mcp-security-audit

Name: mcp-security-audit
Rating: 2.1 (52 reviews)
Author: qianniuspace

by qianniuspace·★ 52·Score 42

MCP server for real-time npm security vulnerability scanning with detailed reports.

securitydeveloper-tools

Forks

Open issues

10 mo ago

Last commit

2d ago

Indexed

Overview

This MCP server integrates with npm registry to audit package dependencies for security vulnerabilities. It provides real-time scanning with detailed vulnerability reports including severity levels, CVE references, CVSS scores, and fix recommendations. The server supports multiple package managers (npm/pnpm/yarn) and categorizes vulnerabilities by criticality levels.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Audit npm dependencies for security vulnerabilities in CI/CD pipelines

you:Get real-time security alerts when adding new packages to projects

you:Generate compliance reports for security standards requiring vulnerability scanning

you:What package managers does this MCP server support?

you:How are vulnerabilities categorized?

When to choose this

Choose this MCP server for Node.js projects needing real-time security scanning without complex setup.

When NOT to choose this

Not ideal for projects requiring deep custom rules or non-JavaScript ecosystems as it's focused solely on npm packages.

Tools this server exposes

1 tool extracted from the README

audit_package
Audits npm package dependencies for security vulnerabilities

Note: Tool name inferred from the repository description and functionality, as the README doesn't explicitly list the MCP tool name but describes its security auditing capabilities

Comparable tools

npm-audit-mcpsnyk-mcpdependency-track-mcp

Installation

Via Smithery (Recommended)

npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude

Manual Installation

Add MCP configuration to Claude Desktop:

{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "npx",
      "args": ["-y", "mcp-security-audit"]
    }
  }
}

Alternative: Clone and build manually:

git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
npm install
npm run build

Then configure with the path to build/index.js

FAQ

What package managers does this MCP server support?: It supports npm, pnpm, and yarn package managers for security auditing.
How are vulnerabilities categorized?: Vulnerabilities are categorized by severity levels: critical, high, moderate, and low, along with CVSS scores for additional context.

Compare mcp-security-audit with

mcp-security-audit vs mcp-server-chart mcp-security-audit vs everything mcp-security-audit vs filesystem mcp-security-audit vs time mcp-security-audit vs sequentialthinking

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.