11
|
+
"url": "git+https://github.com/sigildev/sigil.git"
|
|
12
12
|
},
|
|
13
13
|
"main": "./dist/scanner.js",
|
|
14
14
|
"types": "./dist/scanner.d.ts",
|