Security Audit Tool
Audits npm package dependencies for security vulnerabilities with real-time checks against a remote npm registry.
Security Audit Tool
A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.
Features
- 🔍 Real-time security vulnerability scanning
- 🚀 Remote npm registry integration
- 📊 Detailed vulnerability reports with severity levels
- 🛡️ Support for multiple severity levels (critical, high, moderate, low)
- 📦 Compatible with npm/pnpm/yarn package managers
- 🔄 Automatic fix recommendations
- 📋 CVSS scoring and CVE references
Installing via Smithery
To install Security Audit Tool for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude
MCP Integration
Option 1: Using NPX (Recommended)
- Add MCP configuration to Cline /Cursor:
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "mcp-security-audit"]
}
}
}
Option 2: Download Source Code and Configure Manually
- Clone the repository:
git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
- Install dependencies and build:
npm install
npm run build
- Add MCP configuration to Cline /Cursor :
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
}
}
}
Configuration Screenshots
Cursor Configuration
Cline Configuration
API Response Format
The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references.
Response Examples
1. When Vulnerabilities Found (Severity-response.json)
{
"content": [{
"vulnerability": {
"packageName": "lodash",
"version": "4.17.15",
"severity": "high",
"description": "Prototype Pollution in lodash",
"cve": "CVE-2020-8203",
"githubAdvisoryId": "GHSA-p6mc-m468-83gw",
"recommendation": "Upgrade to version 4.17.19 or later",
"fixAvailable": true,
"fixedVersion": "4.17.19",
"cvss": {
"score": 7.4,
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
"cwe": ["CWE-1321"],
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw"
},
"metadata": {
"timestamp": "2024-04-23T10:00:00.000Z",
"packageManager": "npm"
}
}]
}
2. When No Vulnerabilities Found (no-Severity-response.json)
{
"content": [{
"vulnerability": null,
"metadata": {
"timestamp": "2024-04-23T10:00:00.000Z",
"packageManager": "npm",
"message": "No known vulnerabilities found"
}
}]
}
Development
For development reference, check the example response files in the public directory:
- Severity-response.json : Example response when vulnerabilities are found (transformed from npm audit API response)
- no-Severity-response.json : Example response when no vulnerabilities are found (transformed from npm audit API response)
Note: The example responses shown above are transformed from the raw npm audit API responses to provide a more structured format. The original npm audit API responses contain additional metadata and may have a different structure.
Contributing
Contributions are welcome! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Author
ESX ([email protected])
Links
関連サーバー
Scout Monitoring MCP
スポンサーPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
スポンサーAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
System Diagnostics
An MCP server for system diagnostics and monitoring on Ubuntu using common command-line tools.
Sapiom
One API key gives agents access to 80+ tools: web search, deep search, browser automation, screenshots, 400+ LLM models, image generation, text-to-speech, sound effects, and phone verification. Pay-per-use with spend governance built in.
GameCode MCP2
A Model Context Protocol (MCP) server for tool integration, configured using a tools.yaml file.
MCP Node.js Debugger
Provides runtime debugging access to Node.js applications for code editors like Cursor or Claude Code.
GXtract
GXtract is a MCP server designed to integrate with VS Code and other compatible editors. It provides a suite of tools for interacting with the GroundX platform, enabling you to leverage its powerful document understanding capabilities directly within your development environment.
UI Prototype
A modern web application prototype built with React, TypeScript, and Material-UI, featuring authentication, internationalization, and Figma integration.
Liveblocks
Interact with the Liveblocks REST API to manage rooms, threads, comments, and notifications, with read access to Storage and Yjs.
HAL (HTTP API Layer)
An MCP server that enables Large Language Models to make HTTP requests and interact with web APIs. It supports automatic tool generation from OpenAPI/Swagger specifications.
AWS DynamoDB
The official developer experience MCP Server for Amazon DynamoDB. This server provides DynamoDB expert design guidance and data modeling assistance.
Leeroopedia
The Brain that turns Generalist Agents into ML Experts.