agent-security-scanner-mcp 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +18 -11
- package/package.json +1 -1
- package/server.json +1 -1
package/index.js
CHANGED
|
@@ -1890,8 +1890,11 @@ async function runInit(flags) {
|
|
|
1890
1890
|
fileExisted = true;
|
|
1891
1891
|
const rawContent = readFileSync(configPath, 'utf-8');
|
|
1892
1892
|
try {
|
|
1893
|
-
//
|
|
1894
|
-
|
|
1893
|
+
// For JSONC files, strip comments (but only for .jsonc files to avoid breaking URLs with //)
|
|
1894
|
+
let stripped = rawContent;
|
|
1895
|
+
if (configPath.endsWith('.jsonc')) {
|
|
1896
|
+
stripped = rawContent.replace(/\/\/.*$/gm, '').replace(/\/\*[\s\S]*?\*\//g, '');
|
|
1897
|
+
}
|
|
1895
1898
|
config = JSON.parse(stripped);
|
|
1896
1899
|
} catch (e) {
|
|
1897
1900
|
console.error(` ERROR: Invalid JSON in ${configPath}`);
|
|
@@ -2097,7 +2100,11 @@ async function runDoctor(flags) {
|
|
|
2097
2100
|
let config;
|
|
2098
2101
|
try {
|
|
2099
2102
|
const raw = readFileSync(configPath, 'utf-8');
|
|
2100
|
-
|
|
2103
|
+
// Only strip comments for .jsonc files (avoid breaking URLs with //)
|
|
2104
|
+
let stripped = raw;
|
|
2105
|
+
if (configPath.endsWith('.jsonc')) {
|
|
2106
|
+
stripped = raw.replace(/\/\/.*$/gm, '').replace(/\/\*[\s\S]*?\*\//g, '');
|
|
2107
|
+
}
|
|
2101
2108
|
config = JSON.parse(stripped);
|
|
2102
2109
|
} catch (e) {
|
|
2103
2110
|
console.log(` \u2717 ${client.name.padEnd(20)} invalid JSON in config`);
|
|
@@ -2164,28 +2171,28 @@ const DEMO_TEMPLATES = {
|
|
|
2164
2171
|
js: {
|
|
2165
2172
|
ext: 'js',
|
|
2166
2173
|
name: 'JavaScript',
|
|
2167
|
-
code: `const
|
|
2168
|
-
|
|
2169
|
-
const express = require("express");
|
|
2174
|
+
code: `const express = require("express");
|
|
2175
|
+
const child_process = require("child_process");
|
|
2170
2176
|
const app = express();
|
|
2171
2177
|
|
|
2178
|
+
// SQL Injection vulnerability
|
|
2172
2179
|
app.get("/user", (req, res) => {
|
|
2173
2180
|
const userId = req.query.id;
|
|
2174
|
-
|
|
2175
|
-
db.query(query, (err, result) => {
|
|
2181
|
+
db.query("SELECT * FROM users WHERE id = " + userId, (err, result) => {
|
|
2176
2182
|
res.send(result);
|
|
2177
2183
|
});
|
|
2178
2184
|
});
|
|
2179
2185
|
|
|
2186
|
+
// XSS vulnerability
|
|
2180
2187
|
app.get("/profile", (req, res) => {
|
|
2181
2188
|
const name = req.query.name;
|
|
2182
|
-
|
|
2189
|
+
document.getElementById("welcome").innerHTML = name;
|
|
2183
2190
|
});
|
|
2184
2191
|
|
|
2192
|
+
// Command Injection vulnerability
|
|
2185
2193
|
app.get("/run", (req, res) => {
|
|
2186
2194
|
const cmd = req.query.cmd;
|
|
2187
|
-
|
|
2188
|
-
exec(cmd, (err, stdout) => {
|
|
2195
|
+
child_process.exec("ls " + cmd, (err, stdout) => {
|
|
2189
2196
|
res.send(stdout);
|
|
2190
2197
|
});
|
|
2191
2198
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-security-scanner-mcp",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.4",
|
|
4
4
|
"mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
|
|
5
5
|
"description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 359 vulnerability rules with auto-fix. For Claude Code, Cursor, Windsurf, Cline.",
|
|
6
6
|
"main": "index.js",
|
package/server.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
|
|
3
3
|
"name": "io.github.sinewaveai/agent-security-scanner-mcp",
|
|
4
4
|
"description": "MCP security scanner with prompt injection firewall, package hallucination detection, and auto-fix.",
|
|
5
|
-
"version": "2.0.
|
|
5
|
+
"version": "2.0.4",
|
|
6
6
|
"transport": "stdio",
|
|
7
7
|
"registry": "npm"
|
|
8
8
|
}
|