Version updated for https://github.com/fonCki/mcp-security-linter to version v1.4.2. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes Fix: Use shields.io badge for better version caching

Version updated for https://github.com/fonCki/mcp-security-linter to version v1.4.1. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s New This patch release enhances the command execution analyzer with MCP-specific taint tracking, significantly improving detection of command injection vulnerabilities in MCP servers. New Features MCP Tool Argument Tracking: Detects when args.command, params.query, and destructured MCP parameters flow to shell execution MCP Handler Detection: Recognizes setRequestHandler, fallbackRequestHandler patterns and marks handler parameters as tainted Promisified Exec Support: Tracks const execPromise = promisify(exec) aliases Environment Pollution Detection: New command-exec-env rule flags env: process.

Version updated for https://github.com/fonCki/mcp-security-linter to version v1.4.0. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes This release introduces a major overhaul of the security analysis engine, moving from heuristic-based checks to robust, control-flow-aware static analysis. 🚀 Key Features 1. Advanced Command Execution Detection Taint Analysis: Tracks untrusted input (process.env, function args) flowing into dangerous sinks (exec, spawn, eval, vm.

Version updated for https://github.com/fonCki/mcp-security-linter to version v1.3.0. This action is used across all versions by ? repositories. Go to the GitHub Marketplace to find the latest changes. Release notes What’s New AST-based analysis for command execution detection using Acorn parser Smarter detection of dynamic vs static command arguments Improved accuracy with fewer false positives Graceful fallback to regex when AST parsing fails Changes New Dependencies acorn - Fast, ECMAScript-compliant JavaScript parser acorn-walk - AST walker for traversing parsed trees BaseAnalyzer Enhancements Added parseAST() method for parsing JS/TS content Added walkAST() method with visitor pattern support CommandExecAnalyzer Improvements AST-based detection of dangerous execution patterns Analyzes argument types (template literals, identifiers, binary expressions) Provides precise line/column locations Graceful fallback to regex when AST parsing fails Full Changelog https://github.