708c898754
Harden git clone attack surface for remote scans with defense-in-depth: Layer 1 (all platforms): 8 git config flags disable hooks, symlinks, filter/smudge drivers, fsmonitor, local file protocol. 4 env vars isolate from system/user git config and block interactive prompts. Layer 2 (OS sandbox): macOS sandbox-exec and Linux bubblewrap (bwrap) restrict file writes to only the specific temp directory. bwrap probe-tests availability before use. Graceful fallback on Windows and Ubuntu 24.04+ (git config hardening only). Additional: post-clone 100MB size check, UUID-unique evidence filenames, evidence file cleanup, cleanup guarantee in scan/plugin-audit commands. 32 new tests (1147 total). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
26 lines
593 B
JSON
26 lines
593 B
JSON
{
|
|
"name": "llm-security",
|
|
"version": "5.1.0",
|
|
"description": "Security scanning, auditing, and threat modeling for Claude Code projects",
|
|
"type": "module",
|
|
"engines": {
|
|
"node": ">=18"
|
|
},
|
|
"scripts": {
|
|
"test": "node --test 'tests/**/*.test.mjs'",
|
|
"bump": "node scripts/bump-version.mjs"
|
|
},
|
|
"keywords": [
|
|
"claude-code",
|
|
"security",
|
|
"owasp",
|
|
"llm",
|
|
"plugin"
|
|
],
|
|
"author": "Kjell Tore Guttormsen",
|
|
"license": "MIT",
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "https://git.fromaitochitta.com/fromaitochitta/claude-code-llm-security"
|
|
}
|
|
}
|