@sigildev/sigil 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +2 -2
  3. package/dist/index.js +1 -1
  4. package/dist/scanner.js +1 -1
  5. package/package.json +2 -2
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2026 mcp-scanner contributors
3
+ Copyright (c) 2026 sigil contributors
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -9,7 +9,7 @@ Deep static security analysis for MCP servers. Finds command injection, path tra
9
9
 
10
10
  ## The Problem
11
11
 
12
- MCP servers are the bridge between AI agents and the real world — file systems, databases, APIs, shell commands. They're also largely unaudited. Studies of MCP implementations found **43% vulnerable to command injection**, **82% using file operations prone to path traversal**, and **5.5% with active tool poisoning** in their descriptions. Existing scanners check tool descriptions and metadata. They don't read the source code. sigil does.
12
+ MCP servers are the bridge between AI agents and the real world — file systems, databases, APIs, shell commands. They're also largely unaudited. Studies of MCP implementations found **34% using APIs prone to command injection**, **82% using file operations prone to path traversal**, and **5.5% with active tool poisoning** in their descriptions. Existing scanners check tool descriptions and metadata. They don't read the source code. sigil does.
13
13
 
14
14
  ## What sigil Does
15
15
 
@@ -234,7 +234,7 @@ Contributions welcome. Areas where help is needed:
234
234
  - **Real-world validation** — Run the scanner on your MCP servers and share results (with permission).
235
235
 
236
236
  ```bash
237
- git clone https://github.com/sigil/sigil
237
+ git clone https://github.com/sigildev/sigil
238
238
  cd sigil
239
239
  npm install
240
240
  npm test
package/dist/index.js CHANGED
@@ -8,7 +8,7 @@ const program = new Command();
8
8
  program
9
9
  .name("sigil")
10
10
  .description("Security scanner for MCP (Model Context Protocol) servers")
11
- .version("0.1.1")
11
+ .version("0.1.3")
12
12
  .argument("<target>", "Path to MCP server directory, file, or config")
13
13
  .option("-o, --output <format>", "Output format: text, json, sarif", "text")
14
14
  .option("-s, --severity <level>", "Minimum severity to report: low, medium, high, critical", "low")
package/dist/scanner.js CHANGED
@@ -6,7 +6,7 @@ import { parseManifest } from "./discovery/manifest.js";
6
6
  import { parseConfig } from "./discovery/config-parser.js";
7
7
  import { rules } from "./rules/index.js";
8
8
  import { detectVulnerableDeps } from "./rules/deps.js";
9
- const PKG_VERSION = "0.1.1";
9
+ const PKG_VERSION = "0.1.3";
10
10
  const SEVERITY_ORDER = {
11
11
  critical: 0,
12
12
  high: 1,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sigildev/sigil",
3
- "version": "0.1.1",
3
+ "version": "0.1.3",
4
4
  "description": "Security scanner for MCP (Model Context Protocol) servers — static analysis, trust scoring, and vulnerability detection",
5
5
  "type": "module",
6
6
  "bin": {
@@ -8,7 +8,7 @@
8
8
  },
9
9
  "repository": {
10
10
  "type": "git",
11
- "url": "git+https://github.com/sigil-security/sigil.git"
11
+ "url": "git+https://github.com/sigildev/sigil.git"
12
12
  },
13
13
  "main": "./dist/scanner.js",
14
14
  "types": "./dist/scanner.d.ts",