llm-trust-guard 4.21.2 → 4.21.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +15 -0
- package/README.md +31 -5
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,21 @@ All notable changes to `llm-trust-guard` will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [4.21.3] - 2026-06-13
|
|
9
|
+
|
|
10
|
+
### Docs / CI
|
|
11
|
+
|
|
12
|
+
- **README**: the `CodeAnalyzerBackend` example is now complete and copy-pasteable
|
|
13
|
+
(full acorn walker that blocks `constructor.constructor` / `Function` gadgets), with
|
|
14
|
+
a GitHub link to the full reference. It previously called a placeholder function and
|
|
15
|
+
pointed at `examples/…` which isn't shipped in the npm package — so consumers had no
|
|
16
|
+
runnable backend for the headline new feature.
|
|
17
|
+
- **CI**: bumped GitHub Actions off the deprecated Node 20 runtime (`checkout@v6`,
|
|
18
|
+
`setup-node@v6`, `setup-python@v6`, `gh-release@v3`, `github-script@v8`) ahead of the
|
|
19
|
+
2026-06-16 forced migration.
|
|
20
|
+
|
|
21
|
+
No code/behavior change.
|
|
22
|
+
|
|
8
23
|
## [4.21.2] - 2026-06-12
|
|
9
24
|
|
|
10
25
|
### Docs — document `CodeAnalyzerBackend`; add README-sync gate (G11)
|
package/README.md
CHANGED
|
@@ -201,20 +201,46 @@ or the `Function` constructor, plug in a parser via `analyzerBackend` (findings
|
|
|
201
201
|
additive; a throwing backend never crashes the guard):
|
|
202
202
|
|
|
203
203
|
```ts
|
|
204
|
-
import { CodeExecutionGuard, type CodeAnalyzerBackend } from 'llm-trust-guard';
|
|
204
|
+
import { CodeExecutionGuard, type CodeAnalyzerBackend, type CodeFinding } from 'llm-trust-guard';
|
|
205
205
|
import { parse } from 'acorn'; // your dependency, not the library's
|
|
206
206
|
|
|
207
|
+
function walk(node: any, visit: (n: any) => void) {
|
|
208
|
+
if (!node || typeof node !== 'object') return;
|
|
209
|
+
if (typeof node.type === 'string') visit(node);
|
|
210
|
+
for (const k of Object.keys(node)) {
|
|
211
|
+
const c = node[k];
|
|
212
|
+
if (Array.isArray(c)) c.forEach((x) => walk(x, visit));
|
|
213
|
+
else if (c && typeof c === 'object') walk(c, visit);
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
|
|
207
217
|
const acornBackend: CodeAnalyzerBackend = (code, language) => {
|
|
208
218
|
if (language !== 'javascript') return [];
|
|
209
|
-
|
|
210
|
-
|
|
219
|
+
let ast: any;
|
|
220
|
+
try { ast = parse(code, { ecmaVersion: 'latest', sourceType: 'module' }); }
|
|
221
|
+
catch { return []; } // unparseable — the guard's regex pass still ran
|
|
222
|
+
const findings: CodeFinding[] = [];
|
|
223
|
+
walk(ast, (n) => {
|
|
224
|
+
// X.constructor.constructor(...) — classic sandbox escape
|
|
225
|
+
if (n.type === 'CallExpression' && n.callee?.property?.name === 'constructor' &&
|
|
226
|
+
n.callee.object?.property?.name === 'constructor') {
|
|
227
|
+
findings.push({ name: 'constructor_escape', severity: 60 });
|
|
228
|
+
}
|
|
229
|
+
// Function('...') as a call (no `new`)
|
|
230
|
+
if (n.type === 'CallExpression' && n.callee?.type === 'Identifier' && n.callee.name === 'Function') {
|
|
231
|
+
findings.push({ name: 'function_constructor', severity: 50 });
|
|
232
|
+
}
|
|
233
|
+
});
|
|
234
|
+
return findings;
|
|
211
235
|
};
|
|
212
236
|
|
|
213
237
|
const guard = new CodeExecutionGuard({ analyzerBackend: acornBackend });
|
|
238
|
+
guard.analyze("this.constructor.constructor('return process')()", 'javascript').allowed; // false
|
|
214
239
|
```
|
|
215
240
|
|
|
216
|
-
|
|
217
|
-
|
|
241
|
+
Full reference (also handles `__proto__` and dynamic `import()`):
|
|
242
|
+
[`examples/acorn-code-analyzer.ts`](https://github.com/nkratk/llm-trust-guard/blob/main/examples/acorn-code-analyzer.ts).
|
|
243
|
+
The Python package ships this analysis built in (stdlib `ast`, no backend needed).
|
|
218
244
|
|
|
219
245
|
## OWASP Coverage
|
|
220
246
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "llm-trust-guard",
|
|
3
|
-
"version": "4.21.
|
|
3
|
+
"version": "4.21.3",
|
|
4
4
|
"description": "Comprehensive security guards for LLM-powered and agentic AI applications - 34 guards covering OWASP Top 10 for LLMs 2025, Agentic Applications 2026, and MCP Security. All guards accessible via unified TrustGuard facade. Features prompt injection (PAP/persuasion), multi-modal attacks, RAG poisoning with embedding attack detection, memory persistence attacks, code execution sandboxing, multi-agent security (spawn policy, delegation scope, trust transitivity), MCP tool shadowing prevention, system prompt leakage protection, human-agent trust exploitation (ASI09), autonomy escalation (ASI10), state persistence (ASI08), tool chain validation v2 (ASI07/ASI04), circuit breaker, drift detection, and more",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.mjs",
|