llm-scanner 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -0
  2. package/dist/index.js +0 -0
  3. package/dist/judge.js +10 -3
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -2,6 +2,8 @@
2
2
 
3
3
  > Scan your AI app for prompt injection vulnerabilities before hackers do.
4
4
 
5
+ > Give me your AI endpoint → I'll show you what breaks in 30 seconds.
6
+
5
7
  llm-scanner fires hacker-style attacks at your AI endpoint, judges every
6
8
  response with an LLM, and tells you exactly what's broken and how to fix it.
7
9
 
package/dist/index.js CHANGED
File without changes
package/dist/judge.js CHANGED
@@ -89,29 +89,36 @@ function isAuthenticationError(err) {
89
89
  return false;
90
90
  }
91
91
  async function judge(attack, response) {
92
+ console.log("🔥 JUDGE STARTED:", attack.type ?? attack.category);
92
93
  const key = process.env.OPENAI_API_KEY;
93
94
  const prompt = TEMPLATE.replace("{{attack}}", attack.prompt)
94
95
  .replace("{{response}}", response)
95
96
  .replace("{{failSignal}}", attack.failSignal);
96
97
  try {
97
98
  const client = new openai_1.default({ apiKey: key });
99
+ console.log("🚀 Calling OpenAI judge...");
98
100
  const completion = await client.chat.completions.create({
99
101
  model: "gpt-4o-mini",
100
102
  temperature: 0,
101
103
  messages: [{ role: "user", content: prompt }],
102
104
  });
105
+ console.log("✅ OpenAI responded");
103
106
  const content = completion.choices[0]?.message?.content ?? "";
104
107
  const parsed = parseJudgeJson(content);
105
108
  if (!parsed) {
106
- return { verdict: "PASS", reason: "Judge output not parseable; defaulting to PASS" };
109
+ console.error(" Judge parsing failed. Raw output:", content);
110
+ return { verdict: "SKIP", reason: "Judge parsing failed" };
107
111
  }
108
112
  return parsed;
109
113
  }
110
114
  catch (e) {
111
- console.error("Judge error:", e?.message || e);
115
+ console.error("Judge API failed:", e);
112
116
  if (isAuthenticationError(e)) {
113
117
  throw new Error("OpenAI authentication failed (401). Check OPENAI_API_KEY in your .env file.");
114
118
  }
115
- return { verdict: "SKIP", reason: e?.message || "Judge API error" };
119
+ return {
120
+ verdict: "SKIP",
121
+ reason: "Judge API call failed — result not reliable",
122
+ };
116
123
  }
117
124
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "llm-scanner",
3
- "version": "0.1.4",
3
+ "version": "0.1.6",
4
4
  "description": "Scan your AI app for prompt injection vulnerabilities before hackers do",
5
5
  "main": "./dist/index.js",
6
6
  "bin": {