├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ └── publish.yml ├── .gitignore ├── .nvmrc ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── Dockerfile ├── LICENSE ├── Pitfalls.md ├── README.md ├── images ├── cline-config.png └── cursor-config.png ├── package-lock.json ├── package.json ├── public ├── Severity-response.json └── no-Severity-response.json ├── smithery.yaml ├── src ├── handlers │ └── security.ts ├── index.ts ├── test │ └── test.ts └── types │ ├── index.ts │ └── npm-registry-fetch.d.ts └── tsconfig.json /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Report an issue with the mcp-security-audit tool 4 | title: "[BUG]" 5 | labels: bug 6 | assignees: qianniuspace 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Command or configuration used 16 | 2. Package.json content or dependencies being audited 17 | 3. Environment details (Node.js version, npm version) 18 | 4. Error message or unexpected output 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Actual behavior** 24 | What actually happened, including any error messages, logs, or unexpected output. 25 | 26 | **Screenshots** 27 | If applicable, add screenshots to help explain your problem. 28 | 29 | **Environment information:** 30 | - OS: [e.g. macOS, Windows, Linux] 31 | - Node.js version: [e.g. 18.15.0] 32 | - npm version: [e.g. 9.5.0] 33 | - mcp-security-audit version: [e.g. 1.0.4] 34 | - Integration method: [e.g. npx, local installation, Smithery] 35 | - Client used: [e.g. Claude Desktop, Cursor, Cline] 36 | 37 | **Additional context** 38 | Add any other context about the problem here, such as: 39 | - Were you auditing a specific package? 40 | - Did the issue occur with specific dependency versions? 41 | - Any recent changes to your environment? 42 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[FEATURE]" 5 | labels: enhancement 6 | assignees: StevenStavrakis 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | name: Publish Package to npmjs 2 | 3 | on: 4 | workflow_dispatch: 5 | release: 6 | types: [published] 7 | push: 8 | branches: 9 | - main 10 | 11 | # cancel previous runs if a new one is triggered 12 | concurrency: 13 | group: ${{ github.workflow }}-${{ github.ref }} 14 | 15 | jobs: 16 | build: 17 | runs-on: ubuntu-latest 18 | permissions: 19 | contents: write 20 | id-token: write 21 | steps: 22 | - uses: actions/checkout@v4 23 | # Setup .npmrc file to publish to npm 24 | - uses: actions/setup-node@v4 25 | with: 26 | node-version: "22.x" 27 | registry-url: "https://registry.npmjs.org" 28 | - run: npm install 29 | 30 | - name: Get version from package.json 31 | id: version 32 | run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT 33 | 34 | - name: Create Git tag 35 | if: ${{ !contains(github.event.head_commit.message, 'chore(release)') && github.event_name != 'workflow_dispatch' }} 36 | run: | 37 | git config --local user.email "action@github.com" 38 | git config --local user.name "GitHub Action" 39 | git tag -a "v${{ steps.version.outputs.version }}" -m "Release v${{ steps.version.outputs.version }}" 40 | git push origin "v${{ steps.version.outputs.version }}" 41 | 42 | - name: Create GitHub Release 43 | if: ${{ !contains(github.event.head_commit.message, 'chore(release)') && github.event_name != 'workflow_dispatch' }} 44 | uses: softprops/action-gh-release@v1 45 | with: 46 | tag_name: v${{ steps.version.outputs.version }} 47 | name: Release v${{ steps.version.outputs.version }} 48 | generate_release_notes: true 49 | 50 | - run: npm publish --provenance --access public 51 | # only if the commit message contains chore(release), or if manually triggered with workflow_dispatch 52 | if: ${{ contains(github.event.head_commit.message, 'chore(release)') || github.event_name == 'workflow_dispatch' }} 53 | env: 54 | NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} 55 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | *.log 3 | .env* 4 | build/ 5 | dist/ 6 | .vscode -------------------------------------------------------------------------------- /.nvmrc: -------------------------------------------------------------------------------- 1 | 22 -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. 4 | 5 | ### [1.0.4](https://github.com/qianniuspace/mcp-security-audit/compare/v1.0.3...v1.0.4) (2025-02-21) 6 | 7 | ### [1.0.3](https://github.com/qianniuspace/mcp-security-audit/compare/v1.0.1...v1.0.3) (2025-02-21) 8 | 9 | ### 1.0.2 (2025-02-20) 10 | 11 | ### 1.0.1 (2025-02-20) 12 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and expression, 9 | level of experience, education, socio-economic status, nationality, personal 10 | appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our Standards 13 | 14 | Examples of behaviour that contributes to creating a positive environment 15 | include: 16 | 17 | - Using welcoming and inclusive language 18 | - Being respectful of differing viewpoints and experiences 19 | - Gracefully accepting constructive criticism 20 | - Focusing on what is best for the community 21 | - Showing empathy towards other community members 22 | 23 | Examples of unacceptable behaviours by participants include: 24 | 25 | - The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | - Trolling, insulting/derogatory comments, and personal or political attacks 28 | - Public or private harassment 29 | - Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | - Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our Responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behaviour and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behaviour. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or 41 | reject comments, commits, code, wiki edits, issues, and other contributions 42 | that are not aligned to this Code of Conduct, or to ban temporarily or 43 | permanently any contributor for other behaviours that they deem inappropriate, 44 | threatening, offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behaviour may be 58 | reported by contacting the project team at jan@n8n.io. All 59 | complaints will be reviewed and investigated and will result in a response that 60 | is deemed necessary and appropriate to the circumstances. The project team is 61 | obligated to maintain confidentiality with regard to the reporter of an incident. 62 | Further details of specific enforcement policies may be posted separately. 63 | 64 | Project maintainers who do not follow or enforce the Code of Conduct in good 65 | faith may face temporary or permanent repercussions as determined by other 66 | members of the project's leadership. 67 | 68 | ## Attribution 69 | 70 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, 71 | available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html 72 | 73 | [homepage]: https://www.contributor-covenant.org 74 | 75 | For answers to common questions about this code of conduct, see 76 | https://www.contributor-covenant.org/faq 77 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Generated by https://smithery.ai. See: https://smithery.ai/docs/config#dockerfile 2 | # Use the official Node.js 18 image as the base image 3 | FROM node:18-alpine AS builder 4 | 5 | # Set the working directory inside the container 6 | WORKDIR /app 7 | 8 | # Copy package.json and package-lock.json to the working directory 9 | COPY package.json package-lock.json ./ 10 | 11 | # Install dependencies (ignoring scripts to prevent premature build) 12 | RUN npm install --ignore-scripts 13 | 14 | # Copy the rest of the application code to the container 15 | COPY . . 16 | 17 | # Build the TypeScript files 18 | RUN npm run build 19 | 20 | # Final stage: Use a smaller Node.js image to run the application 21 | FROM node:18-alpine 22 | 23 | # Set the working directory inside the container 24 | WORKDIR /app 25 | 26 | # Copy built files from the builder stage 27 | COPY --from=builder /app/build /app/build 28 | COPY --from=builder /app/package.json /app/package.json 29 | COPY --from=builder /app/package-lock.json /app/package-lock.json 30 | 31 | # Install production dependencies only 32 | RUN npm install --omit=dev --ignore-scripts 33 | 34 | # Command to run the application 35 | ENTRYPOINT ["node", "build/index.js"] 36 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 esx 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Pitfalls.md: -------------------------------------------------------------------------------- 1 | # 开发注意事项 2 | 3 | ## MCP 规范 4 | - 执行代码中不能打印日志 5 | - 可以 catch 异常或抛出异常 6 | - 只能返回结果 7 | 8 | ## npm audit 优化 9 | 使用 npm-registry-fetch 远程调用 npm audit api,替代本地 npm audit 执行 10 | 11 | ## npm 包发布 12 | - 使用 GitHub Actions 自动发布 npm 包 13 | - 参考文档:https://juejin.cn/post/7457070778098892840 14 | 15 | ## npm scripts 注意事项 16 | - 使用 `--ignore-scripts` 禁用 npm 生命周期脚本的自动执行 17 | - 在 Docker 多阶段构建中尤其重要,避免生产环境重复执行编译 18 | 19 | ## 接口规范 20 | 返回格式固定为: 21 | ```json 22 | { 23 | "content": [{ 24 | // ... 数据结构 25 | }] 26 | } 27 | ``` -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![MseeP.ai Security Assessment Badge](https://mseep.net/pr/qianniuspace-mcp-security-audit-badge.png)](https://mseep.ai/app/qianniuspace-mcp-security-audit) 2 | 3 | # Security Audit Tool 4 | 5 | [![smithery badge](https://smithery.ai/badge/@qianniuspace/mcp-security-audit)](https://smithery.ai/server/@qianniuspace/mcp-security-audit) 6 | [![NPM version](https://img.shields.io/npm/v/mcp-security-audit.svg)](https://www.npmjs.com/package/mcp-security-audit) 7 | [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) 8 | 9 | 10 | 11 | 12 | 13 | A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks. 14 | 15 | ## Features 16 | 17 | - 🔍 Real-time security vulnerability scanning 18 | - 🚀 Remote npm registry integration 19 | - 📊 Detailed vulnerability reports with severity levels 20 | - 🛡️ Support for multiple severity levels (critical, high, moderate, low) 21 | - 📦 Compatible with npm/pnpm/yarn package managers 22 | - 🔄 Automatic fix recommendations 23 | - 📋 CVSS scoring and CVE references 24 | 25 | 26 | 27 | ### Installing via Smithery 28 | 29 | To install Security Audit Tool for Claude Desktop automatically via [Smithery](https://smithery.ai/server/@qianniuspace/mcp-security-audit): 30 | 31 | ```bash 32 | npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude 33 | ``` 34 | 35 | ### MCP Integration 36 | 37 | #### Option 1: Using NPX (Recommended) 38 | 39 | 40 | 1. Add MCP configuration to Cline /Cursor: 41 | ```json 42 | { 43 | "mcpServers": { 44 | "mcp-security-audit": { 45 | "command": "npx", 46 | "args": ["-y", "mcp-security-audit"] 47 | } 48 | } 49 | } 50 | ``` 51 | 52 | #### Option 2: Download Source Code and Configure Manually 53 | 54 | 1. Clone the repository: 55 | ```bash 56 | git clone https://github.com/qianniuspace/mcp-security-audit.git 57 | cd mcp-security-audit 58 | ``` 59 | 60 | 2. Install dependencies and build: 61 | ```bash 62 | npm install 63 | npm run build 64 | ``` 65 | 66 | 3. Add MCP configuration to Cline /Cursor : 67 | ```json 68 | { 69 | "mcpServers": { 70 | "mcp-security-audit": { 71 | "command": "npx", 72 | "args": ["-y", "/path/to/mcp-security-audit/build/index.js"] 73 | } 74 | } 75 | } 76 | ``` 77 | 78 | 79 | ## Configuration Screenshots 80 | 81 | ### Cursor Configuration 82 | ![Cursor Configuration](images/cursor-config.png) 83 | 84 | ### Cline Configuration 85 | ![Cline Configuration](images/cline-config.png) 86 | 87 | 88 | 89 | 90 | 91 | ## API Response Format 92 | 93 | The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references. 94 | 95 | ### Response Examples 96 | 97 | #### 1. When Vulnerabilities Found (Severity-response.json) 98 | ```json 99 | { 100 | "content": [{ 101 | "vulnerability": { 102 | "packageName": "lodash", 103 | "version": "4.17.15", 104 | "severity": "high", 105 | "description": "Prototype Pollution in lodash", 106 | "cve": "CVE-2020-8203", 107 | "githubAdvisoryId": "GHSA-p6mc-m468-83gw", 108 | "recommendation": "Upgrade to version 4.17.19 or later", 109 | "fixAvailable": true, 110 | "fixedVersion": "4.17.19", 111 | "cvss": { 112 | "score": 7.4, 113 | "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" 114 | }, 115 | "cwe": ["CWE-1321"], 116 | "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw" 117 | }, 118 | "metadata": { 119 | "timestamp": "2024-04-23T10:00:00.000Z", 120 | "packageManager": "npm" 121 | } 122 | }] 123 | } 124 | ``` 125 | 126 | #### 2. When No Vulnerabilities Found (no-Severity-response.json) 127 | ```json 128 | { 129 | "content": [{ 130 | "vulnerability": null, 131 | "metadata": { 132 | "timestamp": "2024-04-23T10:00:00.000Z", 133 | "packageManager": "npm", 134 | "message": "No known vulnerabilities found" 135 | } 136 | }] 137 | } 138 | ``` 139 | 140 | 141 | ## Development 142 | 143 | For development reference, check the example response files in the `public` directory: 144 | - [Severity-response.json](public/Severity-response.json) : Example response when vulnerabilities are found (transformed from npm audit API response) 145 | - [no-Severity-response.json](public/no-Severity-response.json) : Example response when no vulnerabilities are found (transformed from npm audit API response) 146 | 147 | Note: The example responses shown above are transformed from the raw npm audit API responses to provide a more structured format. The original npm audit API responses contain additional metadata and may have a different structure. 148 | 149 | ## Contributing 150 | 151 | Contributions are welcome! Please read our [Contributing Guide](CODE_OF_CONDUCT.md) for details on our code of conduct and the process for submitting pull requests. 152 | 153 | ## License 154 | 155 | This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. 156 | 157 | ## Author 158 | 159 | ESX (qianniuspace@gmail.com) 160 | 161 | ## Links 162 | 163 | - [GitHub Repository](https://github.com/qianniuspace/mcp-security-audit) 164 | - [Issue Tracker](https://github.com/qianniuspace/mcp-security-audit/issues) 165 | - [Changelog](CHANGELOG.md) 166 | ``` 167 | -------------------------------------------------------------------------------- /images/cline-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qianniuspace/mcp-security-audit/376bfd27a9c71c437a7466adce3bfec861f76461/images/cline-config.png -------------------------------------------------------------------------------- /images/cursor-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/qianniuspace/mcp-security-audit/376bfd27a9c71c437a7466adce3bfec861f76461/images/cursor-config.png -------------------------------------------------------------------------------- /package-lock.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "mcp-security-audit", 3 | "version": "1.0.4", 4 | "lockfileVersion": 3, 5 | "requires": true, 6 | "packages": { 7 | "": { 8 | "name": "mcp-security-audit", 9 | "version": "1.0.4", 10 | "license": "MIT", 11 | "dependencies": { 12 | "@modelcontextprotocol/sdk": "^1.5.0", 13 | "chalk": "^5.4.1", 14 | "npm-audit-report": "^6.0.0", 15 | "npm-registry-fetch": "^18.0.2", 16 | "zod": "^3.24.2" 17 | }, 18 | "bin": { 19 | "mcp-security-audit": "build/index.js" 20 | }, 21 | "devDependencies": { 22 | "@types/node": "^22.13.4", 23 | "typescript": "^5.7.3" 24 | } 25 | }, 26 | "node_modules/@isaacs/cliui": { 27 | "version": "8.0.2", 28 | "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", 29 | "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", 30 | "license": "ISC", 31 | "dependencies": { 32 | "string-width": "^5.1.2", 33 | "string-width-cjs": "npm:string-width@^4.2.0", 34 | "strip-ansi": "^7.0.1", 35 | "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", 36 | "wrap-ansi": "^8.1.0", 37 | "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" 38 | }, 39 | "engines": { 40 | "node": ">=12" 41 | } 42 | }, 43 | "node_modules/@isaacs/fs-minipass": { 44 | "version": "4.0.1", 45 | "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz", 46 | "integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==", 47 | "license": "ISC", 48 | "dependencies": { 49 | "minipass": "^7.0.4" 50 | }, 51 | "engines": { 52 | "node": ">=18.0.0" 53 | } 54 | }, 55 | "node_modules/@modelcontextprotocol/sdk": { 56 | "version": "1.5.0", 57 | "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.5.0.tgz", 58 | "integrity": "sha512-IJ+5iVVs8FCumIHxWqpwgkwOzyhtHVKy45s6Ug7Dv0MfRpaYisH8QQ87rIWeWdOzlk8sfhitZ7HCyQZk7d6b8w==", 59 | "license": "MIT", 60 | "dependencies": { 61 | "content-type": "^1.0.5", 62 | "eventsource": "^3.0.2", 63 | "raw-body": "^3.0.0", 64 | "zod": "^3.23.8", 65 | "zod-to-json-schema": "^3.24.1" 66 | }, 67 | "engines": { 68 | "node": ">=18" 69 | } 70 | }, 71 | "node_modules/@npmcli/agent": { 72 | "version": "3.0.0", 73 | "resolved": "https://registry.npmjs.org/@npmcli/agent/-/agent-3.0.0.tgz", 74 | "integrity": "sha512-S79NdEgDQd/NGCay6TCoVzXSj74skRZIKJcpJjC5lOq34SZzyI6MqtiiWoiVWoVrTcGjNeC4ipbh1VIHlpfF5Q==", 75 | "license": "ISC", 76 | "dependencies": { 77 | "agent-base": "^7.1.0", 78 | "http-proxy-agent": "^7.0.0", 79 | "https-proxy-agent": "^7.0.1", 80 | "lru-cache": "^10.0.1", 81 | "socks-proxy-agent": "^8.0.3" 82 | }, 83 | "engines": { 84 | "node": "^18.17.0 || >=20.5.0" 85 | } 86 | }, 87 | "node_modules/@npmcli/fs": { 88 | "version": "4.0.0", 89 | "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-4.0.0.tgz", 90 | "integrity": "sha512-/xGlezI6xfGO9NwuJlnwz/K14qD1kCSAGtacBHnGzeAIuJGazcp45KP5NuyARXoKb7cwulAGWVsbeSxdG/cb0Q==", 91 | "license": "ISC", 92 | "dependencies": { 93 | "semver": "^7.3.5" 94 | }, 95 | "engines": { 96 | "node": "^18.17.0 || >=20.5.0" 97 | } 98 | }, 99 | "node_modules/@npmcli/redact": { 100 | "version": "3.1.1", 101 | "resolved": "https://registry.npmjs.org/@npmcli/redact/-/redact-3.1.1.tgz", 102 | "integrity": "sha512-3Hc2KGIkrvJWJqTbvueXzBeZlmvoOxc2jyX00yzr3+sNFquJg0N8hH4SAPLPVrkWIRQICVpVgjrss971awXVnA==", 103 | "license": "ISC", 104 | "engines": { 105 | "node": "^18.17.0 || >=20.5.0" 106 | } 107 | }, 108 | "node_modules/@pkgjs/parseargs": { 109 | "version": "0.11.0", 110 | "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", 111 | "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", 112 | "license": "MIT", 113 | "optional": true, 114 | "engines": { 115 | "node": ">=14" 116 | } 117 | }, 118 | "node_modules/@types/node": { 119 | "version": "22.13.4", 120 | "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.4.tgz", 121 | "integrity": "sha512-ywP2X0DYtX3y08eFVx5fNIw7/uIv8hYUKgXoK8oayJlLnKcRfEYCxWMVE1XagUdVtCJlZT1AU4LXEABW+L1Peg==", 122 | "dev": true, 123 | "license": "MIT", 124 | "dependencies": { 125 | "undici-types": "~6.20.0" 126 | } 127 | }, 128 | "node_modules/agent-base": { 129 | "version": "7.1.3", 130 | "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.3.tgz", 131 | "integrity": "sha512-jRR5wdylq8CkOe6hei19GGZnxM6rBGwFl3Bg0YItGDimvjGtAvdZk4Pu6Cl4u4Igsws4a1fd1Vq3ezrhn4KmFw==", 132 | "license": "MIT", 133 | "engines": { 134 | "node": ">= 14" 135 | } 136 | }, 137 | "node_modules/ansi-regex": { 138 | "version": "6.1.0", 139 | "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", 140 | "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==", 141 | "license": "MIT", 142 | "engines": { 143 | "node": ">=12" 144 | }, 145 | "funding": { 146 | "url": "https://github.com/chalk/ansi-regex?sponsor=1" 147 | } 148 | }, 149 | "node_modules/ansi-styles": { 150 | "version": "6.2.1", 151 | "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", 152 | "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", 153 | "license": "MIT", 154 | "engines": { 155 | "node": ">=12" 156 | }, 157 | "funding": { 158 | "url": "https://github.com/chalk/ansi-styles?sponsor=1" 159 | } 160 | }, 161 | "node_modules/balanced-match": { 162 | "version": "1.0.2", 163 | "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", 164 | "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", 165 | "license": "MIT" 166 | }, 167 | "node_modules/brace-expansion": { 168 | "version": "2.0.1", 169 | "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", 170 | "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", 171 | "license": "MIT", 172 | "dependencies": { 173 | "balanced-match": "^1.0.0" 