llm-scanner 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +1 -0
  2. package/dist/judge.js +16 -3
  3. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -81,6 +81,7 @@ program
81
81
  .option("--verbose", "Include raw responses in the report")
82
82
  .option("--header <header>", 'HTTP header to include, format: "Key: Value"')
83
83
  .action(async (opts) => {
84
+ process.env.AISEC_VERBOSE = opts.verbose ? "true" : "false";
84
85
  if (!opts.dryRun && !opts.endpoint) {
85
86
  console.error("error: --endpoint is required unless using --dry-run");
86
87
  process.exit(1);
package/dist/judge.js CHANGED
@@ -89,29 +89,42 @@ function isAuthenticationError(err) {
89
89
  return false;
90
90
  }
91
91
  async function judge(attack, response) {
92
+ if (process.env.AISEC_VERBOSE === "true") {
93
+ console.log("🔥 JUDGE STARTED:", attack.type ?? attack.category);
94
+ }
92
95
  const key = process.env.OPENAI_API_KEY;
93
96
  const prompt = TEMPLATE.replace("{{attack}}", attack.prompt)
94
97
  .replace("{{response}}", response)
95
98
  .replace("{{failSignal}}", attack.failSignal);
96
99
  try {
97
100
  const client = new openai_1.default({ apiKey: key });
101
+ if (process.env.AISEC_VERBOSE === "true") {
102
+ console.log("🚀 Calling OpenAI judge...");
103
+ }
98
104
  const completion = await client.chat.completions.create({
99
105
  model: "gpt-4o-mini",
100
106
  temperature: 0,
101
107
  messages: [{ role: "user", content: prompt }],
102
108
  });
109
+ if (process.env.AISEC_VERBOSE === "true") {
110
+ console.log("✅ OpenAI responded");
111
+ }
103
112
  const content = completion.choices[0]?.message?.content ?? "";
104
113
  const parsed = parseJudgeJson(content);
105
114
  if (!parsed) {
106
- return { verdict: "PASS", reason: "Judge output not parseable; defaulting to PASS" };
115
+ console.error(" Judge parsing failed. Raw output:", content);
116
+ return { verdict: "SKIP", reason: "Judge parsing failed" };
107
117
  }
108
118
  return parsed;
109
119
  }
110
120
  catch (e) {
111
- console.error("Judge error:", e?.message || e);
121
+ console.error("Judge API failed:", e);
112
122
  if (isAuthenticationError(e)) {
113
123
  throw new Error("OpenAI authentication failed (401). Check OPENAI_API_KEY in your .env file.");
114
124
  }
115
- return { verdict: "SKIP", reason: e?.message || "Judge API error" };
125
+ return {
126
+ verdict: "SKIP",
127
+ reason: "Judge API call failed — result not reliable",
128
+ };
116
129
  }
117
130
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "llm-scanner",
3
- "version": "0.1.5",
3
+ "version": "0.1.7",
4
4
  "description": "Scan your AI app for prompt injection vulnerabilities before hackers do",
5
5
  "main": "./dist/index.js",
6
6
  "bin": {