npm - agentaudit - Versions diffs - 3.13.2 → 3.13.3 - Mend

agentaudit 3.13.2 → 3.13.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli.mjs +17 -3
package/package.json +1 -1

package/cli.mjs CHANGED Viewed

@@ -3688,12 +3688,17 @@ async function auditRepo(url) {
   if (modelNames.length === 1) {
     activeLlm = resolveModel(modelNames[0]);
   } else {
-    activeLlm = resolveProvider();
     // Model override: --model flag > AGENTAUDIT_MODEL env > credentials.json > provider default
     const modelArgIdx2 = process.argv.indexOf('--model');
     const modelFlag2 = modelArgIdx2 !== -1 ? process.argv[modelArgIdx2 + 1] : null;
     const modelOverride = modelFlag2 || process.env.AGENTAUDIT_MODEL || loadLlmConfig()?.llm_model || null;
-    if (activeLlm && modelOverride) activeLlm.model = modelOverride;
+    if (modelOverride) {
+      // Route through resolveModel() so slash-models go to OpenRouter, prefixes to native providers
+      activeLlm = resolveModel(modelOverride);
+    }
+    if (!activeLlm) {
+      activeLlm = resolveProvider();
+    }
   }
   if (!activeLlm) {
@@ -6313,7 +6318,16 @@ async function main() {
   }
   if (command === 'audit') {
-    const urls = targets.filter(t => !t.startsWith('--'));
+    // Extract URLs: skip option flags and their values
+    const optionsWithValues = new Set(['--model', '--verify', '--format', '--models']);
+    const urls = [];
+    for (let i = 0; i < targets.length; i++) {
+      if (targets[i].startsWith('--')) {
+        if (optionsWithValues.has(targets[i]) && i + 1 < targets.length) i++; // skip next (value)
+        continue;
+      }
+      urls.push(targets[i]);
+    }
     if (urls.length === 0) {
       console.log(`  ${c.red}Error: at least one repository URL required${c.reset}`);
       console.log(`  ${c.dim}Usage: ${c.cyan}agentaudit audit <url>${c.dim} — e.g. agentaudit audit https://github.com/owner/repo${c.reset}`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.13.2",
+  "version": "3.13.3",
   "description": "Security scanner for AI agent packages — CLI + MCP server",
   "type": "module",
   "bin": {