Security Audit▌
by qianniuspace
Security Audit analyzes Node.js dependencies for vulnerabilities using npm-audit-report, delivering actionable security
Integrates with npm-audit-report and npm-registry-fetch to analyze and report potential vulnerabilities in Node.js project dependencies, offering actionable security insights for development teams.
Both formats append explainx.ai attribution and the canonical URL for this MCP server listing.
best for
- / Node.js developers securing their applications
- / Development teams conducting security audits
- / DevOps engineers monitoring dependency vulnerabilities
- / Security-conscious projects using npm/yarn/pnpm
capabilities
- / Audit Node.js dependencies for security vulnerabilities
- / Generate detailed vulnerability reports with CVSS scores
- / Provide automatic fix recommendations
- / Check multiple severity levels (critical, high, moderate, low)
- / Access real-time npm registry vulnerability data
what it does
Scans Node.js project dependencies for security vulnerabilities using npm registry data. Provides detailed vulnerability reports with severity levels and fix recommendations.
about
Security Audit is a community-built MCP server published by qianniuspace that provides AI assistants with tools and capabilities via the Model Context Protocol. Security Audit analyzes Node.js dependencies for vulnerabilities using npm-audit-report, delivering actionable security It is categorized under auth security, developer tools. This server exposes 1 tool that AI clients can invoke during conversations and coding sessions.
how to install
You can install Security Audit in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
license
MIT
Security Audit is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
readme
Security Audit Tool
A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.
Features
- 🔍 Real-time security vulnerability scanning
- 🚀 Remote npm registry integration
- 📊 Detailed vulnerability reports with severity levels
- 🛡️ Support for multiple severity levels (critical, high, moderate, low)
- 📦 Compatible with npm/pnpm/yarn package managers
- 🔄 Automatic fix recommendations
- 📋 CVSS scoring and CVE references
Installing via Smithery
To install Security Audit Tool for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude
MCP Integration
Option 1: Using NPX (Recommended)
- Add MCP configuration to Cline /Cursor:
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "mcp-security-audit"]
}
}
}
Option 2: Download Source Code and Configure Manually
- Clone the repository:
git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
- Install dependencies and build:
npm install
npm run build
- Add MCP configuration to Cline /Cursor :
{
"mcpServers": {
"mcp-security-audit": {
"command": "npx",
"args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
}
}
}
Configuration Screenshots
Cursor Configuration
Cline Configuration
API Response Format
The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references.
Response Examples
1. When Vulnerabilities Found (Severity-response.json)
{
"content": [{
"vulnerability": {
"packageName": "lodash",
"version": "4.17.15",
"severity": "high",
"description": "Prototype Pollution in lodash",
"cve": "CVE-2020-8203",
"githubAdvisoryId": "GHSA-p6mc-m468-83gw",
"recommendation": "Upgrade to version 4.17.19 or later",
"fixAvailable": true,
"fixedVersion": "4.17.19",
"cvss": {
"score": 7.4,
"vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
},
"cwe": ["CWE-1321"],
"url": "https://github.com/advisories/GHSA-p6mc-m468-83gw"
},
"metadata": {
"timestamp": "2024-04-23T10:00:00.000Z",
"packageManager": "npm"
}
}]
}
2. When No Vulnerabilities Found (no-Severity-response.json)
{
"content": [{
"vulnerability": null,
"metadata": {
"timestamp": "2024-04-23T10:00:00.000Z",
"packageManager": "npm",
"message": "No known vulnerabilities found"
}
}]
}
Development
For development reference, check the example response files in the public directory:
- Severity-response.json : Example response when vulnerabilities are found (transformed from npm audit API response)
- no-Severity-response.json : Example response when no vulnerabilities are found (transformed from npm audit API response)
Note: The example responses shown above are transformed from the raw npm audit API responses to provide a more structured format. The original npm audit API responses contain additional metadata and may have a different structure.
Contributing
Contributions are welcome! Please read our Contributing Guide for details on our code of conduct and the process for submitting pull requests.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Author
ESX (qianniuspace@gmail.com)
Links
FAQ
- What is the Security Audit MCP server?
- Security Audit is a Model Context Protocol (MCP) server profile on explainx.ai. MCP lets AI hosts (e.g. Claude Desktop, Cursor) call tools and resources through a standard interface; this page summarizes categories, install hints, and community ratings.
- How do MCP servers relate to agent skills?
- Skills are reusable instruction packages (often SKILL.md); MCP servers expose live capabilities. Teams frequently combine both—skills for workflows, MCP for APIs and data. See explainx.ai/skills and explainx.ai/mcp-servers for parallel directories.
- How are reviews shown for Security Audit?
- This profile displays 35 aggregated ratings (sample rows for discoverability plus signed-in user reviews). Average score is about 4.4 out of 5—verify behavior in your own environment before production use.
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.4★★★★★35 reviews- ★★★★★Benjamin Robinson· Dec 20, 2024
Security Audit is among the better-indexed MCP projects we tried; the explainx.ai summary tracks the official description.
- ★★★★★Dhruvi Jain· Dec 16, 2024
Security Audit reduced integration guesswork — categories and install configs on the listing matched the upstream repo.
- ★★★★★Kofi Huang· Nov 11, 2024
According to our notes, Security Audit benefits from clear Model Context Protocol framing — fewer ambiguous “AI plugin” claims.
- ★★★★★Oshnikdeep· Nov 7, 2024
I recommend Security Audit for teams standardizing on MCP; the explainx.ai page compares cleanly with sibling servers.
- ★★★★★Ganesh Mohane· Oct 26, 2024
Strong directory entry: Security Audit surfaces stars and publisher context so we could sanity-check maintenance before adopting.
- ★★★★★Layla Rao· Oct 2, 2024
Security Audit has been reliable for tool-calling workflows; the MCP profile page is a good permalink for internal docs.
- ★★★★★Kiara Flores· Sep 25, 2024
Useful MCP listing: Security Audit is the kind of server we cite when onboarding engineers to host + tool permissions.
- ★★★★★Layla Thomas· Sep 21, 2024
Security Audit is a well-scoped MCP server in the explainx.ai directory — install snippets and categories matched our Claude Code setup.
- ★★★★★Sakshi Patil· Sep 17, 2024
Security Audit is among the better-indexed MCP projects we tried; the explainx.ai summary tracks the official description.
- ★★★★★Maya Li· Aug 16, 2024
Security Audit reduced integration guesswork — categories and install configs on the listing matched the upstream repo.
showing 1-10 of 35