MCP Web Audit

一个基于nodejs的MCP项目代码依赖审核工具
  • javascript

5

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "shen-zhihao-mcp-web-audit": {
      "command": "node",
      "args": [
        "src/mcpServer.js"
      ]
    }
  }
}

You run an MCP server that performs automated front-end project security audits. It analyzes both local projects and remote repositories, produces Markdown audit reports, and can be used directly through an MCP client or via a local runtime. This server-based approach helps you consistently audit dependencies, identify vulnerabilities, and receive actionable fix recommendations.

How to use

You can audit local projects or remote repositories by connecting an MCP client to the server. Start the MCP server locally, then invoke the audit function from your client to generate a structured report. The server handles parsing the project, analyzing direct and indirect dependencies, running a security scan, and rendering a Markdown report that includes a project overview, a vulnerability summary, and a detailed list of each issue with fixes.

Typical workflow steps after you have the server running:

    1. Start the MCP server locally
    1. From your MCP client, request an audit for a local project or a remote repository
    1. Receive a structured audit result and save the Markdown report to a file
    1. Review the vulnerability details, severity, affected packages, and recommended fixes

Because the server performs automated analysis, you can integrate it into CI pipelines to continuously audit dependencies and fail builds when critical issues are detected. The server supports producing a standalone Markdown report that you can store, share, or attach to issue trackers.

How to install

Prerequisites you need before installation:

  • Network access for remote audits
  • At least 100 MB free disk space for temporary files and reports

Install and run the MCP server locally using the following commands.

# Clone the repository
git clone https://github.com/shenzhihao/mcp-web-audit.git
cd mcp-web-audit

# Install dependencies
npm install

# Start the MCP server (stdio configuration)
node src/mcpServer.js

When the server is running, you can connect your MCP client to perform audits and generate reports. If you prefer not to build locally, you can run the provided runtime commands that target the local server entry point.

Configuration and notes

The server exposes a standard MCP runtime that you start with a Node.js command. No additional configuration is required for basic usage, but you can customize how audits are triggered and where reports are saved from your client. Ensure your client uses the server’s audit endpoint to request an audit for either a local project path or a remote repository URL. The server will process the request, scan dependencies, and render a Markdown report that includes a project overview, vulnerability counts by severity, and a detailed list of issues with fixes.

Troubleshooting

If audits fail or reports fail to generate, verify that Node.js is properly installed, the working directory contains the project you intend to audit, and network access is available for remote repository audits. Check that the server is running and listening on the expected entry point, and consult your MCP client for any error messages related to the audit request or report saving path.

Available tools

auditPackage

Audits a specified project or repository and generates a report, handling both local paths and remote URLs.

parseLocalProject

Parses a local project to extract dependencies and project metadata for auditing.

parseRemoteProject

Parses a remote repository URL to prepare it for auditing.

npmAudit

Performs a security scan on npm dependencies as part of the audit process.

renderMarkdown

Renders the audit results into a Markdown report with a project overview, vulnerability summary, and detailed findings.

generateLock

Generates a lock file for dependency versions as part of the preparation step.

getDepChain

Analyzes the complete dependency chain including indirect dependencies.

currentAudit

Represents the current audit session and orchestrates the auditing flow.

remoteAudit

Coordinates auditing tasks that involve remote repositories.

mcpServer

The MCP server entry point that exposes the audit service to MCP clients.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
MCP Web Audit MCP Server - shen-zhihao/mcp-web-audit | VeilStrat