174 | } 175 | }, 176 | "node_modules/bytes": { 177 | "version": "3.1.2", 178 | "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", 179 | "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", 180 | "license": "MIT", 181 | "engines": { 182 | "node": ">= 0.8" 183 | } 184 | }, 185 | "node_modules/cacache": { 186 | "version": "19.0.1", 187 | "resolved": "https://registry.npmjs.org/cacache/-/cacache-19.0.1.tgz", 188 | "integrity": "sha512-hdsUxulXCi5STId78vRVYEtDAjq99ICAUktLTeTYsLoTE6Z8dS0c8pWNCxwdrk9YfJeobDZc2Y186hD/5ZQgFQ==", 189 | "license": "ISC", 190 | "dependencies": { 191 | "@npmcli/fs": "^4.0.0", 192 | "fs-minipass": "^3.0.0", 193 | "glob": "^10.2.2", 194 | "lru-cache": "^10.0.1", 195 | "minipass": "^7.0.3", 196 | "minipass-collect": "^2.0.1", 197 | "minipass-flush": "^1.0.5", 198 | "minipass-pipeline": "^1.2.4", 199 | "p-map": "^7.0.2", 200 | "ssri": "^12.0.0", 201 | "tar": "^7.4.3", 202 | "unique-filename": "^4.0.0" 203 | }, 204 | "engines": { 205 | "node": "^18.17.0 || >=20.5.0" 206 | } 207 | }, 208 | "node_modules/chalk": { 209 | "version": "5.4.1", 210 | "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.4.1.tgz", 211 | "integrity": "sha512-zgVZuo2WcZgfUEmsn6eO3kINexW8RAE4maiQ8QNs8CtpPCSyMiYsULR3HQYkm3w8FIA3SberyMJMSldGsW+U3w==", 212 | "license": "MIT", 213 | "engines": { 214 | "node": "^12.17.0 || ^14.13 || >=16.0.0" 215 | }, 216 | "funding": { 217 | "url": "https://github.com/chalk/chalk?sponsor=1" 218 | } 219 | }, 220 | "node_modules/chownr": { 221 | "version": "3.0.0", 222 | "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz", 223 | "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==", 224 | "license": "BlueOak-1.0.0", 225 | "engines": { 226 | "node": ">=18" 227 | } 228 | }, 229 | "node_modules/color-convert": { 230 | "version": "2.0.1", 231 | "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", 232 | "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", 233 | "license": "MIT", 234 | "dependencies": { 235 | "color-name": "~1.1.4" 236 | }, 237 | "engines": { 238 | "node": ">=7.0.0" 239 | } 240 | }, 241 | "node_modules/color-name": { 242 | "version": "1.1.4", 243 | "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", 244 | "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", 245 | "license": "MIT" 246 | }, 247 | "node_modules/content-type": { 248 | "version": "1.0.5", 249 | "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", 250 | "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", 251 | "license": "MIT", 252 | "engines": { 253 | "node": ">= 0.6" 254 | } 255 | }, 256 | "node_modules/cross-spawn": { 257 | "version": "7.0.6", 258 | "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", 259 | "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", 260 | "license": "MIT", 261 | "dependencies": { 262 | "path-key": "^3.1.0", 263 | "shebang-command": "^2.0.0", 264 | "which": "^2.0.1" 265 | }, 266 | "engines": { 267 | "node": ">= 8" 268 | } 269 | }, 270 | "node_modules/debug": { 271 | "version": "4.4.0", 272 | "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.0.tgz", 273 | "integrity": "sha512-6WTZ/IxCY/T6BALoZHaE4ctp9xm+Z5kY/pzYaCHRFeyVhojxlrm+46y68HA6hr0TcwEssoxNiDEUJQjfPZ/RYA==", 274 | "license": "MIT", 275 | "dependencies": { 276 | "ms": "^2.1.3" 277 | }, 278 | "engines": { 279 | "node": ">=6.0" 280 | }, 281 | "peerDependenciesMeta": { 282 | "supports-color": { 283 | "optional": true 284 | } 285 | } 286 | }, 287 | "node_modules/depd": { 288 | "version": "2.0.0", 289 | "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", 290 | "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", 291 | "license": "MIT", 292 | "engines": { 293 | "node": ">= 0.8" 294 | } 295 | }, 296 | "node_modules/eastasianwidth": { 297 | "version": "0.2.0", 298 | "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", 299 | "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", 300 | "license": "MIT" 301 | }, 302 | "node_modules/emoji-regex": { 303 | "version": "9.2.2", 304 | "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", 305 | "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", 306 | "license": "MIT" 307 | }, 308 | "node_modules/encoding": { 309 | "version": "0.1.13", 310 | "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", 311 | "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", 312 | "license": "MIT", 313 | "optional": true, 314 | "dependencies": { 315 | "iconv-lite": "^0.6.2" 316 | } 317 | }, 318 | "node_modules/err-code": { 319 | "version": "2.0.3", 320 | "resolved": "https://registry.npmjs.org/err-code/-/err-code-2.0.3.tgz", 321 | "integrity": "sha512-2bmlRpNKBxT/CRmPOlyISQpNj+qSeYvcym/uT0Jx2bMOlKLtSy1ZmLuVxSEKKyor/N5yhvp/ZiG1oE3DEYMSFA==", 322 | "license": "MIT" 323 | }, 324 | "node_modules/eventsource": { 325 | "version": "3.0.5", 326 | "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-3.0.5.tgz", 327 | "integrity": "sha512-LT/5J605bx5SNyE+ITBDiM3FxffBiq9un7Vx0EwMDM3vg8sWKx/tO2zC+LMqZ+smAM0F2hblaDZUVZF0te2pSw==", 328 | "license": "MIT", 329 | "dependencies": { 330 | "eventsource-parser": "^3.0.0" 331 | }, 332 | "engines": { 333 | "node": ">=18.0.0" 334 | } 335 | }, 336 | "node_modules/eventsource-parser": { 337 | "version": "3.0.0", 338 | "resolved": "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.0.tgz", 339 | "integrity": "sha512-T1C0XCUimhxVQzW4zFipdx0SficT651NnkR0ZSH3yQwh+mFMdLfgjABVi4YtMTtaL4s168593DaoaRLMqryavA==", 340 | "license": "MIT", 341 | "engines": { 342 | "node": ">=18.0.0" 343 | } 344 | }, 345 | "node_modules/foreground-child": { 346 | "version": "3.3.0", 347 | "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.0.tgz", 348 | "integrity": "sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg==", 349 | "license": "ISC", 350 | "dependencies": { 351 | "cross-spawn": "^7.0.0", 352 | "signal-exit": "^4.0.1" 353 | }, 354 | "engines": { 355 | "node": ">=14" 356 | }, 357 | "funding": { 358 | "url": "https://github.com/sponsors/isaacs" 359 | } 360 | }, 361 | "node_modules/fs-minipass": { 362 | "version": "3.0.3", 363 | "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-3.0.3.tgz", 364 | "integrity": "sha512-XUBA9XClHbnJWSfBzjkm6RvPsyg3sryZt06BEQoXcF7EK/xpGaQYJgQKDJSUH5SGZ76Y7pFx1QBnXz09rU5Fbw==", 365 | "license": "ISC", 366 | "dependencies": { 367 | "minipass": "^7.0.3" 368 | }, 369 | "engines": { 370 | "node": "^14.17.0 || ^16.13.0 || >=18.0.0" 371 | } 372 | }, 373 | "node_modules/glob": { 374 | "version": "10.4.5", 375 | "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.5.tgz", 376 | "integrity": "sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==", 377 | "license": "ISC", 378 | "dependencies": { 379 | "foreground-child": "^3.1.0", 380 | "jackspeak": "^3.1.2", 381 | "minimatch": "^9.0.4", 382 | "minipass": "^7.1.2", 383 | "package-json-from-dist": "^1.0.0", 384 | "path-scurry": "^1.11.1" 385 | }, 386 | "bin": { 387 | "glob": "dist/esm/bin.mjs" 388 | }, 389 | "funding": { 390 | "url": "https://github.com/sponsors/isaacs" 391 | } 392 | }, 393 | "node_modules/hosted-git-info": { 394 | "version": "8.0.2", 395 | "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.0.2.tgz", 396 | "integrity": "sha512-sYKnA7eGln5ov8T8gnYlkSOxFJvywzEx9BueN6xo/GKO8PGiI6uK6xx+DIGe45T3bdVjLAQDQW1aicT8z8JwQg==", 397 | "license": "ISC", 398 | "dependencies": { 399 | "lru-cache": "^10.0.1" 400 | }, 401 | "engines": { 402 | "node": "^18.17.0 || >=20.5.0" 403 | } 404 | }, 405 | "node_modules/http-cache-semantics": { 406 | "version": "4.1.1", 407 | "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", 408 | "integrity": "sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==", 409 | "license": "BSD-2-Clause" 410 | }, 411 | "node_modules/http-errors": { 412 | "version": "2.0.0", 413 | "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", 414 | "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", 415 | "license": "MIT", 416 | "dependencies": { 417 | "depd": "2.0.0", 418 | "inherits": "2.0.4", 419 | "setprototypeof": "1.2.0", 420 | "statuses": "2.0.1", 421 | "toidentifier": "1.0.1" 422 | }, 423 | "engines": { 424 | "node": ">= 0.8" 425 | } 426 | }, 427 | "node_modules/http-proxy-agent": { 428 | "version": "7.0.2", 429 | "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", 430 | "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", 431 | "license": "MIT", 432 | "dependencies": { 433 | "agent-base": "^7.1.0", 434 | "debug": "^4.3.4" 435 | }, 436 | "engines": { 437 | "node": ">= 14" 438 | } 439 | }, 440 | "node_modules/https-proxy-agent": { 441 | "version": "7.0.6", 442 | "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz", 443 | "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==", 444 | "license": "MIT", 445 | "dependencies": { 446 | "agent-base": "^7.1.2", 447 | "debug": "4" 448 | }, 449 | "engines": { 450 | "node": ">= 14" 451 | } 452 | }, 453 | "node_modules/iconv-lite": { 454 | "version": "0.6.3", 455 | "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", 456 | "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", 457 | "license": "MIT", 458 | "dependencies": { 459 | "safer-buffer": ">= 2.1.2 < 3.0.0" 460 | }, 461 | "engines": { 462 | "node": ">=0.10.0" 463 | } 464 | }, 465 | "node_modules/imurmurhash": { 466 | "version": "0.1.4", 467 | "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", 468 | "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", 469 | "license": "MIT", 470 | "engines": { 471 | "node": ">=0.8.19" 472 | } 473 | }, 474 | "node_modules/inherits": { 475 | "version": "2.0.4", 476 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", 477 | "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", 478 | "license": "ISC" 479 | }, 480 | "node_modules/ip-address": { 481 | "version": "9.0.5", 482 | "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-9.0.5.tgz", 483 | "integrity": "sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g==", 484 | "license": "MIT", 485 | "dependencies": { 486 | "jsbn": "1.1.0", 487 | "sprintf-js": "^1.1.3" 488 | }, 489 | "engines": { 490 | "node": ">= 12" 491 | } 492 | }, 493 | "node_modules/is-fullwidth-code-point": { 494 | "version": "3.0.0", 495 | "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", 496 | "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", 497 | "license": "MIT", 498 | "engines": { 499 | "node": ">=8" 500 | } 501 | }, 502 | "node_modules/isexe": { 503 | "version": "2.0.0", 504 | "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", 505 | "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", 506 | "license": "ISC" 507 | }, 508 | "node_modules/jackspeak": { 509 | "version": "3.4.3", 510 | "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz", 511 | "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==", 512 | "license": "BlueOak-1.0.0", 513 | "dependencies": { 514 | "@isaacs/cliui": "^8.0.2" 515 | }, 516 | "funding": { 517 | "url": "https://github.com/sponsors/isaacs" 518 | }, 519 | "optionalDependencies": { 520 | "@pkgjs/parseargs": "^0.11.0" 521 | } 522 | }, 523 | "node_modules/jsbn": { 524 | "version": "1.1.0", 525 | "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz", 526 | "integrity": "sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==", 527 | "license": "MIT" 528 | }, 529 | "node_modules/jsonparse": { 530 | "version": "1.3.1", 531 | "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz", 532 | "integrity": "sha512-POQXvpdL69+CluYsillJ7SUhKvytYjW9vG/GKpnf+xP8UWgYEM/RaMzHHofbALDiKbbP1W8UEYmgGl39WkPZsg==", 533 | "engines": [ 534 | "node >= 0.2.0" 535 | ], 536 | "license": "MIT" 537 | }, 538 | "node_modules/lru-cache": { 539 | "version": "10.4.3", 540 | "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.4.3.tgz", 541 | "integrity": "sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==", 542 | "license": "ISC" 543 | }, 544 | "node_modules/make-fetch-happen": { 545 | "version": "14.0.3", 546 | "resolved": "https://registry.npmjs.org/make-fetch-happen/-/make-fetch-happen-14.0.3.tgz", 547 | "integrity": "sha512-QMjGbFTP0blj97EeidG5hk/QhKQ3T4ICckQGLgz38QF7Vgbk6e6FTARN8KhKxyBbWn8R0HU+bnw8aSoFPD4qtQ==", 548 | "license": "ISC", 549 | "dependencies": { 550 | "@npmcli/agent": "^3.0.0", 551 | "cacache": "^19.0.1", 552 | "http-cache-semantics": "^4.1.1", 553 | "minipass": "^7.0.2", 554 | "minipass-fetch": "^4.0.0", 555 | "minipass-flush": "^1.0.5", 556 | "minipass-pipeline": "^1.2.4", 557 | "negotiator": "^1.0.0", 558 | "proc-log": "^5.0.0", 559 | "promise-retry": "^2.0.1", 560 | "ssri": "^12.0.0" 561 | }, 562 | "engines": { 563 | "node": "^18.17.0 || >=20.5.0" 564 | } 565 | }, 566 | "node_modules/minimatch": { 567 | "version": "9.0.5", 568 | "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", 569 | "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", 570 | "license": "ISC", 571 | "dependencies": { 572 | "brace-expansion": "^2.0.1" 573 | }, 574 | "engines": { 575 | "node": ">=16 || 14 >=14.17" 576 | }, 577 | "funding": { 578 | "url": "https://github.com/sponsors/isaacs" 579 | } 580 | }, 581 | "node_modules/minipass": { 582 | "version": "7.1.2", 583 | "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", 584 | "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", 585 | "license": "ISC", 586 | "engines": { 587 | "node": ">=16 || 14 >=14.17" 588 | } 589 | }, 590 | "node_modules/minipass-collect": { 591 | "version": "2.0.1", 592 | "resolved": "https://registry.npmjs.org/minipass-collect/-/minipass-collect-2.0.1.tgz", 593 | "integrity": "sha512-D7V8PO9oaz7PWGLbCACuI1qEOsq7UKfLotx/C0Aet43fCUB/wfQ7DYeq2oR/svFJGYDHPr38SHATeaj/ZoKHKw==", 594 | "license": "ISC", 595 | "dependencies": { 596 | "minipass": "^7.0.3" 597 | }, 598 | "engines": { 599 | "node": ">=16 || 14 >=14.17" 600 | } 601 | }, 602 | "node_modules/minipass-fetch": { 603 | "version": "4.0.0", 604 | "resolved": "https://registry.npmjs.org/minipass-fetch/-/minipass-fetch-4.0.0.tgz", 605 | "integrity": "sha512-2v6aXUXwLP1Epd/gc32HAMIWoczx+fZwEPRHm/VwtrJzRGwR1qGZXEYV3Zp8ZjjbwaZhMrM6uHV4KVkk+XCc2w==", 606 | "license": "MIT", 607 | "dependencies": { 608 | "minipass": "^7.0.3", 609 | "minipass-sized": "^1.0.3", 610 | "minizlib": "^3.0.1" 611 | }, 612 | "engines": { 613 | "node": "^18.17.0 || >=20.5.0" 614 | }, 615 | "optionalDependencies": { 616 | "encoding": "^0.1.13" 617 | } 618 | }, 619 | "node_modules/minipass-flush": { 620 | "version": "1.0.5", 621 | "resolved": "https://registry.npmjs.org/minipass-flush/-/minipass-flush-1.0.5.tgz", 622 | "integrity": "sha512-JmQSYYpPUqX5Jyn1mXaRwOda1uQ8HP5KAT/oDSLCzt1BYRhQU0/hDtsB1ufZfEEzMZ9aAVmsBw8+FWsIXlClWw==", 623 | "license": "ISC", 624 | "dependencies": { 625 | "minipass": "^3.0.0" 626 | }, 627 | "engines": { 628 | "node": ">= 8" 629 | } 630 | }, 631 | "node_modules/minipass-flush/node_modules/minipass": { 632 | "version": "3.3.6", 633 | "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", 634 | "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", 635 | "license": "ISC", 636 | "dependencies": { 637 | "yallist": "^4.0.0" 638 | }, 639 | "engines": { 640 | "node": ">=8" 641 | } 642 | }, 643 | "node_modules/minipass-flush/node_modules/yallist": { 644 | "version": "4.0.0", 645 | "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", 646 | "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", 647 | "license": "ISC" 648 | }, 649 | "node_modules/minipass-pipeline": { 650 | "version": "1.2.4", 651 | "resolved": "https://registry.npmjs.org/minipass-pipeline/-/minipass-pipeline-1.2.4.tgz", 652 | "integrity": "sha512-xuIq7cIOt09RPRJ19gdi4b+RiNvDFYe5JH+ggNvBqGqpQXcru3PcRmOZuHBKWK1Txf9+cQ+HMVN4d6z46LZP7A==", 653 | "license": "ISC", 654 | "dependencies": { 655 | "minipass": "^3.0.0" 656 | }, 657 | "engines": { 658 | "node": ">=8" 659 | } 660 | }, 661 | "node_modules/minipass-pipeline/node_modules/minipass": { 662 | "version": "3.3.6", 663 | "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", 664 | "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", 665 | "license": "ISC", 666 | "dependencies": { 667 | "yallist": "^4.0.0" 668 | }, 669 | "engines": { 670 | "node": ">=8" 671 | } 672 | }, 673 | "node_modules/minipass-pipeline/node_modules/yallist": { 674 | "version": "4.0.0", 675 | "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", 676 | "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", 677 | "license": "ISC" 678 | }, 679 | "node_modules/minipass-sized": { 680 | "version": "1.0.3", 681 | "resolved": "https://registry.npmjs.org/minipass-sized/-/minipass-sized-1.0.3.tgz", 682 | "integrity": "sha512-MbkQQ2CTiBMlA2Dm/5cY+9SWFEN8pzzOXi6rlM5Xxq0Yqbda5ZQy9sU75a673FE9ZK0Zsbr6Y5iP6u9nktfg2g==", 683 | "license": "ISC", 684 | "dependencies": { 685 | "minipass": "^3.0.0" 686 | }, 687 | "engines": { 688 | "node": ">=8" 689 | } 690 | }, 691 | "node_modules/minipass-sized/node_modules/minipass": { 692 | "version": "3.3.6", 693 | "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", 694 | "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", 695 | "license": "ISC", 696 | "dependencies": { 697 | "yallist": "^4.0.0" 698 | }, 699 | "engines": { 700 | "node": ">=8" 701 | } 702 | }, 703 | "node_modules/minipass-sized/node_modules/yallist": { 704 | "version": "4.0.0", 705 | "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", 706 | "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", 707 | "license": "ISC" 708 | }, 709 | "node_modules/minizlib": { 710 | "version": "3.0.1", 711 | "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.0.1.tgz", 712 | "integrity": "sha512-umcy022ILvb5/3Djuu8LWeqUa8D68JaBzlttKeMWen48SjabqS3iY5w/vzeMzMUNhLDifyhbOwKDSznB1vvrwg==", 713 | "license": "MIT", 714 | "dependencies": { 715 | "minipass": "^7.0.4", 716 | "rimraf": "^5.0.5" 717 | }, 718 | "engines": { 719 | "node": ">= 18" 720 | } 721 | }, 722 | "node_modules/mkdirp": { 723 | "version": "3.0.1", 724 | "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz", 725 | "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==", 726 | "license": "MIT", 727 | "bin": { 728 | "mkdirp": "dist/cjs/src/bin.js" 729 | }, 730 | "engines": { 731 | "node": ">=10" 732 | }, 733 | "funding": { 734 | "url": "https://github.com/sponsors/isaacs" 735 | } 736 | }, 737 | "node_modules/ms": { 738 | "version": "2.1.3", 739 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", 740 | "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", 741 | "license": "MIT" 742 | }, 743 | "node_modules/negotiator": { 744 | "version": "1.0.0", 745 | "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", 746 | "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", 747 | "license": "MIT", 748 | "engines": { 749 | "node": ">= 0.6" 750 | } 751 | }, 752 | "node_modules/npm-audit-report": { 753 | "version": "6.0.0", 754 | "resolved": "https://registry.npmjs.org/npm-audit-report/-/npm-audit-report-6.0.0.tgz", 755 | "integrity": "sha512-Ag6Y1irw/+CdSLqEEAn69T8JBgBThj5mw0vuFIKeP7hATYuQuS5jkMjK6xmVB8pr7U4g5Audbun0lHhBDMIBRA==", 756 | "license": "ISC", 757 | "engines": { 758 | "node": "^18.17.0 || >=20.5.0" 759 | } 760 | }, 761 | "node_modules/npm-package-arg": { 762 | "version": "12.0.2", 763 | "resolved": "https://registry.npmjs.org/npm-package-arg/-/npm-package-arg-12.0.2.tgz", 764 | "integrity": "sha512-f1NpFjNI9O4VbKMOlA5QoBq/vSQPORHcTZ2feJpFkTHJ9eQkdlmZEKSjcAhxTGInC7RlEyScT9ui67NaOsjFWA==", 765 | "license": "ISC", 766 | "dependencies": { 767 | "hosted-git-info": "^8.0.0", 768 | "proc-log": "^5.0.0", 769 | "semver": "^7.3.5", 770 | "validate-npm-package-name": "^6.0.0" 771 | }, 772 | "engines": { 773 | "node": "^18.17.0 || >=20.5.0" 774 | } 775 | }, 776 | "node_modules/npm-registry-fetch": { 777 | "version": "18.0.2", 778 | "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-18.0.2.tgz", 779 | "integrity": "sha512-LeVMZBBVy+oQb5R6FDV9OlJCcWDU+al10oKpe+nsvcHnG24Z3uM3SvJYKfGJlfGjVU8v9liejCrUR/M5HO5NEQ==", 780 | "license": "ISC", 781 | "dependencies": { 782 | "@npmcli/redact": "^3.0.0", 783 | "jsonparse": "^1.3.1", 784 | "make-fetch-happen": "^14.0.0", 785 | "minipass": "^7.0.2", 786 | "minipass-fetch": "^4.0.0", 787 | "minizlib": "^3.0.1", 788 | "npm-package-arg": "^12.0.0", 789 | "proc-log": "^5.0.0" 790 | }, 791 | "engines": { 792 | "node": "^18.17.0 || >=20.5.0" 793 | } 794 | }, 795 | "node_modules/p-map": { 796 | "version": "7.0.3", 797 | "resolved": "https://registry.npmjs.org/p-map/-/p-map-7.0.3.tgz", 798 | "integrity": "sha512-VkndIv2fIB99swvQoA65bm+fsmt6UNdGeIB0oxBs+WhAhdh08QA04JXpI7rbB9r08/nkbysKoya9rtDERYOYMA==", 799 | "license": "MIT", 800 | "engines": { 801 | "node": ">=18" 802 | }, 803 | "funding": { 804 | "url": "https://github.com/sponsors/sindresorhus" 805 | } 806 | }, 807 | "node_modules/package-json-from-dist": { 808 | "version": "1.0.1", 809 | "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", 810 | "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", 811 | "license": "BlueOak-1.0.0" 812 | }, 813 | "node_modules/path-key": { 814 | "version": "3.1.1", 815 | "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", 816 | "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", 817 | "license": "MIT", 818 | "engines": { 819 | "node": ">=8" 820 | } 821 | }, 822 | "node_modules/path-scurry": { 823 | "version": "1.11.1", 824 | "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", 825 | "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", 826 | "license": "BlueOak-1.0.0", 827 | "dependencies": { 828 | "lru-cache": "^10.2.0", 829 | "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" 830 | }, 831 | "engines": { 832 | "node": ">=16 || 14 >=14.18" 833 | }, 834 | "funding": { 835 | "url": "https://github.com/sponsors/isaacs" 836 | } 837 | }, 838 | "node_modules/proc-log": { 839 | "version": "5.0.0", 840 | "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-5.0.0.tgz", 841 | "integrity": "sha512-Azwzvl90HaF0aCz1JrDdXQykFakSSNPaPoiZ9fm5qJIMHioDZEi7OAdRwSm6rSoPtY3Qutnm3L7ogmg3dc+wbQ==", 842 | "license": "ISC", 843 | "engines": { 844 | "node": "^18.17.0 || >=20.5.0" 845 | } 846 | }, 847 | "node_modules/promise-retry": { 848 | "version": "2.0.1", 849 | "resolved": "https://registry.npmjs.org/promise-retry/-/promise-retry-2.0.1.tgz", 850 | "integrity": "sha512-y+WKFlBR8BGXnsNlIHFGPZmyDf3DFMoLhaflAnyZgV6rG6xu+JwesTo2Q9R6XwYmtmwAFCkAk3e35jEdoeh/3g==", 851 | "license": "MIT", 852 | "dependencies": { 853 | "err-code": "^2.0.2", 854 | "retry": "^0.12.0" 855 | }, 856 | "engines": { 857 | "node": ">=10" 858 | } 859 | }, 860 | "node_modules/raw-body": { 861 | "version": "3.0.0", 862 | "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.0.tgz", 863 | "integrity": "sha512-RmkhL8CAyCRPXCE28MMH0z2PNWQBNk2Q09ZdxM9IOOXwxwZbN+qbWaatPkdkWIKL2ZVDImrN/pK5HTRz2PcS4g==", 864 | "license": "MIT", 865 | "dependencies": { 866 | "bytes": "3.1.2", 867 | "http-errors": "2.0.0", 868 | "iconv-lite": "0.6.3", 869 | "unpipe": "1.0.0" 870 | }, 871 | "engines": { 872 | "node": ">= 0.8" 873 | } 874 | }, 875 | "node_modules/retry": { 876 | "version": "0.12.0", 877 | "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz", 878 | "integrity": "sha512-9LkiTwjUh6rT555DtE9rTX+BKByPfrMzEAtnlEtdEwr3Nkffwiihqe2bWADg+OQRjt9gl6ICdmB/ZFDCGAtSow==", 879 | "license": "MIT", 880 | "engines": { 881 | "node": ">= 4" 882 | } 883 | }, 884 | "node_modules/rimraf": { 885 | "version": "5.0.10", 886 | "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-5.0.10.tgz", 887 | "integrity": "sha512-l0OE8wL34P4nJH/H2ffoaniAokM2qSmrtXHmlpvYr5AVVX8msAyW0l8NVJFDxlSK4u3Uh/f41cQheDVdnYijwQ==", 888 | "license": "ISC", 889 | "dependencies": { 890 | "glob": "^10.3.7" 891 | }, 892 | "bin": { 893 | "rimraf": "dist/esm/bin.mjs" 894 | }, 895 | "funding": { 896 | "url": "https://github.com/sponsors/isaacs" 897 | } 898 | }, 899 | "node_modules/safer-buffer": { 900 | "version": "2.1.2", 901 | "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", 902 | "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", 903 | "license": "MIT" 904 | }, 905 | "node_modules/semver": { 906 | "version": "7.7.1", 907 | "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz", 908 | "integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==", 909 | "license": "ISC", 910 | "bin": { 911 | "semver": "bin/semver.js" 912 | }, 913 | "engines": { 914 | "node": ">=10" 915 | } 916 | }, 917 | "node_modules/setprototypeof": { 918 | "version": "1.2.0", 919 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", 920 | "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", 921 | "license": "ISC" 922 | }, 923 | "node_modules/shebang-command": { 924 | "version": "2.0.0", 925 | "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", 926 | "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", 927 | "license": "MIT", 928 | "dependencies": { 929 | "shebang-regex": "^3.0.0" 930 | }, 931 | "engines": { 932 | "node": ">=8" 933 | } 934 | }, 935 | "node_modules/shebang-regex": { 936 | "version": "3.0.0", 937 | "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", 938 | "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", 939 | "license": "MIT", 940 | "engines": { 941 | "node": ">=8" 942 | } 943 | }, 944 | "node_modules/signal-exit": { 945 | "version": "4.1.0", 946 | "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", 947 | "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", 948 | "license": "ISC", 949 | "engines": { 950 | "node": ">=14" 951 | }, 952 | "funding": { 953 | "url": "https://github.com/sponsors/isaacs" 954 | } 955 | }, 956 | "node_modules/smart-buffer": { 957 | "version": "4.2.0", 958 | "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz", 959 | "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==", 960 | "license": "MIT", 961 | "engines": { 962 | "node": ">= 6.0.0", 963 | "npm": ">= 3.0.0" 964 | } 965 | }, 966 | "node_modules/socks": { 967 | "version": "2.8.4", 968 | "resolved": "https://registry.npmjs.org/socks/-/socks-2.8.4.tgz", 969 | "integrity": "sha512-D3YaD0aRxR3mEcqnidIs7ReYJFVzWdd6fXJYUM8ixcQcJRGTka/b3saV0KflYhyVJXKhb947GndU35SxYNResQ==", 970 | "license": "MIT", 971 | "dependencies": { 972 | "ip-address": "^9.0.5", 973 | "smart-buffer": "^4.2.0" 974 | }, 975 | "engines": { 976 | "node": ">= 10.0.0", 977 | "npm": ">= 3.0.0" 978 | } 979 | }, 980 | "node_modules/socks-proxy-agent": { 981 | "version": "8.0.5", 982 | "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.5.tgz", 983 | "integrity": "sha512-HehCEsotFqbPW9sJ8WVYB6UbmIMv7kUUORIF2Nncq4VQvBfNBLibW9YZR5dlYCSUhwcD628pRllm7n+E+YTzJw==", 984 | "license": "MIT", 985 | "dependencies": { 986 | "agent-base": "^7.1.2", 987 | "debug": "^4.3.4", 988 | "socks": "^2.8.3" 989 | }, 990 | "engines": { 991 | "node": ">= 14" 992 | } 993 | }, 994 | "node_modules/sprintf-js": { 995 | "version": "1.1.3", 996 | "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.1.3.tgz", 997 | "integrity": "sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==", 998 | "license": "BSD-3-Clause" 999 | }, 1000 | "node_modules/ssri": { 1001 | "version": "12.0.0", 1002 | "resolved": "https://registry.npmjs.org/ssri/-/ssri-12.0.0.tgz", 1003 | "integrity": "sha512-S7iGNosepx9RadX82oimUkvr0Ct7IjJbEbs4mJcTxst8um95J3sDYU1RBEOvdu6oL1Wek2ODI5i4MAw+dZ6cAQ==", 1004 | "license": "ISC", 1005 | "dependencies": { 1006 | "minipass": "^7.0.3" 1007 | }, 1008 | "engines": { 1009 | "node": "^18.17.0 || >=20.5.0" 1010 | } 1011 | }, 1012 | "node_modules/statuses": { 1013 | "version": "2.0.1", 1014 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", 1015 | "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", 1016 | "license": "MIT", 1017 | "engines": { 1018 | "node": ">= 0.8" 1019 | } 1020 | }, 1021 | "node_modules/string-width": { 1022 | "version": "5.1.2", 1023 | "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", 1024 | "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", 1025 | "license": "MIT", 1026 | "dependencies": { 1027 | "eastasianwidth": "^0.2.0", 1028 | "emoji-regex": "^9.2.2", 1029 | "strip-ansi": "^7.0.1" 1030 | }, 1031 | "engines": { 1032 | "node": ">=12" 1033 | }, 1034 | "funding": { 1035 | "url": "https://github.com/sponsors/sindresorhus" 1036 | } 1037 | }, 1038 | "node_modules/string-width-cjs": { 1039 | "name": "string-width", 1040 | "version": "4.2.3", 1041 | "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", 1042 | "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", 1043 | "license": "MIT", 1044 | "dependencies": { 1045 | "emoji-regex": "^8.0.0", 1046 | "is-fullwidth-code-point": "^3.0.0", 1047 | "strip-ansi": "^6.0.1" 1048 | }, 1049 | "engines": { 1050 | "node": ">=8" 1051 | } 1052 | }, 1053 | "node_modules/string-width-cjs/node_modules/ansi-regex": { 1054 | "version": "5.0.1", 1055 | "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", 1056 | "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", 1057 | "license": "MIT", 1058 | "engines": { 1059 | "node": ">=8" 1060 | } 1061 | }, 1062 | "node_modules/string-width-cjs/node_modules/emoji-regex": { 1063 | "version": "8.0.0", 1064 | "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", 1065 | "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", 1066 | "license": "MIT" 1067 | }, 1068 | "node_modules/string-width-cjs/node_modules/strip-ansi": { 1069 | "version": "6.0.1", 1070 | "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", 1071 | "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", 1072 | "license": "MIT", 1073 | "dependencies": { 1074 | "ansi-regex": "^5.0.1" 1075 | }, 1076 | "engines": { 1077 | "node": ">=8" 1078 | } 1079 | }, 1080 | "node_modules/strip-ansi": { 1081 | "version": "7.1.0", 1082 | "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", 1083 | "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", 1084 | "license": "MIT", 1085 | "dependencies": { 1086 | "ansi-regex": "^6.0.1" 1087 | }, 1088 | "engines": { 1089 | "node": ">=12" 1090 | }, 1091 | "funding": { 1092 | "url": "https://github.com/chalk/strip-ansi?sponsor=1" 1093 | } 1094 | }, 1095 | "node_modules/strip-ansi-cjs": { 1096 | "name": "strip-ansi", 1097 | "version": "6.0.1", 1098 | "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", 1099 | "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", 1100 | "license": "MIT", 1101 | "dependencies": { 1102 | "ansi-regex": "^5.0.1" 1103 | }, 1104 | "engines": { 1105 | "node": ">=8" 1106 | } 1107 | }, 1108 | "node_modules/strip-ansi-cjs/node_modules/ansi-regex": { 1109 | "version": "5.0.1", 1110 | "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", 1111 | "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", 1112 | "license": "MIT", 1113 | "engines": { 1114 | "node": ">=8" 1115 | } 1116 | }, 1117 | "node_modules/tar": { 1118 | "version": "7.4.3", 1119 | "resolved": "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz", 1120 | "integrity": "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==", 1121 | "license": "ISC", 1122 | "dependencies": { 1123 | "@isaacs/fs-minipass": "^4.0.0", 1124 | "chownr": "^3.0.0", 1125 | "minipass": "^7.1.2", 1126 | "minizlib": "^3.0.1", 1127 | "mkdirp": "^3.0.1", 1128 | "yallist": "^5.0.0" 1129 | }, 1130 | "engines": { 1131 | "node": ">=18" 1132 | } 1133 | }, 1134 | "node_modules/toidentifier": { 1135 | "version": "1.0.1", 1136 | "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", 1137 | "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", 1138 | "license": "MIT", 1139 | "engines": { 1140 | "node": ">=0.6" 1141 | } 1142 | }, 1143 | "node_modules/typescript": { 1144 | "version": "5.7.3", 1145 | "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.3.tgz", 1146 | "integrity": "sha512-84MVSjMEHP+FQRPy3pX9sTVV/INIex71s9TL2Gm5FG/WG1SqXeKyZ0k7/blY/4FdOzI12CBy1vGc4og/eus0fw==", 1147 | "dev": true, 1148 | "license": "Apache-2.0", 1149 | "bin": { 1150 | "tsc": "bin/tsc", 1151 | "tsserver": "bin/tsserver" 1152 | }, 1153 | "engines": { 1154 | "node": ">=14.17" 1155 | } 1156 | }, 1157 | "node_modules/undici-types": { 1158 | "version": "6.20.0", 1159 | "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz", 1160 | "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==", 1161 | "dev": true, 1162 | "license": "MIT" 1163 | }, 1164 | "node_modules/unique-filename": { 1165 | "version": "4.0.0", 1166 | "resolved": "https://registry.npmjs.org/unique-filename/-/unique-filename-4.0.0.tgz", 1167 | "integrity": "sha512-XSnEewXmQ+veP7xX2dS5Q4yZAvO40cBN2MWkJ7D/6sW4Dg6wYBNwM1Vrnz1FhH5AdeLIlUXRI9e28z1YZi71NQ==", 1168 | "license": "ISC", 1169 | "dependencies": { 1170 | "unique-slug": "^5.0.0" 1171 | }, 1172 | "engines": { 1173 | "node": "^18.17.0 || >=20.5.0" 1174 | } 1175 | }, 1176 | "node_modules/unique-slug": { 1177 | "version": "5.0.0", 1178 | "resolved": "https://registry.npmjs.org/unique-slug/-/unique-slug-5.0.0.tgz", 1179 | "integrity": "sha512-9OdaqO5kwqR+1kVgHAhsp5vPNU0hnxRa26rBFNfNgM7M6pNtgzeBn3s/xbyCQL3dcjzOatcef6UUHpB/6MaETg==", 1180 | "license": "ISC", 1181 | "dependencies": { 1182 | "imurmurhash": "^0.1.4" 1183 | }, 1184 | "engines": { 1185 | "node": "^18.17.0 || >=20.5.0" 1186 | } 1187 | }, 1188 | "node_modules/unpipe": { 1189 | "version": "1.0.0", 1190 | "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", 1191 | "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", 1192 | "license": "MIT", 1193 | "engines": { 1194 | "node": ">= 0.8" 1195 | } 1196 | }, 1197 | "node_modules/validate-npm-package-name": { 1198 | "version": "6.0.0", 1199 | "resolved": "https://registry.npmjs.org/validate-npm-package-name/-/validate-npm-package-name-6.0.0.tgz", 1200 | "integrity": "sha512-d7KLgL1LD3U3fgnvWEY1cQXoO/q6EQ1BSz48Sa149V/5zVTAbgmZIpyI8TRi6U9/JNyeYLlTKsEMPtLC27RFUg==", 1201 | "license": "ISC", 1202 | "engines": { 1203 | "node": "^18.17.0 || >=20.5.0" 1204 | } 1205 | }, 1206 | "node_modules/which": { 1207 | "version": "2.0.2", 1208 | "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", 1209 | "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", 1210 | "license": "ISC", 1211 | "dependencies": { 1212 | "isexe": "^2.0.0" 1213 | }, 1214 | "bin": { 1215 | "node-which": "bin/node-which" 1216 | }, 1217 | "engines": { 1218 | "node": ">= 8" 1219 | } 1220 | }, 1221 | "node_modules/wrap-ansi": { 1222 | "version": "8.1.0", 1223 | "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", 1224 | "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", 1225 | "license": "MIT", 1226 | "dependencies": { 1227 | "ansi-styles": "^6.1.0", 1228 | "string-width": "^5.0.1", 1229 | "strip-ansi": "^7.0.1" 1230 | }, 1231 | "engines": { 1232 | "node": ">=12" 1233 | }, 1234 | "funding": { 1235 | "url": "https://github.com/chalk/wrap-ansi?sponsor=1" 1236 | } 1237 | }, 1238 | "node_modules/wrap-ansi-cjs": { 1239 | "name": "wrap-ansi", 1240 | "version": "7.0.0", 1241 | "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", 1242 | "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", 1243 | "license": "MIT", 1244 | "dependencies": { 1245 | "ansi-styles": "^4.0.0", 1246 | "string-width": "^4.1.0", 1247 | "strip-ansi": "^6.0.0" 1248 | }, 1249 | "engines": { 1250 | "node": ">=10" 1251 | }, 1252 | "funding": { 1253 | "url": "https://github.com/chalk/wrap-ansi?sponsor=1" 1254 | } 1255 | }, 1256 | "node_modules/wrap-ansi-cjs/node_modules/ansi-regex": { 1257 | "version": "5.0.1", 1258 | "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", 1259 | "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", 1260 | "license": "MIT", 1261 | "engines": { 1262 | "node": ">=8" 1263 | } 1264 | }, 1265 | "node_modules/wrap-ansi-cjs/node_modules/ansi-styles": { 1266 | "version": "4.3.0", 1267 | "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", 1268 | "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", 1269 | "license": "MIT", 1270 | "dependencies": { 1271 | "color-convert": "^2.0.1" 1272 | }, 1273 | "engines": { 1274 | "node": ">=8" 1275 | }, 1276 | "funding": { 1277 | "url": "https://github.com/chalk/ansi-styles?sponsor=1" 1278 | } 1279 | }, 1280 | "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { 1281 | "version": "8.0.0", 1282 | "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", 1283 | "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", 1284 | "license": "MIT" 1285 | }, 1286 | "node_modules/wrap-ansi-cjs/node_modules/string-width": { 1287 | "version": "4.2.3", 1288 | "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", 1289 | "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", 1290 | "license": "MIT", 1291 | "dependencies": { 1292 | "emoji-regex": "^8.0.0", 1293 | "is-fullwidth-code-point": "^3.0.0", 1294 | "strip-ansi": "^6.0.1" 1295 | }, 1296 | "engines": { 1297 | "node": ">=8" 1298 | } 1299 | }, 1300 | "node_modules/wrap-ansi-cjs/node_modules/strip-ansi": { 1301 | "version": "6.0.1", 1302 | "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", 1303 | "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", 1304 | "license": "MIT", 1305 | "dependencies": { 1306 | "ansi-regex": "^5.0.1" 1307 | }, 1308 | "engines": { 1309 | "node": ">=8" 1310 | } 1311 | }, 1312 | "node_modules/yallist": { 1313 | "version": "5.0.0", 1314 | "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz", 1315 | "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==", 1316 | "license": "BlueOak-1.0.0", 1317 | "engines": { 1318 | "node": ">=18" 1319 | } 1320 | }, 1321 | "node_modules/zod": { 1322 | "version": "3.24.2", 1323 | "resolved": "https://registry.npmjs.org/zod/-/zod-3.24.2.tgz", 1324 | "integrity": "sha512-lY7CDW43ECgW9u1TcT3IoXHflywfVqDYze4waEz812jR/bZ8FHDsl7pFQoSZTz5N+2NqRXs8GBwnAwo3ZNxqhQ==", 1325 | "license": "MIT", 1326 | "funding": { 1327 | "url": "https://github.com/sponsors/colinhacks" 1328 | } 1329 | }, 1330 | "node_modules/zod-to-json-schema": { 1331 | "version": "3.24.1", 1332 | "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.1.tgz", 1333 | "integrity": "sha512-3h08nf3Vw3Wl3PK+q3ow/lIil81IT2Oa7YpQyUUDsEWbXveMesdfK1xBd2RhCkynwZndAxixji/7SYJJowr62w==", 1334 | "license": "ISC", 1335 | "peerDependencies": { 1336 | "zod": "^3.24.1" 1337 | } 1338 | } 1339 | } 1340 | } 1341 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "mcp-security-audit", 3 | "version": "1.0.4", 4 | "description": "Audit your package.json dependencies", 5 | "author": { 6 | "name": "esx", 7 | "email": "qianniuspace@gmail.com", 8 | "url": "https://cloudesx.com/" 9 | }, 10 | "license": "MIT", 11 | "keywords": [ 12 | "mcp", 13 | "modelcontextprotocol", 14 | "package", 15 | "audit", 16 | "dependencies", 17 | "package.json" 18 | ], 19 | "bugs": { 20 | "url": "https://github.com/qianniuspace/mcp-security-audit/issues" 21 | }, 22 | "homepage": "https://github.com/qianniuspace/mcp-security-audit#readme", 23 | "repository": { 24 | "type": "git", 25 | "url": "git+https://github.com/qianniuspace/mcp-security-audit.git" 26 | }, 27 | "type": "module", 28 | "bin": { 29 | "mcp-security-audit": "./build/index.js" 30 | }, 31 | "files": [ 32 | "build" 33 | ], 34 | "main": "index.js", 35 | "scripts": { 36 | "build": "tsc && node -e \"require('fs').chmodSync('build/index.js', '755')\"", 37 | "prepare": "npm run build", 38 | "watch": "tsc --watch", 39 | "inspector": "npx @modelcontextprotocol/inspector build/index.js", 40 | "bump": "npx -y standard-version --skip.tag && git add . ; git commit -m 'chore: bump version' ; git push" 41 | }, 42 | "dependencies": { 43 | "@modelcontextprotocol/sdk": "^1.5.0", 44 | "chalk": "^5.4.1", 45 | "npm-audit-report": "^6.0.0", 46 | "npm-registry-fetch": "^18.0.2", 47 | "zod": "^3.24.2" 48 | }, 49 | "devDependencies": { 50 | "@types/node": "^22.13.4", 51 | "typescript": "^5.7.3" 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /public/Severity-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "actions": [ 3 | { 4 | "isMajor": false, 5 | "action": "install", 6 | "resolves": [ 7 | { 8 | "id": 1085674, 9 | "path": "lodash", 10 | "dev": false, 11 | "optional": false, 12 | "bundled": false 13 | }, 14 | { 15 | "id": 1094499, 16 | "path": "lodash", 17 | "dev": false, 18 | "optional": false, 19 | "bundled": false 20 | }, 21 | { 22 | "id": 1094500, 23 | "path": "lodash", 24 | "dev": false, 25 | "optional": false, 26 | "bundled": false 27 | }, 28 | { 29 | "id": 1096305, 30 | "path": "lodash", 31 | "dev": false, 32 | "optional": false, 33 | "bundled": false 34 | }, 35 | { 36 | "id": 1096996, 37 | "path": "lodash", 38 | "dev": false, 39 | "optional": false, 40 | "bundled": false 