Socket

v0.0.17Securitystable

A Model Context Protocol (MCP) server for Socket integration, allowing AI assistants to efficiently check dependency vulnerability scores and security information.

socket-mcp-servermcpai-integration
Share:
109
Stars
0
Downloads
0
Weekly
0/5

What is Socket?

Socket is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to model context protocol (mcp) server for socket integration, allowing ai assistants to efficiently check dependency vulnerability scores and security information.

A Model Context Protocol (MCP) server for Socket integration, allowing AI assistants to efficiently check dependency vulnerability scores and security information.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • A Model Context Protocol (MCP) server for Socket integration

Use Cases

Check dependency vulnerability scores and security information through Socket.
Assess open-source package security risks and vulnerabilities.
SocketDev

Maintainer

LicenseMIT License
Languagetypescript
Versionv0.0.17
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y @socketsecurity/mcp

Manual Installation

npx -y @socketsecurity/mcp

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Socket

The Socket MCP server connects AI assistants directly to the Socket.dev security platform, enabling real-time dependency vulnerability analysis across npm, PyPI, Cargo, Maven, NuGet, RubyGems, Go Modules, Composer, and GitHub Actions ecosystems. It exposes tools to query supply chain risk scores, retrieve security alerts filtered by severity and category, and inspect published package files — all without leaving your AI workflow. Developers use it to catch malicious packages, typosquats, and obfuscated code before they enter production dependencies.

Prerequisites

  • Node.js 18 or later (for npx self-hosted mode)
  • A Socket.dev account — free tier available at socket.dev
  • A Socket API token with at minimum the `packages:list` permission scope (for self-hosted mode; the public server uses OAuth)
  • An MCP-compatible client such as Claude Desktop, Claude Code, or Cursor
1

Choose your deployment mode

Socket MCP offers two modes. The public hosted server at https://mcp.socket.dev/ requires only OAuth sign-in and no API key. The self-hosted stdio mode requires a Socket API token and runs locally via npx. Choose the public server for the fastest setup.

2

Add the public Socket MCP server (recommended)

Run this command to register the remote Socket MCP server with Claude Code. You will be prompted to sign in via browser OAuth on first use.

claude mcp add --transport http socket-mcp https://mcp.socket.dev/
3

Or add the self-hosted server with your API token

If you prefer to run locally (e.g., for enterprise environments), obtain a Socket API token from your Socket dashboard and register the stdio server instead.

claude mcp add socket-mcp -e SOCKET_API_TOKEN="your-token" -- npx @socketsecurity/mcp@latest
4

Configure Claude Desktop (alternative clients)

If you use Claude Desktop rather than Claude Code, add the server block to your claude_desktop_config.json file under mcpServers.

{
  "mcpServers": {
    "socket-mcp": {
      "command": "npx",
      "args": ["-y", "@socketsecurity/mcp@latest"],
      "env": {
        "SOCKET_API_TOKEN": "your-socket-api-token"
      }
    }
  }
}
5

Verify the connection

Restart your MCP client and ask Claude to check a package. If the depscore tool returns a JSON result with supply chain and vulnerability metrics, the server is working correctly.

Socket Examples

Client configuration

Self-hosted stdio configuration for Claude Desktop using the @socketsecurity/mcp package.

{
  "mcpServers": {
    "socket-mcp": {
      "command": "npx",
      "args": ["-y", "@socketsecurity/mcp@latest"],
      "env": {
        "SOCKET_API_TOKEN": "your-socket-api-token"
      }
    }
  }
}

Prompts to try

Security queries you can ask once the Socket MCP server is connected.

- "Check the security score for express version 4.18.2"
- "Analyze the dependency vulnerabilities in my package.json"
- "What are the supply chain risk scores for react, lodash, and axios?"
- "Show me any malware alerts for packages published in the last 7 days"
- "Is the npm package event-stream safe to use?"

Troubleshooting Socket

OAuth sign-in loop or token not persisting on the public server

Ensure your MCP client supports HTTP transport with OAuth. Claude Code supports this natively; Claude Desktop may require the self-hosted stdio mode instead.

SOCKET_API_TOKEN errors or 401 Unauthorized responses

Verify your token has the `packages:list` scope in the Socket dashboard under API Keys. Generate a new token if the scope is missing, and make sure no extra whitespace was copied into the env var.

npx hangs or fails to download the package

Run `npm cache clean --force` then retry. You can also pin to a specific version: `npx @socketsecurity/[email protected]` to avoid resolution issues.

Frequently Asked Questions about Socket

What is Socket?

Socket is a Model Context Protocol (MCP) server that model context protocol (mcp) server for socket integration, allowing ai assistants to efficiently check dependency vulnerability scores and security information. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Socket?

Install via npm with the command: npx -y @socketsecurity/mcp. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with Socket?

Socket works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Socket free to use?

Yes, Socket is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

Socket Alternatives — Similar Security Servers

Looking for alternatives to Socket? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "socket-mcp-server": { "command": "npx", "args": ["-y", "@socketsecurity/mcp"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Socket?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides