Dependency Checker

Provides tools to scan npm dependencies for known vulnerabilities using OSV.dev and Socket.dev databases.
  • javascript

0

GitHub Stars

javascript

Language

3 months ago

First Indexed

3 weeks ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "djodjonx-dependency-checker-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@djodjonx/dependency-checker-mcp@latest"
      ]
    }
  }
}

This MCP server helps you verify npm dependencies against known vulnerability databases by providing tooling that checks packages and surfaces detailed vulnerability information. You can run it on demand with npx for quick checks or run it locally for full integration into your workflows, making it easier to keep your projects secure.

How to use

You can use the Dependency Checker MCP Server from a client that supports MCP servers. Run it via npx to fetch the latest stable version on demand, or run a local copy for a tightly controlled environment. The server provides three core capabilities: scanning a manifest file for vulnerabilities, checking a specific list of dependencies, and retrieving full details for a given vulnerability ID.

How to install

Prerequisites you need before starting are Node.js version 20 or newer and npm. The server can be used without a prior installation by running it through npx.

Option A: Use via npx (no installation required)

# Ensure you have Node.js and npm installed
# Run the MCP server via npx with the latest stable version
npx -y @djodjonx/dependency-checker-mcp@latest

Option B: Install locally for full control (build is available)

# Clone the project
git clone https://github.com/djodjonx/dependency-checker-mcp.git
cd dependency-checker-mcp

# Install dependencies
npm install

# Build the project (produces a dist/ directory)
npm run build

# Start from the built artifact directly
node dist/index.mjs

Configuration for MCP clients

Configure your MCP client to point at the Dependency Checker MCP Server. The following examples show how to add a server entry for both a remote, quick-start approach and a local development scenario.

{
  "mcpServers": {
    "dependency-checker": {
      "command": "npx",
      "args": ["-y", "@djodjonx/dependency-checker-mcp@latest"]
    }
  }
}

{
  "mcpServers": {
    "dependency-checker-local": {
      "command": "node",
      "args": ["/chemin/vers/dependency-checker-mcp/dist/index.mjs"]
    }
  }
}

Available tools

scan_file

Analyzes a manifest file (package.json, lockfiles) to surface vulnerabilities. Supports package.json, package-lock.json, yarn.lock, and pnpm-lock.yaml.

check_vulnerabilities

Validates a specific list of dependencies, allowing agents to verify dependencies collected from other sources.

get_vulnerability_details

Fetches complete technical details for a vulnerability using its ID (CVE, GHSA, etc.).

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational