Security Audit Tool
A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.
Overview
Mcp Security Audit is a powerful tool designed to audit npm package dependencies for security vulnerabilities, integrating with remote npm registries for real-time checks.
To use the Mcp Security Audit tool, you can install it via Smithery or clone the repository and configure it manually. Follow the installation instructions provided in the documentation.
- Real-time security vulnerability scanning - Remote npm registry integration - Detailed vulnerability reports with severity levels - Support for multiple severity levels (critical, high, moderate, low) - Compatibility with npm, pnpm, and yarn package managers - Automatic fix recommendations - CVSS scoring and CVE references
- Scanning npm packages for known vulnerabilities before deployment.
- Generating detailed reports for security audits.
- Providing recommendations for fixing vulnerabilities in dependencies.
Add to your AI client
Use these steps to connect Security Audit Tool in Cursor, Claude, VS Code, and other MCP-compatible apps. The same JSON appears in the Use with menu above for one-click copy.
Cursor
Add this to your .cursor/mcp.json file in your project root, then restart Cursor.
.cursor/mcp.json
{
"mcpServers": {
"mcp-security-audit-qianniuspace": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-mcp-security-audit-qianniuspace"
]
}
}
}Claude Desktop
Add this server entry to the mcpServers object in your Claude Desktop config, then restart the app.
~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows)
{
"mcpServers": {
"mcp-security-audit-qianniuspace": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-mcp-security-audit-qianniuspace"
]
}
}
}Claude Code
Add this to your project's .mcp.json file. Claude Code will detect it automatically.
.mcp.json (project root)
{
"mcpServers": {
"mcp-security-audit-qianniuspace": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-mcp-security-audit-qianniuspace"
]
}
}
}VS Code (Copilot)
Add this to your .vscode/mcp.json file. Requires the GitHub Copilot extension with MCP support enabled.
.vscode/mcp.json
{
"servers": {
"mcp-security-audit-qianniuspace": {
"type": "stdio",
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-mcp-security-audit-qianniuspace"
]
}
}
}Windsurf
Add this to your Windsurf MCP config file, then restart Windsurf.
~/.codeium/windsurf/mcp_config.json
{
"mcpServers": {
"mcp-security-audit-qianniuspace": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-mcp-security-audit-qianniuspace"
]
}
}
}Cline
Open Cline settings, navigate to MCP Servers, and add this server configuration.
Cline MCP Settings (via UI)
{
"mcpServers": {
"mcp-security-audit-qianniuspace": {
"command": "npx",
"args": [
"-y",
"@modelcontextprotocol/server-mcp-security-audit-qianniuspace"
]
}
}
}FAQ
Can Mcp Security Audit scan all npm packages?
Yes! It can audit any npm package dependencies for vulnerabilities.
Is Mcp Security Audit free to use?
Yes! The tool is open-source and free to use.
How accurate are the vulnerability reports?
The accuracy depends on the npm registry data and the tool's integration with it.