@sigildev/sigil 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/dist/index.js +1 -1
  3. package/dist/scanner.js +1 -1
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -9,7 +9,7 @@ Deep static security analysis for MCP servers. Finds command injection, path tra
9
9
 
10
10
  ## The Problem
11
11
 
12
- MCP servers are the bridge between AI agents and the real world — file systems, databases, APIs, shell commands. They're also largely unaudited. Studies of MCP implementations found **43% vulnerable to command injection**, **82% using file operations prone to path traversal**, and **5.5% with active tool poisoning** in their descriptions. Existing scanners check tool descriptions and metadata. They don't read the source code. sigil does.
12
+ MCP servers are the bridge between AI agents and the real world — file systems, databases, APIs, shell commands. They're also largely unaudited. Studies of MCP implementations found **34% using APIs prone to command injection**, **82% using file operations prone to path traversal**, and **5.5% with active tool poisoning** in their descriptions. Existing scanners check tool descriptions and metadata. They don't read the source code. sigil does.
13
13
 
14
14
  ## What sigil Does
15
15
 
package/dist/index.js CHANGED
@@ -8,7 +8,7 @@ const program = new Command();
8
8
  program
9
9
  .name("sigil")
10
10
  .description("Security scanner for MCP (Model Context Protocol) servers")
11
- .version("0.1.2")
11
+ .version("0.1.3")
12
12
  .argument("<target>", "Path to MCP server directory, file, or config")
13
13
  .option("-o, --output <format>", "Output format: text, json, sarif", "text")
14
14
  .option("-s, --severity <level>", "Minimum severity to report: low, medium, high, critical", "low")
package/dist/scanner.js CHANGED
@@ -6,7 +6,7 @@ import { parseManifest } from "./discovery/manifest.js";
6
6
  import { parseConfig } from "./discovery/config-parser.js";
7
7
  import { rules } from "./rules/index.js";
8
8
  import { detectVulnerableDeps } from "./rules/deps.js";
9
- const PKG_VERSION = "0.1.2";
9
+ const PKG_VERSION = "0.1.3";
10
10
  const SEVERITY_ORDER = {
11
11
  critical: 0,
12
12
  high: 1,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sigildev/sigil",
3
- "version": "0.1.2",
3
+ "version": "0.1.3",
4
4
  "description": "Security scanner for MCP (Model Context Protocol) servers — static analysis, trust scoring, and vulnerability detection",
5
5
  "type": "module",
6
6
  "bin": {