I craft unique cereal names, stories, and ridiculously cute Cereal Baby images.
Public
MCP-Security-ADIT
2025-02-25
Ein leistungsstarker MCP -Server (Model Context Protocol), der NPM -Paketabhängigkeiten für Sicherheitsanfälligkeiten prüft. Erstellt mit Remote NPM Registry Integration für Echtzeit-Sicherheitskontrollen.
1
Github Watches
3
Github Forks
24
Github Stars
Security Audit Tool
A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.
Features
- 🔍 Real-time security vulnerability scanning
- 🚀 Remote npm registry integration
- 📊 Detailed vulnerability reports with severity levels
- 🛡️ Support for multiple severity levels (critical, high, moderate, low)
- 📦 Compatible with npm/pnpm/yarn package managers
- 🔄 Automatic fix recommendations
- 📋 CVSS scoring and CVE references
Installing via Smithery
To install Security Audit Tool for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude
MCP Integration
Option 1: Using NPX (Recommended)
- Add MCP configuration to Cursor:
{
"Name": "mcp-security-audit",
"Type": "command",
"Command": "npx -y mcp-security-audit"
}
- Add MCP configuration to Cline:
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "mcp-security-audit"]
}
}
}
Option 2: Download Source Code and Configure Manually
- Clone the repository:
git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
- Install dependencies and build:
npm install
npm run build
- Add MCP configuration to Cursor:
{
"Name": "mcp-security-audit",
"Type": "command",
"Command": "node /path/to/mcp-security-audit/build/index.js"
}
- Add MCP configuration to Cline:
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
}
}
}
Configuration Screenshots
Cursor Configuration
Cline Configuration
API Response Format
The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references.
Response Examples
1. When Vulnerabilities Found (Severity-response.json)
{
"content": [{
"vulnerability": {
"packageName": "lodash",
"version": "4.17.15",
"severity": "high",
"description": "Prototype Pollution in lodash",
"cve": "CVE-2020-8203",
"githubAdvisoryId": "GHSA-p6mc-m468-83gw",
"recommendation": "Upgrade to version 4.17.19 or later",
"fixAvailable": true,
"fixedVersion": "4.17.19",
"cvss": {
"score": 7.4,
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
"cwe": ["CWE-1321"],
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw"
},
"metadata": {
"timestamp": "2024-04-23T10:00:00.000Z",
"packageManager": "npm"
}
}]
}
2. When No Vulnerabilities Found (no-Severity-response.json)
{
"content": [{
"vulnerability": null,
"metadata": {
"timestamp": "2024-04-23T10:00:00.000Z",
"packageManager": "npm",
"message": "No known vulnerabilities found"
}
}]
}
Development
For development reference, check the example response files in the public directory:
- Severity-response.json : Example response when vulnerabilities are found (transformed from npm audit API response)
- no-Severity-response.json : Example response when no vulnerabilities are found (transformed from npm audit API response)
Note: The example responses shown above are transformed from the raw npm audit API responses to provide a more structured format. The original npm audit API responses contain additional metadata and may have a different structure.
Contributing
Contributions are welcome! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Author
ESX (qianniuspace@gmail.com)
Links
相关推荐
I find academic articles and books for research and literature reviews.
Evaluator for marketplace product descriptions, checks for relevancy and keyword stuffing.
Confidential guide on numerology and astrology, based of GG33 Public information
Emulating Dr. Jordan B. Peterson's style in providing life advice and insights.
Your go-to expert in the Rust ecosystem, specializing in precise code interpretation, up-to-date crate version checking, and in-depth source code analysis. I offer accurate, context-aware insights for all your Rust programming questions.
This GPT assists in finding a top-rated business CPA - local or virtual. We account for their qualifications, experience, testimonials and reviews. Business operators provide a short description of your business, services wanted, and city or state.
Advanced software engineer GPT that excels through nailing the basics.
Converts Figma frames into front-end code for various mobile frameworks.
Entdecken Sie die umfassendste und aktuellste Sammlung von MCP-Servern auf dem Markt. Dieses Repository dient als zentraler Hub und bietet einen umfangreichen Katalog von Open-Source- und Proprietary MCP-Servern mit Funktionen, Dokumentationslinks und Mitwirkenden.
Die All-in-One-Desktop & Docker-AI-Anwendung mit integriertem Lappen, AI-Agenten, No-Code-Agent Builder, MCP-Kompatibilität und vielem mehr.
Fair-Code-Workflow-Automatisierungsplattform mit nativen KI-Funktionen. Kombinieren Sie visuelles Gebäude mit benutzerdefiniertem Code, SelbstHost oder Cloud, 400+ Integrationen.
🧑🚀 全世界最好的 llm 资料总结(数据处理、模型训练、模型部署、 O1 模型、 MCP 、小语言模型、视觉语言模型) | Zusammenfassung der weltbesten LLM -Ressourcen.
Reviews
3
(1)
user_QkNyt65W
2025-04-15
The (Unofficial) linkding-mcp-server by uta8a is an exceptional tool for managing bookmarks effortlessly. Its seamless integration and intuitive design make it a joy to use for organizing and accessing saved links. Highly recommend checking it out! You can find more details at the official [link](https://mcp.so/server/linkding-mcp-server/uta8a). Great job, uta8a!