npm - agentaudit - Versions diffs - 3.9.13 → 3.9.15 - Mend

agentaudit 3.9.13 → 3.9.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,5 +1,9 @@
 <div align="center">
+<img src="https://www.agentaudit.dev/banner-chameleon.png" alt="AgentAudit -- Security scanner for AI packages" width="100%">
+<br>
 # 🛡️ AgentAudit
 **Security scanner for AI packages — MCP server + CLI**
@@ -7,6 +11,7 @@
 Scan MCP servers, AI skills, and packages for vulnerabilities, prompt injection,
 and supply chain attacks. Powered by regex static analysis and deep LLM audits.
+[![AgentAudit](https://www.agentaudit.dev/api/badge/agentaudit-mcp)](https://www.agentaudit.dev/skills/agentaudit-mcp)
 [![npm version](https://img.shields.io/npm/v/agentaudit?style=for-the-badge&color=CB3837&logo=npm)](https://www.npmjs.com/package/agentaudit)
 [![Trust Registry](https://img.shields.io/badge/Trust_Registry-Live-00C853?style=for-the-badge)](https://agentaudit.dev)
 [![License](https://img.shields.io/badge/License-AGPL_3.0-F9A825?style=for-the-badge)](LICENSE)
@@ -501,13 +506,15 @@ It checks standard config file locations for Claude Desktop, Cursor, VS Code, an
 ---
-## 🔗 Related Links
+## 🔗 Related
-- **Trust Registry**: [agentaudit.dev](https://agentaudit.dev)
-- **Leaderboard**: [agentaudit.dev/leaderboard](https://agentaudit.dev/leaderboard)
-- **Agent Skill**: [github.com/starbuck100/agentaudit-skill](https://github.com/starbuck100/agentaudit-skill) — Full agent skill with pre-install security gate, detection patterns & peer review system
-- **MCP Server Repository**: [github.com/starbuck100/agentaudit-mcp](https://github.com/starbuck100/agentaudit-mcp)
-- **Report Issues**: [GitHub Issues](https://github.com/starbuck100/agentaudit-mcp/issues)
+| | Project | Description |
+|---|---------|-------------|
+| 🌐 | [agentaudit.dev](https://agentaudit.dev) | Trust Registry -- browse packages, findings, leaderboard |
+| 🛡️ | [agentaudit-skill](https://github.com/starbuck100/agentaudit-skill) | Agent Skill -- pre-install security gate for Claude Code, Cursor, Windsurf |
+| ⚡ | [agentaudit-github-action](https://github.com/ecap0-ai/agentaudit-github-action) | GitHub Action -- CI/CD security scanning |
+| 📚 | [agentaudit-mcp](https://github.com/ecap0-ai/agentaudit-mcp) | This repo -- CLI + MCP server source |
+| 🐛 | [Report Issues](https://github.com/ecap0-ai/agentaudit-mcp/issues) | Bug reports and feature requests |
 ---
@@ -521,6 +528,6 @@ It checks standard config file locations for Claude Desktop, Cursor, VS Code, an
 **Protect your AI stack. Scan before you trust.**
-[Trust Registry](https://agentaudit.dev) · [Leaderboard](https://agentaudit.dev/leaderboard) · [Report Issues](https://github.com/starbuck100/agentaudit-mcp/issues)
+[Trust Registry](https://agentaudit.dev) · [Leaderboard](https://agentaudit.dev/leaderboard) · [Report Issues](https://github.com/ecap0-ai/agentaudit-mcp/issues)
 </div>

