mcp-security-scanner 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (205) hide show
  1. package/LICENSE +21 -0
  2. package/README.ar.md +662 -0
  3. package/README.bn.md +662 -0
  4. package/README.bs.md +662 -0
  5. package/README.da.md +662 -0
  6. package/README.de.md +662 -0
  7. package/README.el.md +662 -0
  8. package/README.es.md +662 -0
  9. package/README.fr.md +663 -0
  10. package/README.hi.md +662 -0
  11. package/README.it.md +662 -0
  12. package/README.ja.md +663 -0
  13. package/README.ko.md +662 -0
  14. package/README.md +662 -0
  15. package/README.no.md +662 -0
  16. package/README.pl.md +662 -0
  17. package/README.pt-BR.md +662 -0
  18. package/README.ru.md +662 -0
  19. package/README.th.md +662 -0
  20. package/README.tr.md +662 -0
  21. package/README.uk.md +663 -0
  22. package/README.vi.md +662 -0
  23. package/README.zh-TW.md +661 -0
  24. package/README.zh.md +661 -0
  25. package/dist/config/env-scanner.d.ts +3 -0
  26. package/dist/config/env-scanner.d.ts.map +1 -0
  27. package/dist/config/env-scanner.js +85 -0
  28. package/dist/config/env-scanner.js.map +1 -0
  29. package/dist/config/index.d.ts +3 -0
  30. package/dist/config/index.d.ts.map +1 -0
  31. package/dist/config/index.js +169 -0
  32. package/dist/config/index.js.map +1 -0
  33. package/dist/config/mcp-config-parser.d.ts +16 -0
  34. package/dist/config/mcp-config-parser.d.ts.map +1 -0
  35. package/dist/config/mcp-config-parser.js +86 -0
  36. package/dist/config/mcp-config-parser.js.map +1 -0
  37. package/dist/config/server-verification.d.ts +5 -0
  38. package/dist/config/server-verification.d.ts.map +1 -0
  39. package/dist/config/server-verification.js +221 -0
  40. package/dist/config/server-verification.js.map +1 -0
  41. package/dist/data/dangerous-sinks.d.ts +13 -0
  42. package/dist/data/dangerous-sinks.d.ts.map +1 -0
  43. package/dist/data/dangerous-sinks.js +45 -0
  44. package/dist/data/dangerous-sinks.js.map +1 -0
  45. package/dist/data/owasp-mcp-top10.d.ts +12 -0
  46. package/dist/data/owasp-mcp-top10.d.ts.map +1 -0
  47. package/dist/data/owasp-mcp-top10.js +95 -0
  48. package/dist/data/owasp-mcp-top10.js.map +1 -0
  49. package/dist/data/poisoning-patterns.d.ts +15 -0
  50. package/dist/data/poisoning-patterns.d.ts.map +1 -0
  51. package/dist/data/poisoning-patterns.js +146 -0
  52. package/dist/data/poisoning-patterns.js.map +1 -0
  53. package/dist/data/popular-packages.d.ts +2 -0
  54. package/dist/data/popular-packages.d.ts.map +1 -0
  55. package/dist/data/popular-packages.js +71 -0
  56. package/dist/data/popular-packages.js.map +1 -0
  57. package/dist/data/secret-patterns.d.ts +8 -0
  58. package/dist/data/secret-patterns.d.ts.map +1 -0
  59. package/dist/data/secret-patterns.js +129 -0
  60. package/dist/data/secret-patterns.js.map +1 -0
  61. package/dist/deps/index.d.ts +3 -0
  62. package/dist/deps/index.d.ts.map +1 -0
  63. package/dist/deps/index.js +308 -0
  64. package/dist/deps/index.js.map +1 -0
  65. package/dist/deps/install-script-detector.d.ts +9 -0
  66. package/dist/deps/install-script-detector.d.ts.map +1 -0
  67. package/dist/deps/install-script-detector.js +98 -0
  68. package/dist/deps/install-script-detector.js.map +1 -0
  69. package/dist/deps/lockfile-parser.d.ts +15 -0
  70. package/dist/deps/lockfile-parser.d.ts.map +1 -0
  71. package/dist/deps/lockfile-parser.js +123 -0
  72. package/dist/deps/lockfile-parser.js.map +1 -0
  73. package/dist/deps/typosquat-checker.d.ts +10 -0
  74. package/dist/deps/typosquat-checker.d.ts.map +1 -0
  75. package/dist/deps/typosquat-checker.js +84 -0
  76. package/dist/deps/typosquat-checker.js.map +1 -0
  77. package/dist/index.d.ts +3 -0
  78. package/dist/index.d.ts.map +1 -0
  79. package/dist/index.js +315 -0
  80. package/dist/index.js.map +1 -0
  81. package/dist/meta/sources.d.ts +3 -0
  82. package/dist/meta/sources.d.ts.map +1 -0
  83. package/dist/meta/sources.js +43 -0
  84. package/dist/meta/sources.js.map +1 -0
  85. package/dist/protocol/mcp-server.d.ts +4 -0
