agentaudit 3.10.8 → 3.10.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/cli.mjs +6 -1
  2. package/index.mjs +5 -1
  3. package/package.json +1 -1
package/cli.mjs CHANGED
@@ -1970,7 +1970,12 @@ async function auditRepo(url) {
1970
1970
  ).digest('hex');
1971
1971
  // Code-based type detection (uses files array in memory + repoPath for context)
1972
1972
  const pkgInfo = detectPackageInfo(repoPath, files);
1973
- const detectedType = pkgInfo.type === 'unknown' ? 'other' : pkgInfo.type;
1973
+ // Known MCP frameworks are libraries, not servers (they contain MCP patterns but ARE the SDK)
1974
+ const KNOWN_MCP_LIBS = new Set(['fastmcp', 'jlowin-fastmcp', 'mcp-go', 'fastapi-mcp', 'fastapi_mcp', 'mcp-use', 'mcp-agent']);
1975
+ const KNOWN_CLI = new Set(['mcp-cli', 'mcp-scan', 'inspector']);
1976
+ let detectedType = pkgInfo.type === 'unknown' ? 'other' : pkgInfo.type;
1977
+ if (KNOWN_MCP_LIBS.has(slug)) detectedType = 'library';
1978
+ if (KNOWN_CLI.has(slug)) detectedType = 'cli-tool';
1974
1979
 
1975
1980
  // Cleanup repo (safe now — provenance data captured above)
1976
1981
  try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch {}
package/index.mjs CHANGED
@@ -457,7 +457,11 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
457
457
 
458
458
  // Compute provenance data
459
459
  const pkgInfo = detectPackageInfo(repoPath, files);
460
- const detectedType = pkgInfo.type === 'unknown' ? 'other' : pkgInfo.type;
460
+ const KNOWN_MCP_LIBS = new Set(['fastmcp', 'jlowin-fastmcp', 'mcp-go', 'fastapi-mcp', 'fastapi_mcp', 'mcp-use', 'mcp-agent']);
461
+ const KNOWN_CLI = new Set(['mcp-cli', 'mcp-scan', 'inspector']);
462
+ let detectedType = pkgInfo.type === 'unknown' ? 'other' : pkgInfo.type;
463
+ if (KNOWN_MCP_LIBS.has(slug)) detectedType = 'library';
464
+ if (KNOWN_CLI.has(slug)) detectedType = 'cli-tool';
461
465
  let commitSha = '';
462
466
  try { commitSha = execSync('git rev-parse HEAD', { cwd: repoPath, encoding: 'utf8' }).trim(); } catch {}
463
467
  const hashInput = files.slice().sort((a, b) => a.path.localeCompare(b.path))
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agentaudit",
3
- "version": "3.10.8",
3
+ "version": "3.10.9",
4
4
  "description": "Security scanner for AI packages — MCP server + CLI",
5
5
  "type": "module",
6
6
  "bin": {