Back to MCP Catalog

NPM Security Audit MCP Server

SecurityJavaScript
Audits npm package dependencies for security vulnerabilities
Available Tools

auditPackage

Audits a specific npm package for security vulnerabilities

packageNameversion

auditPackageJson

Scans a package.json file for security vulnerabilities in dependencies

packageJsonContent

getVulnerabilityDetails

Retrieves detailed information about a specific vulnerability

cveId

recommendFixes

Provides recommendations for fixing identified vulnerabilities

vulnerabilities

The NPM Security Audit MCP provides real-time scanning of npm package dependencies to identify security vulnerabilities. It integrates with remote npm registries to deliver comprehensive vulnerability reports with severity levels, CVSS scoring, and CVE references. This tool helps developers maintain secure codebases by identifying potential security issues in their dependencies and providing actionable fix recommendations.

NPM Security Audit

The NPM Security Audit MCP is a powerful tool that helps you identify and address security vulnerabilities in your npm package dependencies. By integrating with remote npm registries, it provides real-time security checks and detailed vulnerability reports.

Features

  • Real-time security vulnerability scanning
  • Remote npm registry integration
  • Detailed vulnerability reports with severity levels (critical, high, moderate, low)
  • CVSS scoring and CVE references
  • Automatic fix recommendations
  • Compatible with npm, pnpm, and yarn package managers

Installation

You can install the NPM Security Audit MCP using one of the following methods:

Option 1: Using NPX (Recommended)

Add the following MCP configuration to your Claude client:

{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "npx",
      "args": ["-y", "mcp-security-audit"]
    }
  }
}

Option 2: Manual Installation

  1. Clone the repository:
git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
  1. Install dependencies and build:
npm install
npm run build
  1. Add the following MCP configuration to your Claude client:
{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "npx",
      "args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
    }
  }
}

Using the MCP

Once installed, you can use the NPM Security Audit MCP to scan your project's dependencies for vulnerabilities. Simply ask Claude to analyze your package.json file or specific npm packages for security issues.

Example prompts:

  • "Check my package.json for security vulnerabilities"
  • "Are there any security issues with lodash version 4.17.15?"
  • "Scan my npm dependencies and recommend fixes for any vulnerabilities"

Response Format

The tool provides detailed vulnerability information including:

  • Package name and version
  • Severity level (critical, high, moderate, low)
  • Vulnerability description
  • CVE identifier and GitHub Advisory ID
  • Fix recommendations and available fixed versions
  • CVSS score and vector
  • CWE identifiers
  • Links to advisory information

Smithery Integration

This MCP is also available through Smithery. To install it automatically via Smithery:

npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude

Related MCPs

Netskope NPA
SecurityTypeScript

Manage Netskope Network Private Access infrastructure through natural language

DNStwist
SecurityJavaScript

Detect typosquatting, phishing, and domain impersonation with DNS fuzzing

Maigret OSINT Tool
SecurityJavaScript

Search for usernames across social networks and analyze URLs for OSINT research

About Model Context Protocol

Model Context Protocol (MCP) allows AI models to access external tools and services, extending their capabilities beyond their training data.

Generate Cursor Documentation

Save time on coding by generating custom documentation and prompts for Cursor IDE.