41 | }, 42 | { 43 | "id": 1097130, 44 | "path": "lodash", 45 | "dev": false, 46 | "optional": false, 47 | "bundled": false 48 | }, 49 | { 50 | "id": 1097140, 51 | "path": "lodash", 52 | "dev": false, 53 | "optional": false, 54 | "bundled": false 55 | } 56 | ], 57 | "module": "lodash", 58 | "target": "4.17.21" 59 | } 60 | ], 61 | "advisories": { 62 | "1085674": { 63 | "findings": [ 64 | { 65 | "version": "4.17.1", 66 | "paths": [ 67 | "lodash" 68 | ] 69 | } 70 | ], 71 | "found_by": null, 72 | "deleted": null, 73 | "references": "- https://nvd.nist.gov/vuln/detail/CVE-2019-1010266\n- https://github.com/lodash/lodash/issues/3359\n- https://snyk.io/vuln/SNYK-JS-LODASH-73639\n- https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347\n- https://github.com/lodash/lodash/wiki/Changelog\n- https://security.netapp.com/advisory/ntap-20190919-0004/\n- https://github.com/advisories/GHSA-x5rq-j2xg-h7qm", 74 | "created": "2019-07-19T16:13:07.000Z", 75 | "id": 1085674, 76 | "npm_advisory_id": null, 77 | "overview": "lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.", 78 | "reported_by": null, 79 | "title": "Regular Expression Denial of Service (ReDoS) in lodash", 80 | "metadata": null, 81 | "cves": [ 82 | "CVE-2019-1010266" 83 | ], 84 | "access": "public", 85 | "severity": "moderate", 86 | "module_name": "lodash", 87 | "vulnerable_versions": "<4.17.11", 88 | "github_advisory_id": "GHSA-x5rq-j2xg-h7qm", 89 | "recommendation": "Upgrade to version 4.17.11 or later", 90 | "patched_versions": ">=4.17.11", 91 | "updated": "2023-01-09T05:01:38.000Z", 92 | "cvss": { 93 | "score": 0, 94 | "vectorString": null 95 | }, 96 | "cwe": [ 97 | "CWE-400" 98 | ], 99 | "url": "https://github.com/advisories/GHSA-x5rq-j2xg-h7qm" 100 | }, 101 | "1094499": { 102 | "findings": [ 103 | { 104 | "version": "4.17.1", 105 | "paths": [ 106 | "lodash" 107 | ] 108 | } 109 | ], 110 | "found_by": null, 111 | "deleted": null, 112 | "references": "- https://nvd.nist.gov/vuln/detail/CVE-2018-16487\n- https://hackerone.com/reports/380873\n- https://github.com/advisories/GHSA-4xc9-xhrj-v574\n- https://www.npmjs.com/advisories/782\n- https://security.netapp.com/advisory/ntap-20190919-0004/\n- https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad", 113 | "created": "2019-02-07T18:16:48.000Z", 114 | "id": 1094499, 115 | "npm_advisory_id": null, 116 | "overview": "Versions of `lodash` before 4.17.11 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpdate to version 4.17.11 or later.", 117 | "reported_by": null, 118 | "title": "Prototype Pollution in lodash", 119 | "metadata": null, 120 | "cves": [ 121 | "CVE-2018-16487" 122 | ], 123 | "access": "public", 124 | "severity": "high", 125 | "module_name": "lodash", 126 | "vulnerable_versions": "<4.17.11", 127 | "github_advisory_id": "GHSA-4xc9-xhrj-v574", 128 | "recommendation": "Upgrade to version 4.17.11 or later", 129 | "patched_versions": ">=4.17.11", 130 | "updated": "2023-11-01T23:00:56.000Z", 131 | "cvss": { 132 | "score": 0, 133 | "vectorString": null 134 | }, 135 | "cwe": [ 136 | "CWE-400" 137 | ], 138 | "url": "https://github.com/advisories/GHSA-4xc9-xhrj-v574" 139 | }, 140 | "1094500": { 141 | "findings": [ 142 | { 143 | "version": "4.17.1", 144 | "paths": [ 145 | "lodash" 146 | ] 147 | } 148 | ], 149 | "found_by": null, 150 | "deleted": null, 151 | "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-28500\n- https://github.com/lodash/lodash/pull/5065\n- https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7\n- https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8\n- https://security.netapp.com/advisory/ntap-20210312-0006/\n- https://snyk.io/vuln/SNYK-JS-LODASH-1018905\n- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893\n- https://www.oracle.com//security-alerts/cpujul2021.html\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://www.oracle.com/security-alerts/cpujul2022.html\n- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf\n- https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a\n- https://github.com/advisories/GHSA-29mw-wpgm-hmr9", 152 | "created": "2022-01-06T20:30:46.000Z", 153 | "id": 1094500, 154 | "npm_advisory_id": null, 155 | "overview": "All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions. \n\nSteps to reproduce (provided by reporter Liyuan Chen):\n```js\nvar lo = require('lodash');\n\nfunction build_blank(n) {\n var ret = \"1\"\n for (var i = 0; i < n; i++) {\n ret += \" \"\n }\n return ret + \"1\";\n}\nvar s = build_blank(50000) var time0 = Date.now();\nlo.trim(s) \nvar time_cost0 = Date.now() - time0;\nconsole.log(\"time_cost0: \" + time_cost0);\nvar time1 = Date.now();\nlo.toNumber(s) var time_cost1 = Date.now() - time1;\nconsole.log(\"time_cost1: \" + time_cost1);\nvar time2 = Date.now();\nlo.trimEnd(s);\nvar time_cost2 = Date.now() - time2;\nconsole.log(\"time_cost2: \" + time_cost2);\n```", 156 | "reported_by": null, 157 | "title": "Regular Expression Denial of Service (ReDoS) in lodash", 158 | "metadata": null, 159 | "cves": [ 160 | "CVE-2020-28500" 161 | ], 162 | "access": "public", 163 | "severity": "moderate", 164 | "module_name": "lodash", 165 | "vulnerable_versions": "<4.17.21", 166 | "github_advisory_id": "GHSA-29mw-wpgm-hmr9", 167 | "recommendation": "Upgrade to version 4.17.21 or later", 168 | "patched_versions": ">=4.17.21", 169 | "updated": "2023-11-01T23:21:12.000Z", 170 | "cvss": { 171 | "score": 5.3, 172 | "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" 173 | }, 174 | "cwe": [ 175 | "CWE-400", 176 | "CWE-1333" 177 | ], 178 | "url": "https://github.com/advisories/GHSA-29mw-wpgm-hmr9" 179 | }, 180 | "1096305": { 181 | "findings": [ 182 | { 183 | "version": "4.17.1", 184 | "paths": [ 185 | "lodash" 186 | ] 187 | } 188 | ], 189 | "found_by": null, 190 | "deleted": null, 191 | "references": "- https://github.com/lodash/lodash/issues/4744\n- https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12\n- https://nvd.nist.gov/vuln/detail/CVE-2020-8203\n- https://hackerone.com/reports/712065\n- https://github.com/lodash/lodash/issues/4874\n- https://github.com/github/advisory-database/pull/2884\n- https://hackerone.com/reports/864701\n- https://github.com/lodash/lodash/wiki/Changelog#v41719\n- https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744\n- https://security.netapp.com/advisory/ntap-20200724-0006/\n- https://github.com/advisories/GHSA-p6mc-m468-83gw", 192 | "created": "2020-07-15T19:15:48.000Z", 193 | "id": 1096305, 194 | "npm_advisory_id": null, 195 | "overview": "Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions `pick`, `set`, `setWith`, `update`, `updateWith`, and `zipObjectDeep` allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.\n\nThis vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.", 196 | "reported_by": null, 197 | "title": "Prototype Pollution in lodash", 198 | "metadata": null, 199 | "cves": [ 200 | "CVE-2020-8203" 201 | ], 202 | "access": "public", 203 | "severity": "high", 204 | "module_name": "lodash", 205 | "vulnerable_versions": ">=3.7.0 <4.17.19", 206 | "github_advisory_id": "GHSA-p6mc-m468-83gw", 207 | "recommendation": "Upgrade to version 4.17.19 or later", 208 | "patched_versions": ">=4.17.19", 209 | "updated": "2024-01-26T15:32:50.000Z", 210 | "cvss": { 211 | "score": 7.4, 212 | "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" 213 | }, 214 | "cwe": [ 215 | "CWE-770", 216 | "CWE-1321" 217 | ], 218 | "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw" 219 | }, 220 | "1096996": { 221 | "findings": [ 222 | { 223 | "version": "4.17.1", 224 | "paths": [ 225 | "lodash" 226 | ] 227 | } 228 | ], 229 | "found_by": null, 230 | "deleted": null, 231 | "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-23337\n- https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c\n- https://snyk.io/vuln/SNYK-JS-LODASH-1040724\n- https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851\n- https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851\n- https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929\n- https://www.oracle.com//security-alerts/cpujul2021.html\n- https://www.oracle.com/security-alerts/cpuoct2021.html\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://www.oracle.com/security-alerts/cpujul2022.html\n- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf\n- https://security.netapp.com/advisory/ntap-20210312-0006\n- https://github.com/advisories/GHSA-35jh-r3h4-6jhm", 232 | "created": "2021-05-06T16:05:51.000Z", 233 | "id": 1096996, 234 | "npm_advisory_id": null, 235 | "overview": "`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.", 236 | "reported_by": null, 237 | "title": "Command Injection in lodash", 238 | "metadata": null, 239 | "cves": [ 240 | "CVE-2021-23337" 241 | ], 242 | "access": "public", 243 | "severity": "high", 244 | "module_name": "lodash", 245 | "vulnerable_versions": "<4.17.21", 246 | "github_advisory_id": "GHSA-35jh-r3h4-6jhm", 247 | "recommendation": "Upgrade to version 4.17.21 or later", 248 | "patched_versions": ">=4.17.21", 249 | "updated": "2024-04-17T18:39:19.000Z", 250 | "cvss": { 251 | "score": 7.2, 252 | "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" 253 | }, 254 | "cwe": [ 255 | "CWE-77", 256 | "CWE-94" 257 | ], 258 | "url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm" 259 | }, 260 | "1097130": { 261 | "findings": [ 262 | { 263 | "version": "4.17.1", 264 | "paths": [ 265 | "lodash" 266 | ] 267 | } 268 | ], 269 | "found_by": null, 270 | "deleted": null, 271 | "references": "- https://nvd.nist.gov/vuln/detail/CVE-2018-3721\n- https://hackerone.com/reports/310443\n- https://github.com/advisories/GHSA-fvqr-27wr-82fm\n- https://www.npmjs.com/advisories/577\n- https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a\n- https://security.netapp.com/advisory/ntap-20190919-0004", 272 | "created": "2018-07-26T15:14:52.000Z", 273 | "id": 1097130, 274 | "npm_advisory_id": null, 275 | "overview": "Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.