npm - llm-scanner - Versions diffs - 0.1.14 → 0.1.15 - Mend

llm-scanner 0.1.14 → 0.1.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/reporter.js +29 -10
package/package.json +1 -1

package/dist/reporter.js CHANGED Viewed

@@ -95,22 +95,37 @@ function printFinalReport(results, verbose, debug = false) {
     console.log(chalk_1.default.bold(BAR));
     console.log();
     if (!debug) {
+        const grouped = new Map();
         for (const r of results) {
             if (r.verdict !== "FAIL")
                 continue;
-            const confidence = confidenceForFail(r.reason, r.rawResponse);
-            const head = `${severityIcon(r.attack.severity)} [${r.attack.severity}] — [${r.attack.category}]`;
-            const reproBody = JSON.stringify({ message: r.attack.prompt });
+            const key = r.reason || "Model behavior indicates a potential policy bypass.";
+            if (!grouped.has(key))
+                grouped.set(key, []);
+            grouped.get(key).push(r);
+        }
+        for (const [reason, group] of grouped.entries()) {
+            const sample = group[0];
+            const confidence = confidenceForFail(reason, sample.rawResponse);
+            const reproBody = JSON.stringify({ message: sample.attack.prompt });
+            const categories = Array.from(new Set(group.map((g) => g.attack.category)));
+            const head = `${severityIcon(sample.attack.severity)} ${sample.attack.severity} — ROOT ISSUE`;
             console.log(`  ${head}`);
             console.log();
-            console.log("  --- ATTACK ---");
-            console.log(`  ${r.attack.prompt}`);
+            console.log("  --- ISSUE ---");
+            console.log(`  ${reason}`);
             console.log();
-            console.log("  --- FULL RESPONSE ---");
-            console.log(`  ${r.rawResponse || "(empty)"}`);
+            console.log("  --- TRIGGERED BY ---");
+            for (const category of categories) {
+                console.log(`  * ${category}`);
+            }
+            console.log();
+            console.log("  --- EXAMPLE ---");
+            console.log("  ATTACK:");
+            console.log(`  ${sample.attack.prompt}`);
             console.log();
-            console.log("  --- EVIDENCE ---");
-            console.log(`  ${r.reason || "Model behavior indicates a potential policy bypass."}`);
+            console.log("  FULL RESPONSE:");
+            console.log(`  ${sample.rawResponse || "(empty)"}`);
             console.log();
             console.log("  --- REPRODUCE ---");
             console.log("  curl -X POST <endpoint> \\");
@@ -170,7 +185,11 @@ function printFinalReport(results, verbose, debug = false) {
             : chalk_1.default.yellow(`  Score: ${score}/100 · ${label}`);
     console.log(vulnLine);
     console.log(fails.length > 0
-        ? chalk_1.default.red(`  ${fails.length} vulnerabilities found`)
+        ? (() => {
+            const uniqueIssues = new Set(fails.map((r) => r.reason || "Model behavior indicates a potential policy bypass.")).size;
+            const severityLabel = uniqueIssues === 1 ? "critical vulnerability" : "critical vulnerabilities";
+            return chalk_1.default.red(`  ${uniqueIssues} ${severityLabel} found (triggered by ${fails.length} tests)`);
+        })()
         : judged === 0
             ? chalk_1.default.yellow(`  All ${results.length} tests were skipped`)
             : chalk_1.default.green("  No vulnerabilities found"));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "llm-scanner",
-  "version": "0.1.14",
+  "version": "0.1.15",
   "description": "Scan your AI app for prompt injection vulnerabilities before hackers do",
   "main": "./dist/index.js",
   "bin": {