  86. package/dist/protocol/mcp-server.d.ts.map +1 -0
  87. package/dist/protocol/mcp-server.js +32 -0
  88. package/dist/protocol/mcp-server.js.map +1 -0
  89. package/dist/protocol/tools.d.ts +3 -0
  90. package/dist/protocol/tools.d.ts.map +1 -0
  91. package/dist/protocol/tools.js +21 -0
  92. package/dist/protocol/tools.js.map +1 -0
  93. package/dist/report/index.d.ts +3 -0
  94. package/dist/report/index.d.ts.map +1 -0
  95. package/dist/report/index.js +259 -0
  96. package/dist/report/index.js.map +1 -0
  97. package/dist/report/json-report.d.ts +4 -0
  98. package/dist/report/json-report.d.ts.map +1 -0
  99. package/dist/report/json-report.js +61 -0
  100. package/dist/report/json-report.js.map +1 -0
  101. package/dist/report/markdown.d.ts +3 -0
  102. package/dist/report/markdown.d.ts.map +1 -0
  103. package/dist/report/markdown.js +89 -0
  104. package/dist/report/markdown.js.map +1 -0
  105. package/dist/report/sarif.d.ts +3 -0
  106. package/dist/report/sarif.d.ts.map +1 -0
  107. package/dist/report/sarif.js +56 -0
  108. package/dist/report/sarif.js.map +1 -0
  109. package/dist/runtime/client.d.ts +31 -0
  110. package/dist/runtime/client.d.ts.map +1 -0
  111. package/dist/runtime/client.js +53 -0
  112. package/dist/runtime/client.js.map +1 -0
  113. package/dist/runtime/index.d.ts +3 -0
  114. package/dist/runtime/index.d.ts.map +1 -0
  115. package/dist/runtime/index.js +239 -0
  116. package/dist/runtime/index.js.map +1 -0
  117. package/dist/runtime/pinning.d.ts +21 -0
  118. package/dist/runtime/pinning.d.ts.map +1 -0
  119. package/dist/runtime/pinning.js +74 -0
  120. package/dist/runtime/pinning.js.map +1 -0
  121. package/dist/runtime/schema-analyzer.d.ts +14 -0
  122. package/dist/runtime/schema-analyzer.d.ts.map +1 -0
  123. package/dist/runtime/schema-analyzer.js +204 -0
  124. package/dist/runtime/schema-analyzer.js.map +1 -0
  125. package/dist/runtime/tool-analyzer.d.ts +6 -0
  126. package/dist/runtime/tool-analyzer.d.ts.map +1 -0
  127. package/dist/runtime/tool-analyzer.js +92 -0
  128. package/dist/runtime/tool-analyzer.js.map +1 -0
  129. package/dist/static/analyzers/code-execution.d.ts +4 -0
  130. package/dist/static/analyzers/code-execution.d.ts.map +1 -0
  131. package/dist/static/analyzers/code-execution.js +72 -0
  132. package/dist/static/analyzers/code-execution.js.map +1 -0
  133. package/dist/static/analyzers/command-injection.d.ts +4 -0
  134. package/dist/static/analyzers/command-injection.d.ts.map +1 -0
  135. package/dist/static/analyzers/command-injection.js +62 -0
  136. package/dist/static/analyzers/command-injection.js.map +1 -0
  137. package/dist/static/analyzers/info-disclosure.d.ts +4 -0
  138. package/dist/static/analyzers/info-disclosure.d.ts.map +1 -0
  139. package/dist/static/analyzers/info-disclosure.js +65 -0
  140. package/dist/static/analyzers/info-disclosure.js.map +1 -0
  141. package/dist/static/analyzers/insecure-crypto.d.ts +4 -0
  142. package/dist/static/analyzers/insecure-crypto.d.ts.map +1 -0
  143. package/dist/static/analyzers/insecure-crypto.js +65 -0
  144. package/dist/static/analyzers/insecure-crypto.js.map +1 -0
  145. package/dist/static/analyzers/logging-audit.d.ts +4 -0
  146. package/dist/static/analyzers/logging-audit.d.ts.map +1 -0
  147. package/dist/static/analyzers/logging-audit.js +81 -0
  148. package/dist/static/analyzers/logging-audit.js.map +1 -0
  149. package/dist/static/analyzers/path-traversal.d.ts +4 -0
  150. package/dist/static/analyzers/path-traversal.d.ts.map +1 -0
  151. package/dist/static/analyzers/path-traversal.js +42 -0
  152. package/dist/static/analyzers/path-traversal.js.map +1 -0
  153. package/dist/static/analyzers/prototype-pollution.d.ts +4 -0
  154. package/dist/static/analyzers/prototype-pollution.d.ts.map +1 -0
  155. package/dist/static/analyzers/prototype-pollution.js +80 -0
  156. package/dist/static/analyzers/prototype-pollution.js.map +1 -0
  157. package/dist/static/analyzers/regex-dos.d.ts +4 -0
