agentaudit 3.9.43 → 3.9.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli.mjs +8 -1
  2. package/package.json +1 -1
package/cli.mjs CHANGED
@@ -1956,7 +1956,14 @@ async function auditRepo(url) {
1956
1956
 
1957
1957
  // Display results
1958
1958
  console.log();
1959
- const riskScore = report.risk_score || 0;
1959
+ // Always recalculate risk_score from findings severities (never trust LLM's score)
1960
+ const _sevW = { critical: 25, high: 15, medium: 5, low: 1 };
1961
+ const recalcRisk = report.findings && report.findings.length > 0
1962
+ ? Math.min(100, report.findings.reduce((s, f) => s + (_sevW[f.severity] || 0), 0))
1963
+ : 0;
1964
+ report.risk_score = recalcRisk;
1965
+ report.result = recalcRisk === 0 ? 'safe' : recalcRisk <= 20 ? 'caution' : 'unsafe';
1966
+ const riskScore = recalcRisk;
1960
1967
  const trustScore = 100 - riskScore;
1961
1968
  const trustColor = trustScore >= 70 ? c.green : trustScore >= 40 ? c.yellow : c.red;
1962
1969
  const trustLabel = trustScore >= 70 ? 'SAFE' : trustScore >= 40 ? 'CAUTION' : 'UNSAFE';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agentaudit",
3
- "version": "3.9.43",
3
+ "version": "3.9.44",
4
4
  "description": "Security scanner for AI packages — MCP server + CLI",
5
5
  "type": "module",
6
6
  "bin": {