agent-security-scanner-mcp 4.4.0 → 4.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/tools/scan-project.js +28 -6
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-security-scanner-mcp",
|
|
3
|
-
"version": "4.4.
|
|
3
|
+
"version": "4.4.2",
|
|
4
4
|
"mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
|
|
5
5
|
"description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
|
|
6
6
|
"main": "index.js",
|
|
@@ -24,6 +24,30 @@ const SCANNABLE_EXTENSIONS = new Set([
|
|
|
24
24
|
'.tf', '.hcl', '.sql',
|
|
25
25
|
]);
|
|
26
26
|
|
|
27
|
+
// Directories pruned during the walk: VCS metadata, dependency trees, build
|
|
28
|
+
// artifacts, language/tool caches, and editor state. Hidden entries are NOT
|
|
29
|
+
// blanket-skipped — only names in this denylist are pruned — so that
|
|
30
|
+
// security-relevant dotpaths (e.g. .github/workflows) are still traversed.
|
|
31
|
+
const SKIP_DIRECTORIES = new Set([
|
|
32
|
+
// VCS metadata
|
|
33
|
+
'.git', '.svn', '.hg', '.bzr',
|
|
34
|
+
// Dependencies / package trees
|
|
35
|
+
'node_modules', 'vendor', 'bower_components',
|
|
36
|
+
// Build / output artifacts
|
|
37
|
+
'dist', 'build', 'out', 'target', 'coverage',
|
|
38
|
+
// Python environments and caches
|
|
39
|
+
'__pycache__', 'venv', 'env', '.venv',
|
|
40
|
+
'.tox', '.nox', '.pytest_cache', '.mypy_cache', '.ruff_cache', '.hypothesis',
|
|
41
|
+
// JS/TS framework and tooling caches
|
|
42
|
+
'.next', '.nuxt', '.svelte-kit', '.turbo', '.parcel-cache', '.cache',
|
|
43
|
+
// Package-manager caches
|
|
44
|
+
'.yarn', '.pnpm-store', '.bundle', '.cargo', '.gradle',
|
|
45
|
+
// Editor / IDE state
|
|
46
|
+
'.idea', '.vscode', '.vs',
|
|
47
|
+
// IaC state
|
|
48
|
+
'.terraform',
|
|
49
|
+
]);
|
|
50
|
+
|
|
27
51
|
// Parse .gitignore into patterns
|
|
28
52
|
function parseGitignore(dirPath) {
|
|
29
53
|
const gitignorePath = join(dirPath, '.gitignore');
|
|
@@ -64,9 +88,6 @@ function walkDirectory(dirPath, options = {}) {
|
|
|
64
88
|
}
|
|
65
89
|
|
|
66
90
|
for (const entry of entries) {
|
|
67
|
-
// Skip hidden directories/files
|
|
68
|
-
if (entry.startsWith('.')) continue;
|
|
69
|
-
|
|
70
91
|
const fullPath = join(currentDir, entry);
|
|
71
92
|
const relativePath = relative(dirPath, fullPath);
|
|
72
93
|
|
|
@@ -78,9 +99,10 @@ function walkDirectory(dirPath, options = {}) {
|
|
|
78
99
|
}
|
|
79
100
|
|
|
80
101
|
if (stat.isDirectory()) {
|
|
81
|
-
//
|
|
82
|
-
|
|
83
|
-
|
|
102
|
+
// Prune known heavy/internal dirs (incl. hidden ones like .git), but
|
|
103
|
+
// do not blanket-skip every dotdir — security-relevant paths such as
|
|
104
|
+
// .github/workflows must still be walked.
|
|
105
|
+
if (SKIP_DIRECTORIES.has(entry)) continue;
|
|
84
106
|
|
|
85
107
|
// Skip gitignored directories
|
|
86
108
|
if (isGitignored(relativePath, gitignorePatterns)) continue;
|