  158. package/dist/static/analyzers/regex-dos.d.ts.map +1 -0
  159. package/dist/static/analyzers/regex-dos.js +78 -0
  160. package/dist/static/analyzers/regex-dos.js.map +1 -0
  161. package/dist/static/analyzers/secret-hardcoded.d.ts +4 -0
  162. package/dist/static/analyzers/secret-hardcoded.d.ts.map +1 -0
  163. package/dist/static/analyzers/secret-hardcoded.js +70 -0
  164. package/dist/static/analyzers/secret-hardcoded.js.map +1 -0
  165. package/dist/static/analyzers/ssrf.d.ts +4 -0
  166. package/dist/static/analyzers/ssrf.d.ts.map +1 -0
  167. package/dist/static/analyzers/ssrf.js +39 -0
  168. package/dist/static/analyzers/ssrf.js.map +1 -0
  169. package/dist/static/analyzers/unsafe-regex.d.ts +4 -0
  170. package/dist/static/analyzers/unsafe-regex.d.ts.map +1 -0
  171. package/dist/static/analyzers/unsafe-regex.js +36 -0
  172. package/dist/static/analyzers/unsafe-regex.js.map +1 -0
  173. package/dist/static/ast-engine.d.ts +22 -0
  174. package/dist/static/ast-engine.d.ts.map +1 -0
  175. package/dist/static/ast-engine.js +155 -0
  176. package/dist/static/ast-engine.js.map +1 -0
  177. package/dist/static/index.d.ts +3 -0
  178. package/dist/static/index.d.ts.map +1 -0
  179. package/dist/static/index.js +114 -0
  180. package/dist/static/index.js.map +1 -0
  181. package/dist/static/taint-tracker.d.ts +15 -0
  182. package/dist/static/taint-tracker.d.ts.map +1 -0
  183. package/dist/static/taint-tracker.js +70 -0
  184. package/dist/static/taint-tracker.js.map +1 -0
  185. package/dist/types/findings.d.ts +60 -0
  186. package/dist/types/findings.d.ts.map +1 -0
  187. package/dist/types/findings.js +9 -0
  188. package/dist/types/findings.js.map +1 -0
  189. package/dist/types/index.d.ts +23 -0
  190. package/dist/types/index.d.ts.map +1 -0
  191. package/dist/types/index.js +8 -0
  192. package/dist/types/index.js.map +1 -0
  193. package/dist/utils/crypto.d.ts +4 -0
  194. package/dist/utils/crypto.d.ts.map +1 -0
  195. package/dist/utils/crypto.js +12 -0
  196. package/dist/utils/crypto.js.map +1 -0
  197. package/dist/utils/fs-helpers.d.ts +7 -0
  198. package/dist/utils/fs-helpers.d.ts.map +1 -0
  199. package/dist/utils/fs-helpers.js +92 -0
  200. package/dist/utils/fs-helpers.js.map +1 -0
  201. package/dist/utils/levenshtein.d.ts +7 -0
  202. package/dist/utils/levenshtein.d.ts.map +1 -0
  203. package/dist/utils/levenshtein.js +89 -0
  204. package/dist/utils/levenshtein.js.map +1 -0
  205. package/package.json +57 -0
package/package.json ADDED
@@ -0,0 +1,57 @@
1
+ {
2
+ "name": "mcp-security-scanner",
3
+ "version": "1.0.0",
4
+ "description": "MCP security scanner — 43 tools for runtime inspection, static analysis, config audit, dependency analysis. OWASP MCP Top 10 compliance. 100% local, zero external API calls.",
5
+ "type": "module",
6
+ "bin": {
7
+ "mcp-security-scanner": "dist/index.js"
8
+ },
9
+ "files": [
10
+ "dist/"
11
+ ],
12
+ "scripts": {
13
+ "dev": "bun --watch run src/index.ts",
14
+ "build": "tsc -p tsconfig.build.json",
15
+ "prepublishOnly": "npm run build"
16
+ },
17
+ "keywords": [
18
+ "mcp",
19
+ "model-context-protocol",
20
+ "security",
21
+ "scanner",
22
+ "static-analysis",
23
+ "sast",
24
+ "owasp",
25
+ "owasp-mcp-top10",
26
+ "tool-poisoning",
27
+ "rug-pull",
28
+ "supply-chain",
29
+ "dependency-audit",
30
+ "config-audit",
31
+ "mcp-security",
32
+ "pentesting",
33
+ "cybersecurity",
34
+ "infosec",
35
+ "ai-security",
36
+ "llm-security",
37
+ "claude",
38
+ "ai-agent"
39
+ ],
40
+ "author": "Orhan Yildirim <contact@orhanyildirim.us> (https://orhanyildirim.us)",
41
+ "license": "MIT",
42
+ "repository": {
43
+ "type": "git",
44
+ "url": "https://github.com/badchars/mcp-security-scanner.git"
45
+ },
46
+ "homepage": "https://www.npmjs.com/package/mcp-security-scanner",
47
+ "dependencies": {
48
+ "@modelcontextprotocol/sdk": "^1.12.1",
49
+ "ts-morph": "^24.0.0",
50
+ "zod": "^3.24.4"
51
+ },
52
+ "devDependencies": {
53
+ "@types/bun": "^1.3.10",
54
+ "@types/node": "^22.15.3",
55
+ "typescript": "^5.8.2"
56
+ }
57
+ }