Skip to content

Releases: gnim81/awi-scan

v0.2.0

Choose a tag to compare

@gnim81 gnim81 released this 29 May 14:34

Summary

  • Detect pull_request_target workflows that checkout untrusted pull request head code before running an AI agent.
  • Add vulnerable and safe fixtures for the checkout-to-agent pattern.
  • Document the new awi.untrusted-checkout-to-agent rule and add launch copy.

Verification

  • npm run check: 10 test files passed, 33 tests passed, build succeeded.
  • npm audit: 0 vulnerabilities.
  • npm pack --dry-run: awi-scan-0.2.0.tgz, 23 files, no internal docs.
  • node dist/cli.js examples --format human --fail-on none --no-color: 3 findings in 5 workflow files.

Note: npm publish is handled manually by the project owner.

v0.1.4

Choose a tag to compare

@gnim81 gnim81 released this 28 May 15:36

Summary

  • Fix CLI version reporting so �wi-scan --version matches the package version.
  • Add regression coverage that compares CLI output with package.json.
  • Update GitHub Action examples to v0.1.4.

Verification

  • npm run check
  • npm audit
  • npm publish --dry-run
  • node dist/cli.js --version

Note: npm publish is handled manually by the project owner.

v0.1.3

Choose a tag to compare

@gnim81 gnim81 released this 28 May 15:25

Summary

  • Update README and public docs now that the npm package is live.
  • Add npm badge and make npx the primary CLI path.
  • Keep GitHub Action examples on v0.1.3.

Verification

  • npm run check
  • npm audit
  • npm publish --dry-run
  • npx awi-scan --help

Note: npm 0.1.3 publication requires completing npm OTP authentication; 0.1.2 is already available on npm.

v0.1.2

Choose a tag to compare

@gnim81 gnim81 released this 28 May 15:07

Summary

  • Normalize npm package metadata before first npm publication.
  • Keep the CLI bin entry intact for npx by using npm-normalized package fields.
  • Update GitHub Action examples to v0.1.2.

Verification

  • npm run check
  • npm audit
  • npm publish --dry-run
  • npm pack --dry-run

Note: npm publication still requires npm two-factor authentication or a granular access token with bypass 2FA enabled.

v0.1.1

Choose a tag to compare

@gnim81 gnim81 released this 28 May 14:42

Summary

  • Add public agent action coverage, false-positive, and SARIF upload docs.
  • Update README usage so npm is marked as not yet published while GitHub Action and local CLI paths are available.
  • Include linked public docs in npm package metadata while keeping internal docs excluded.

Verification

  • npm run check
  • npm audit
  • npm pack --dry-run
  • node dist/cli.js examples --format human --fail-on none

Note: npm publication is still pending npm authentication.

awi-scan v0.1.0

Choose a tag to compare

@gnim81 gnim81 released this 24 May 06:07

Initial public release of awi-scan.\n\nHighlights:\n- Offline CLI for detecting Agentic Workflow Injection risks in GitHub Actions workflows.\n- GitHub Action wrapper with bundled runtime.\n- Human, JSON, and SARIF output.\n- Vulnerable and safe workflow examples.\n\nVerification:\n- npm run check\n- npm audit