agentaudit 3.9.1 → 3.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +82 -10
- package/index.mjs +7 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -46,22 +46,26 @@ It checks packages against the [AgentAudit Trust Registry](https://agentaudit.de
|
|
|
46
46
|
|
|
47
47
|
## 🚀 Quick Start
|
|
48
48
|
|
|
49
|
+
<p align="center">
|
|
50
|
+
<img src="docs/cli-screenshot.png" alt="AgentAudit CLI — discover and scan" width="700">
|
|
51
|
+
</p>
|
|
52
|
+
|
|
49
53
|
### Option A: CLI (recommended)
|
|
50
54
|
|
|
51
55
|
```bash
|
|
52
|
-
# Install globally
|
|
56
|
+
# Install globally (or use npx agentaudit)
|
|
53
57
|
npm install -g agentaudit
|
|
54
58
|
|
|
55
|
-
# Discover MCP servers in your AI editors
|
|
59
|
+
# Discover MCP servers configured in your AI editors
|
|
56
60
|
agentaudit
|
|
57
61
|
|
|
58
|
-
# Quick scan
|
|
62
|
+
# Quick scan — clones repo, checks code with regex patterns (~2s)
|
|
59
63
|
agentaudit scan https://github.com/owner/repo
|
|
60
64
|
|
|
61
|
-
# Deep LLM-
|
|
65
|
+
# Deep audit — clones repo, sends code to LLM for 3-pass analysis (~30s)
|
|
62
66
|
agentaudit audit https://github.com/owner/repo
|
|
63
67
|
|
|
64
|
-
#
|
|
68
|
+
# Registry lookup — check if a package has been audited before (no cloning)
|
|
65
69
|
agentaudit lookup fastmcp
|
|
66
70
|
```
|
|
67
71
|
|
|
@@ -84,11 +88,42 @@ agentaudit lookup fastmcp
|
|
|
84
88
|
Looking for general package scanning? Try `pip audit` or `npm audit`.
|
|
85
89
|
```
|
|
86
90
|
|
|
87
|
-
### Option B: MCP Server in your editor
|
|
91
|
+
### Option B: MCP Server in your AI editor
|
|
92
|
+
|
|
93
|
+
Add AgentAudit as an MCP server — your AI agent can then discover, scan, and audit packages using its own LLM. **No extra API key needed.**
|
|
94
|
+
|
|
95
|
+
<details>
|
|
96
|
+
<summary><strong>Claude Desktop</strong> — <code>~/.claude/mcp.json</code></summary>
|
|
97
|
+
|
|
98
|
+
```json
|
|
99
|
+
{
|
|
100
|
+
"mcpServers": {
|
|
101
|
+
"agentaudit": {
|
|
102
|
+
"command": "npx",
|
|
103
|
+
"args": ["-y", "agentaudit"]
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
```
|
|
108
|
+
</details>
|
|
109
|
+
|
|
110
|
+
<details>
|
|
111
|
+
<summary><strong>Cursor</strong> — <code>.cursor/mcp.json</code> (project) or <code>~/.cursor/mcp.json</code> (global)</summary>
|
|
88
112
|
|
|
89
|
-
|
|
113
|
+
```json
|
|
114
|
+
{
|
|
115
|
+
"mcpServers": {
|
|
116
|
+
"agentaudit": {
|
|
117
|
+
"command": "npx",
|
|
118
|
+
"args": ["-y", "agentaudit"]
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
```
|
|
123
|
+
</details>
|
|
90
124
|
|
|
91
|
-
|
|
125
|
+
<details>
|
|
126
|
+
<summary><strong>Windsurf</strong> — <code>~/.codeium/windsurf/mcp_config.json</code></summary>
|
|
92
127
|
|
|
93
128
|
```json
|
|
94
129
|
{
|
|
@@ -100,8 +135,10 @@ Add to your MCP config:
|
|
|
100
135
|
}
|
|
101
136
|
}
|
|
102
137
|
```
|
|
138
|
+
</details>
|
|
103
139
|
|
|
104
|
-
|
|
140
|
+
<details>
|
|
141
|
+
<summary><strong>VS Code</strong> — <code>.vscode/mcp.json</code></summary>
|
|
105
142
|
|
|
106
143
|
```json
|
|
107
144
|
{
|
|
@@ -113,8 +150,43 @@ Add to your MCP config:
|
|
|
113
150
|
}
|
|
114
151
|
}
|
|
115
152
|
```
|
|
153
|
+
</details>
|
|
154
|
+
|
|
155
|
+
<details>
|
|
156
|
+
<summary><strong>Continue.dev</strong> — <code>~/.continue/config.json</code></summary>
|
|
157
|
+
|
|
158
|
+
Add to the `mcpServers` section of your existing config:
|
|
159
|
+
```json
|
|
160
|
+
{
|
|
161
|
+
"mcpServers": [
|
|
162
|
+
{
|
|
163
|
+
"name": "agentaudit",
|
|
164
|
+
"command": "npx",
|
|
165
|
+
"args": ["-y", "agentaudit"]
|
|
166
|
+
}
|
|
167
|
+
]
|
|
168
|
+
}
|
|
169
|
+
```
|
|
170
|
+
</details>
|
|
171
|
+
|
|
172
|
+
<details>
|
|
173
|
+
<summary><strong>Zed</strong> — <code>~/.config/zed/settings.json</code></summary>
|
|
174
|
+
|
|
175
|
+
```json
|
|
176
|
+
{
|
|
177
|
+
"context_servers": {
|
|
178
|
+
"agentaudit": {
|
|
179
|
+
"command": {
|
|
180
|
+
"path": "npx",
|
|
181
|
+
"args": ["-y", "agentaudit"]
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
```
|
|
187
|
+
</details>
|
|
116
188
|
|
|
117
|
-
|
|
189
|
+
Then ask your agent: *"Check which MCP servers I have installed and audit any unaudited ones."*
|
|
118
190
|
|
|
119
191
|
---
|
|
120
192
|
|
package/index.mjs
CHANGED
|
@@ -268,9 +268,14 @@ async function checkRegistry(slug) {
|
|
|
268
268
|
|
|
269
269
|
// ── MCP Server ───────────────────────────────────────────
|
|
270
270
|
|
|
271
|
+
const pkg = JSON.parse(fs.readFileSync(new URL('./package.json', import.meta.url), 'utf8'));
|
|
272
|
+
|
|
271
273
|
const server = new Server(
|
|
272
|
-
{ name: 'agentaudit', version:
|
|
273
|
-
{
|
|
274
|
+
{ name: 'agentaudit', version: pkg.version },
|
|
275
|
+
{
|
|
276
|
+
capabilities: { tools: {} },
|
|
277
|
+
instructions: 'AgentAudit — Security scanner for AI packages. Use discover_servers to find MCP servers in editor configs, check_package for registry lookups, audit_package for deep LLM-powered code analysis, and submit_report to upload findings.',
|
|
278
|
+
}
|
|
274
279
|
);
|
|
275
280
|
|
|
276
281
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|