mcp-security-audit

Security Audit Tool is an MCP server that analyzes npm package dependencies for security vulnerabilities by querying a remote npm registry and returning detailed vulnerability data. It supports real-time scanning, severity filtering, CVSS scoring, and CVE references, with recommendations to fix issues. You can run it via NPX (recommended) and configure it in your MCP client (Cline/Cursor) so that the server returns structured vulnerability responses that include package name, version, severity, description, and remediation guidance. The server is compatible with npm, pnpm, and yarn workflows and can provide automatic fix recommendations when possible.

Prerequisites:

• Node.js and npm (or pnpm/yarn) installed on your machine
• Access to npm registry (public or private as needed)

Option A: Install and run via NPX (recommended):

1. Ensure you have npm installed
2. Run: npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude

Option B: Clone and configure manually:

1. Clone the repository: git clone https://github.com/qianniuspace/mcp-security-audit.git
2. Install dependencies and build: npm install npm run build
3. Add MCP configuration to Cursor/Cline: { "mcpServers": { "mcp-security-audit": { "command": "npx", "args": ["-y", "/path/to/mcp-security-audit/build/index.js"] } } }

Notes:

• The MCP server uses a remote npm registry to perform security vulnerability checks and returns detailed results including severity levels, CVSS scores, and CVE references.
• If you deploy locally from source, ensure the built index.js path is correct in the MCP configuration.
• Supported package managers: npm, pnpm, and yarn. The tool can suggest automatic fixes when fixes are available.
• Common env considerations may include network access to the npm registry and appropriate authentication if using a private registry.