Releases: gnim81/awi-scan
Releases · gnim81/awi-scan
Release list
v0.2.0
Summary
- Detect pull_request_target workflows that checkout untrusted pull request head code before running an AI agent.
- Add vulnerable and safe fixtures for the checkout-to-agent pattern.
- Document the new awi.untrusted-checkout-to-agent rule and add launch copy.
Verification
- npm run check: 10 test files passed, 33 tests passed, build succeeded.
- npm audit: 0 vulnerabilities.
- npm pack --dry-run: awi-scan-0.2.0.tgz, 23 files, no internal docs.
- node dist/cli.js examples --format human --fail-on none --no-color: 3 findings in 5 workflow files.
Note: npm publish is handled manually by the project owner.
v0.1.4
Summary
- Fix CLI version reporting so �wi-scan --version matches the package version.
- Add regression coverage that compares CLI output with package.json.
- Update GitHub Action examples to v0.1.4.
Verification
- npm run check
- npm audit
- npm publish --dry-run
- node dist/cli.js --version
Note: npm publish is handled manually by the project owner.
v0.1.3
Summary
- Update README and public docs now that the npm package is live.
- Add npm badge and make npx the primary CLI path.
- Keep GitHub Action examples on v0.1.3.
Verification
- npm run check
- npm audit
- npm publish --dry-run
- npx awi-scan --help
Note: npm 0.1.3 publication requires completing npm OTP authentication; 0.1.2 is already available on npm.
v0.1.2
Summary
- Normalize npm package metadata before first npm publication.
- Keep the CLI bin entry intact for npx by using npm-normalized package fields.
- Update GitHub Action examples to v0.1.2.
Verification
- npm run check
- npm audit
- npm publish --dry-run
- npm pack --dry-run
Note: npm publication still requires npm two-factor authentication or a granular access token with bypass 2FA enabled.
v0.1.1
Summary
- Add public agent action coverage, false-positive, and SARIF upload docs.
- Update README usage so npm is marked as not yet published while GitHub Action and local CLI paths are available.
- Include linked public docs in npm package metadata while keeping internal docs excluded.
Verification
- npm run check
- npm audit
- npm pack --dry-run
- node dist/cli.js examples --format human --fail-on none
Note: npm publication is still pending npm authentication.
awi-scan v0.1.0
Initial public release of awi-scan.\n\nHighlights:\n- Offline CLI for detecting Agentic Workflow Injection risks in GitHub Actions workflows.\n- GitHub Action wrapper with bundled runtime.\n- Human, JSON, and SARIF output.\n- Vulnerable and safe workflow examples.\n\nVerification:\n- npm run check\n- npm audit