package/cli.mjs CHANGED Viewed

@@ -1543,11 +1543,59 @@ async function checkPackage(name) {
   if (!jsonMode) {
     const riskScore = data.risk_score ?? data.latest_risk_score ?? 0;
-    console.log(`  ${c.bold}${name}${c.reset}  ${riskBadge(riskScore)}`);
-    console.log(`  ${c.dim}Risk Score: ${riskScore}/100${c.reset}`);
-    if (data.source_url) console.log(`  ${c.dim}Source: ${data.source_url}${c.reset}`);
-    console.log(`  ${c.dim}Registry: ${REGISTRY_URL}/skills/${name}${c.reset}`);
+    const trustScore = data.trust_score ?? (100 - riskScore);
+    const totalFindings = data.total_findings ?? 0;
+    const totalReports = data.total_reports ?? 0;
+    // Package name + verdict
+    console.log(`  ${c.bold}${data.display_name || name}${c.reset}  ${riskBadge(riskScore)}`);
+    if (data.description) console.log(`  ${c.dim}${data.description}${c.reset}`);
+    console.log();
+    // Trust Score (the main metric)
+    const trustColor = trustScore >= 70 ? c.green : trustScore >= 40 ? c.yellow : c.red;
+    const trustLabel = trustScore >= 70 ? 'SAFE' : trustScore >= 40 ? 'CAUTION' : 'UNSAFE';
+    console.log(`  ${trustColor}${c.bold}${trustLabel}${c.reset}  ${trustColor}Trust Score: ${trustScore}/100${c.reset}  ${c.dim}(Risk: ${riskScore}/100)${c.reset}`);
+    // Findings summary
+    if (totalFindings > 0) {
+      const maxSev = data.latest_max_severity;
+      const sevStr = maxSev ? `max severity: ${severityColor(maxSev)}${maxSev}${c.reset}` : '';
+      console.log(`  ${c.dim}Findings: ${totalFindings}${sevStr ? ` (${sevStr}${c.dim})` : ''}${c.reset}`);
+    } else {
+      console.log(`  ${c.dim}Findings: 0 (clean)${c.reset}`);
+    }
+    // Consensus / Confidence
+    const uniqueAgents = data.unique_agents ?? 0;
+    const confidence = data.confidence ?? 'unverified';
+    const confidenceDisplay = {
+      consensus: { icon: '🟢', label: 'Consensus Certified', color: c.green, desc: `${totalReports} reports from ${uniqueAgents} independent auditors agree` },
+      verified: { icon: '🟢', label: 'Verified', color: c.green, desc: `${totalReports} reports from ${uniqueAgents} auditors` },
+      low: { icon: '🟡', label: 'Low Confidence', color: c.yellow, desc: `${totalReports} reports but ${uniqueAgents <= 1 ? 'only 1 auditor' : `only ${uniqueAgents} auditors`}` },
+      unverified: { icon: '🔴', label: 'Unverified', color: c.yellow, desc: 'Single audit, no independent confirmation' },
+    }[confidence] || { icon: '⚪', label: confidence, color: c.dim, desc: '' };
+    console.log(`  ${confidenceDisplay.icon}  ${confidenceDisplay.color}${confidenceDisplay.label}${c.reset}  ${c.dim}${confidenceDisplay.desc}${c.reset}`);
+    // Audit info
+    console.log(`  ${c.dim}Reports: ${totalReports} | Auditors: ${uniqueAgents} | Last: ${data.last_audited_at ? new Date(data.last_audited_at).toLocaleDateString() : 'unknown'}${c.reset}`);
     if (data.has_official_audit) console.log(`  ${c.green}✔ Officially audited${c.reset}`);
+    // Recommendation
+    if (confidence === 'unverified' && trustScore >= 70) {
+      console.log();
+      console.log(`  ${c.yellow}⚠  Score looks good but only 1 audit exists.${c.reset}`);
+      console.log(`  ${c.dim}   Consider running your own audit: agentaudit audit ${data.source_url || name}${c.reset}`);
+    } else if (confidence === 'low') {
+      console.log();
+      console.log(`  ${c.yellow}⚠  Limited independent verification.${c.reset}`);
+      console.log(`  ${c.dim}   More auditors needed for consensus. Run: agentaudit audit ${data.source_url || name}${c.reset}`);
+    }
+    // Links
+    console.log();
+    if (data.source_url) console.log(`  ${c.dim}Source:   ${data.source_url}${c.reset}`);
+    console.log(`  ${c.dim}Registry: ${REGISTRY_URL}/skills/${encodeURIComponent(name)}${c.reset}`);
     console.log();
   }
   return data;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.9.13",
+  "version": "3.9.15",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {