agentaudit 3.10.7 → 3.10.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +7 -2
- package/index.mjs +6 -2
- package/package.json +1 -1
package/cli.mjs
CHANGED
|
@@ -879,7 +879,7 @@ function detectPackageInfo(repoPath, files) {
|
|
|
879
879
|
|
|
880
880
|
// Detect package type
|
|
881
881
|
const allContent = files.map(f => f.content).join('\n');
|
|
882
|
-
if (allContent.includes('
|
|
882
|
+
if (allContent.includes('modelcontextprotocol') || allContent.includes('FastMCP') || allContent.includes('mcp.server') || allContent.includes('mcp_server') || allContent.includes('mcp-go')) {
|
|
883
883
|
info.type = 'mcp-server';
|
|
884
884
|
} else if (files.some(f => f.path.toLowerCase() === 'skill.md')) {
|
|
885
885
|
info.type = 'agent-skill';
|
|
@@ -1970,7 +1970,12 @@ async function auditRepo(url) {
|
|
|
1970
1970
|
).digest('hex');
|
|
1971
1971
|
// Code-based type detection (uses files array in memory + repoPath for context)
|
|
1972
1972
|
const pkgInfo = detectPackageInfo(repoPath, files);
|
|
1973
|
-
|
|
1973
|
+
// Known MCP frameworks are libraries, not servers (they contain MCP patterns but ARE the SDK)
|
|
1974
|
+
const KNOWN_MCP_LIBS = new Set(['fastmcp', 'jlowin-fastmcp', 'mcp-go', 'fastapi-mcp', 'fastapi_mcp', 'mcp-use', 'mcp-agent']);
|
|
1975
|
+
const KNOWN_CLI = new Set(['mcp-cli', 'mcp-scan', 'inspector']);
|
|
1976
|
+
let detectedType = pkgInfo.type === 'unknown' ? 'other' : pkgInfo.type;
|
|
1977
|
+
if (KNOWN_MCP_LIBS.has(slug)) detectedType = 'library';
|
|
1978
|
+
if (KNOWN_CLI.has(slug)) detectedType = 'cli-tool';
|
|
1974
1979
|
|
|
1975
1980
|
// Cleanup repo (safe now — provenance data captured above)
|
|
1976
1981
|
try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch {}
|
package/index.mjs
CHANGED
|
@@ -134,7 +134,7 @@ function collectFiles(dir, basePath = '', collected = [], totalSize = { bytes: 0
|
|
|
134
134
|
function detectPackageInfo(repoPath, files) {
|
|
135
135
|
const info = { type: 'unknown' };
|
|
136
136
|
const allContent = files.map(f => f.content).join('\n');
|
|
137
|
-
if (allContent.includes('
|
|
137
|
+
if (allContent.includes('modelcontextprotocol') || allContent.includes('FastMCP') || allContent.includes('mcp.server') || allContent.includes('mcp_server') || allContent.includes('mcp-go')) {
|
|
138
138
|
info.type = 'mcp-server';
|
|
139
139
|
} else if (files.some(f => f.path.toLowerCase() === 'skill.md')) {
|
|
140
140
|
info.type = 'agent-skill';
|
|
@@ -457,7 +457,11 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
457
457
|
|
|
458
458
|
// Compute provenance data
|
|
459
459
|
const pkgInfo = detectPackageInfo(repoPath, files);
|
|
460
|
-
const
|
|
460
|
+
const KNOWN_MCP_LIBS = new Set(['fastmcp', 'jlowin-fastmcp', 'mcp-go', 'fastapi-mcp', 'fastapi_mcp', 'mcp-use', 'mcp-agent']);
|
|
461
|
+
const KNOWN_CLI = new Set(['mcp-cli', 'mcp-scan', 'inspector']);
|
|
462
|
+
let detectedType = pkgInfo.type === 'unknown' ? 'other' : pkgInfo.type;
|
|
463
|
+
if (KNOWN_MCP_LIBS.has(slug)) detectedType = 'library';
|
|
464
|
+
if (KNOWN_CLI.has(slug)) detectedType = 'cli-tool';
|
|
461
465
|
let commitSha = '';
|
|
462
466
|
try { commitSha = execSync('git rev-parse HEAD', { cwd: repoPath, encoding: 'utf8' }).trim(); } catch {}
|
|
463
467
|
const hashInput = files.slice().sort((a, b) => a.path.localeCompare(b.path))
|