MCP Security Audit
π βοΈ A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.
What is MCP Security Audit?
MCP Security Audit is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to π βοΈ a powerful mcp (model context protocol) server that audits npm package dependencies for security vulnerabilities. built with remote npm registry integration for real-time security checks.
π βοΈ A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- π βοΈ A powerful MCP (Model Context Protocol) Server that aud
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-security-audit-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP Security Audit
MCP Security Audit Server is a TypeScript MCP server that scans npm package dependencies in real time for known security vulnerabilities by querying the npm registry directly. It classifies findings by severity (critical, high, moderate, low), provides CVSS scores and CVE identifiers, and suggests specific fixed versions for each vulnerable package. Frontend and Node.js developers use it to catch vulnerable dependencies during development without running a separate audit command.
Prerequisites
- Node.js 16+ and npm installed
- An npm-based project with a package.json to audit
- An MCP-compatible client such as Claude Desktop, Cursor, or Cline
- Network access to the npm registry (registry.npmjs.org)
Install via Smithery (recommended)
The easiest installation method uses the Smithery CLI to configure the server automatically for your chosen client.
npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claudeOr install and build manually
Clone the repository, install dependencies, and build the TypeScript project manually if you prefer not to use Smithery.
git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
npm install && npm run buildAdd the server to your MCP client configuration
Edit your MCP client config file to register the security audit server. No API keys are requiredβit queries the public npm registry.
Restart your MCP client
Quit and reopen Claude Desktop (or reload your IDE) to pick up the new server registration.
Run your first audit
Ask Claude to audit a specific package or your project's dependencies. The server returns structured vulnerability data including CVE IDs and fix recommendations.
MCP Security Audit Examples
Client configuration
Add this to your claude_desktop_config.json. No environment variables are required for the npm registry queries.
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "mcp-security-audit"]
}
}
}Prompts to try
Example prompts for scanning packages and project dependencies for security vulnerabilities.
- "Check if the lodash package has any known security vulnerabilities"
- "Audit all dependencies in my package.json and list critical and high severity issues"
- "What CVEs affect express 4.17.1 and what version fixes them?"
- "Scan this project's npm dependencies and generate a security report with remediation steps"
- "Are there any vulnerabilities in the packages we're using that have CVSS scores above 8?"Troubleshooting MCP Security Audit
Audit returns no results for a package
Verify the package name and version are spelled correctly. Some packages have no registered advisories even if they have known issuesβcross-check with npm audit or the GitHub Advisory Database.
Server fails to start after manual build
Ensure you ran 'npm run build' successfully and that the dist/ directory was created. Check that Node.js 16+ is installed with 'node --version'.
Rate limiting or network errors from the npm registry
The server queries the public npm registry, which may throttle high-volume requests. Add a delay between bulk audits or use a private registry mirror if operating in a restricted network environment.
Frequently Asked Questions about MCP Security Audit
What is MCP Security Audit?
MCP Security Audit is a Model Context Protocol (MCP) server that π βοΈ a powerful mcp (model context protocol) server that audits npm package dependencies for security vulnerabilities. built with remote npm registry integration for real-time security checks. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP Security Audit?
Follow the installation instructions on the MCP Security Audit GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP Security Audit?
MCP Security Audit works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP Security Audit free to use?
Yes, MCP Security Audit is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
MCP Security Audit Alternatives β Similar Security Servers
Looking for alternatives to MCP Security Audit? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
β 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
β 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
β 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
β 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
β 6.6k754 structured cybersecurity skills for AI agents Β· Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF Β· agentskills.io standard Β· Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
β 5.1kπ₯π₯ hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP Security Audit in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP Security Audit?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.