- Home
- MCP servers
- Security Audit
Security Audit
- typescript
51
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"qianniuspace-mcp-security-audit": {
"command": "npx",
"args": [
"-y",
"mcp-security-audit"
]
}
}
}You have a Security Audit MCP Server that analyzes npm package dependencies to identify security vulnerabilities in real time. It integrates with remote npm registries, provides detailed vulnerability reports with severity levels, and offers automatic fix recommendations to help you keep your projects safe.
How to use
You use this MCP server by configuring your MCP client to run the security audit tool as either a remote (HTTP) service or a local (stdio) process. The tool scans dependencies during your normal workflow, returns vulnerability details with CVSS scores and CVE references, and proposes upgrade paths when fixes are available. You can run it as part of your build or as a background check to continuously monitor your dependencies.
How to install
Prerequisites: you need Node.js and npm installed on your system to build and run the MCP server.
Install the Security Audit Tool for your MCP client using NPX directly when integrating with Claude Desktop or similar environments.
npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude
Additional MCP configuration options
Option 1: Using NPX (Recommended) is the simplest path. You configure the MCP client to execute the tool via NPX so the runtime pulls the latest version when starting.
{
"mcpServers": {
"mcp_security_audit": {
"command": "npx",
"args": ["-y", "mcp-security-audit"]
}
}
}
Manual installation from source
If you prefer to build from source, clone the repository, install dependencies, and build the project. Then configure your MCP client to point at the built index file.
git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
npm install
npm run build
{
"mcpServers": {
"mcp_security_audit_build": {
"command": "npx",
"args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
}
}
}
Configuration notes
Configure the MCP client with the appropriate mcpServers entry that matches your deployment choice. If you run from a built index, ensure the path to index.js is correct for your environment.
Notes on outputs
The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references. You will receive responses that describe found vulnerabilities or a confirmation that no vulnerabilities were detected.
Available tools
real_time_scan
Performs real-time security vulnerability scanning of npm dependencies and aggregates results.
vulnerability_report
Generates a structured vulnerability report including severity, CVSS scores, and CVE references.
fix_recommendations
Provides automatic upgrade recommendations to fix detected vulnerabilities when possible.
cvss_scoring
Includes CVSS scores and vectors to help you prioritize remediation.