Description

This MCP server implementation provides a security audit tool for package.json dependencies. Developed by esx, it leverages npm-audit-report and npm-registry-fetch to analyze and report potential vulnerabilities in Node.js projects. The server is built using TypeScript and integrates with the Model Context Protocol SDK. It offers a command-line interface for easy integration into development workflows and CI/CD pipelines. The implementation focuses on providing clear, actionable security insights, making it particularly useful for development teams prioritizing code safety and compliance. It supports various output formats and can be easily incorporated into existing project management tools and security protocols.

Installation

npx -y mcp-security-audit

npm install mcp-security-audit

git clone https://github.com/qianniuspace/mcp-security-audit

Claude Desktop Configuration

Add this configuration to your Claude Desktop config file to enable this MCP server:

Config file location: ~/Library/Application Support/Claude/claude_desktop_config.json

Config file location: %APPDATA%\Claude\claude_desktop_config.json

Config file location: ~/.config/Claude/claude_desktop_config.json

claude_desktop_config.json

{
  "mcpServers": {
    "security-audit": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-security-audit"
      ]
    }
  }
}