\n\n\n\n\n## Recommendation\n\nUpdate to version 4.17.5 or later.", 276 | "reported_by": null, 277 | "title": "Prototype Pollution in lodash", 278 | "metadata": null, 279 | "cves": [ 280 | "CVE-2018-3721" 281 | ], 282 | "access": "public", 283 | "severity": "moderate", 284 | "module_name": "lodash", 285 | "vulnerable_versions": "<4.17.5", 286 | "github_advisory_id": "GHSA-fvqr-27wr-82fm", 287 | "recommendation": "Upgrade to version 4.17.5 or later", 288 | "patched_versions": ">=4.17.5", 289 | "updated": "2024-04-22T19:49:54.000Z", 290 | "cvss": { 291 | "score": 6.5, 292 | "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" 293 | }, 294 | "cwe": [ 295 | "CWE-471", 296 | "CWE-1321" 297 | ], 298 | "url": "https://github.com/advisories/GHSA-fvqr-27wr-82fm" 299 | }, 300 | "1097140": { 301 | "findings": [ 302 | { 303 | "version": "4.17.1", 304 | "paths": [ 305 | "lodash" 306 | ] 307 | } 308 | ], 309 | "found_by": null, 310 | "deleted": null, 311 | "references": "- https://github.com/lodash/lodash/pull/4336\n- https://nvd.nist.gov/vuln/detail/CVE-2019-10744\n- https://snyk.io/vuln/SNYK-JS-LODASH-450202\n- https://www.npmjs.com/advisories/1065\n- https://access.redhat.com/errata/RHSA-2019:3024\n- https://security.netapp.com/advisory/ntap-20191004-0005/\n- https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS\n- https://www.oracle.com/security-alerts/cpujan2021.html\n- https://www.oracle.com/security-alerts/cpuoct2020.html\n- https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS\n- https://github.com/advisories/GHSA-jf85-cpcp-j695", 312 | "created": "2019-07-10T19:45:23.000Z", 313 | "id": 1097140, 314 | "npm_advisory_id": null, 315 | "overview": "Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.\n\n## Recommendation\n\nUpdate to version 4.17.12 or later.", 316 | "reported_by": null, 317 | "title": "Prototype Pollution in lodash", 318 | "metadata": null, 319 | "cves": [ 320 | "CVE-2019-10744" 321 | ], 322 | "access": "public", 323 | "severity": "critical", 324 | "module_name": "lodash", 325 | "vulnerable_versions": "<4.17.12", 326 | "github_advisory_id": "GHSA-jf85-cpcp-j695", 327 | "recommendation": "Upgrade to version 4.17.12 or later", 328 | "patched_versions": ">=4.17.12", 329 | "updated": "2024-04-22T19:49:44.000Z", 330 | "cvss": { 331 | "score": 9.1, 332 | "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" 333 | }, 334 | "cwe": [ 335 | "CWE-20", 336 | "CWE-1321" 337 | ], 338 | "url": "https://github.com/advisories/GHSA-jf85-cpcp-j695" 339 | } 340 | }, 341 | "muted": [], 342 | "metadata": { 343 | "vulnerabilities": { 344 | "info": 0, 345 | "low": 0, 346 | "moderate": 3, 347 | "high": 3, 348 | "critical": 1 349 | }, 350 | "dependencies": 1, 351 | "devDependencies": 0, 352 | "optionalDependencies": 0, 353 | "totalDependencies": 1 354 | } 355 | } -------------------------------------------------------------------------------- /public/no-Severity-response.json: -------------------------------------------------------------------------------- 1 | { 2 | "actions": [], 3 | "advisories": {}, 4 | "muted": [], 5 | "metadata": { 6 | "vulnerabilities": { 7 | "info": 0, 8 | "low": 0, 9 | "moderate": 0, 10 | "high": 0, 11 | "critical": 0 12 | }, 13 | "dependencies": 1, 14 | "devDependencies": 0, 15 | "optionalDependencies": 0, 16 | "totalDependencies": 1 17 | } 18 | } -------------------------------------------------------------------------------- /smithery.yaml: -------------------------------------------------------------------------------- 1 | # Smithery configuration file: https://smithery.ai/docs/config#smitheryyaml 2 | 3 | startCommand: 4 | type: stdio 5 | configSchema: 6 | # JSON Schema defining the configuration options for the MCP. 7 | type: object 8 | required: [] 9 | properties: {} 10 | commandFunction: 11 | # A function that produces the CLI command to start the MCP on stdio. 12 | |- 13 | (config) => ({ command: 'node', args: ['build/index.js'], env: {} }) 14 | -------------------------------------------------------------------------------- /src/handlers/security.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Security audit handler for npm dependencies 3 | * Provides functionality to check for vulnerabilities in npm packages 4 | */ 5 | 6 | import { Vulnerability, NpmDependencies } from '../types/index.js'; 7 | import { McpError, ErrorCode } from '@modelcontextprotocol/sdk/types.js'; 8 | import npmFetch from 'npm-registry-fetch'; 9 | 10 | 11 | export class SecurityAuditHandler { 12 | /** 13 | * Audits a single dependency for security vulnerabilities 14 | * @param name - The name of the package to audit 15 | * @param version - The version of the package to audit 16 | * @returns Promise containing the audit results 17 | */ 18 | private async auditSingleDependency(name: string, version: string): Promise { 19 | try { 20 | // Validate input parameters 21 | if (!name || !version) { 22 | throw new Error(`Invalid package name or version: ${name}@${version}`); 23 | } 24 | 25 | // Clean version string by removing prefix characters (^ or ~) 26 | const cleanVersion = version.trim().replace(/^[\^~]/, ''); 27 | 28 | // Prepare audit data structure 29 | const auditData = { 30 | name: "single-dependency-audit", 31 | version: "1.0.0", 32 | requires: { [name]: cleanVersion }, 33 | dependencies: { 34 | [name]: { version: cleanVersion } 35 | } 36 | }; 37 | 38 | // Send audit request to npm registry 39 | const result = await npmFetch.json('/-/npm/v1/security/audits', { 40 | method: 'POST', 41 | body: auditData, 42 | gzip: true 43 | }); 44 | 45 | if (!result) { 46 | throw new Error(`No response received for ${name}@${cleanVersion}`); 47 | } 48 | 49 | return result; 50 | } catch (error) { 51 | console.error(`[ERROR] Error auditing ${name}@${version}:`, error); 52 | throw new McpError( 53 | ErrorCode.InternalError, 54 | `Failed to audit ${name}@${version}: ${error instanceof Error ? error.message : 'Unknown error'}` 55 | ); 56 | } 57 | } 58 | 59 | /** 60 | * Main method to audit multiple dependencies 61 | * @param dependencies - Object containing package names and versions to audit 62 | * @returns Promise containing consolidated audit results 63 | */ 64 | async auditNodejsDependencies(args: { dependencies: NpmDependencies }) { 65 | try { 66 | // Validate dependencies object 67 | if (!args || typeof args.dependencies !== 'object') { 68 | throw new McpError( 69 | ErrorCode.InvalidParams, 70 | 'Invalid dependencies object' 71 | ); 72 | } 73 | 74 | // Handle potentially nested dependencies object 75 | const actualDeps = args.dependencies.dependencies || args.dependencies; 76 | 77 | const auditResults = []; 78 | for (const [name, version] of Object.entries(actualDeps)) { 79 | if (typeof version !== 'string') continue 80 | try { 81 | const result = await this.auditSingleDependency(name, version); 82 | auditResults.push(result); 83 | } catch (error) { 84 | console.error(`[ERROR] Failed to audit ${name}@${version}:`, error); 85 | // Continue processing other dependencies 86 | } 87 | } 88 | 89 | // Merge and process all vulnerability results 90 | const mergedVulnerabilities = auditResults.flatMap(result => 91 | this.processVulnerabilities(result) 92 | ); 93 | 94 | // Return consolidated results 95 | return { 96 | content: [ 97 | { 98 | type: 'text', 99 | text: JSON.stringify(mergedVulnerabilities, null, 2), 100 | }, 101 | ] 102 | }; 103 | } catch (error) { 104 | console.error('[ERROR] Audit failed:', error); 105 | if (error instanceof McpError) { 106 | throw error; 107 | } 108 | throw new McpError( 109 | ErrorCode.InternalError, 110 | `Audit failed: ${error instanceof Error ? error.message : 'Unknown error'}` 111 | ); 112 | } 113 | } 114 | 115 | /** 116 | * Process raw vulnerability data into standardized format 117 | * @param auditData - Raw audit data from npm registry 118 | * @returns Array of processed vulnerabilities 119 | */ 120 | private processVulnerabilities(auditData: any): Vulnerability[] { 121 | if (!auditData.advisories || Object.keys(auditData.advisories).length === 0) { 122 | return []; 123 | } 124 | 125 | const advisories = auditData.advisories; 126 | return Object.values(advisories).map((advisory: any) => ({ 127 | name: advisory.module_name, 128 | version: advisory.vulnerable_versions, 129 | severity: advisory.severity, 130 | description: advisory.overview, 131 | recommendation: advisory.recommendation, 132 | fixAvailable: !!advisory.patched_versions, 133 | fixedVersion: advisory.patched_versions, 134 | githubAdvisoryId: advisory.github_advisory_id, 135 | updatedAt: advisory.updated, 136 | moreInfo: advisory.url 137 | })); 138 | } 139 | 140 | /** 141 | * Generate summary statistics for vulnerabilities 142 | * @param vulnerabilities - Array of processed vulnerabilities 143 | * @returns Summary object with counts by severity 144 | */ 145 | private generateSummary(vulnerabilities: Vulnerability[]) { 146 | return { 147 | total: vulnerabilities.length, 148 | critical: vulnerabilities.filter(v => v.severity === 'critical').length, 149 | high: vulnerabilities.filter(v => v.severity === 'high').length, 150 | moderate: vulnerabilities.filter(v => v.severity === 'moderate').length, 151 | low: vulnerabilities.filter(v => v.severity === 'low').length 152 | }; 153 | } 154 | } 155 | -------------------------------------------------------------------------------- /src/index.ts: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | /** 4 | * Main server file for the Security Audit MCP Server 5 | * Handles tool registration and request processing for security audits 6 | */ 7 | 8 | import { Server } from '@modelcontextprotocol/sdk/server/index.js' 9 | import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js' 10 | import { 11 | CallToolRequestSchema, 12 | ErrorCode, 13 | ListToolsRequestSchema, 14 | McpError, 15 | } from '@modelcontextprotocol/sdk/types.js' 16 | import { SecurityAuditHandler } from './handlers/security.js' 17 | import { NpmDependencies } from './types/index.js' 18 | 19 | /** 20 | * Server class that handles security audit requests 21 | * Implements the Model Context Protocol for tool integration 22 | */ 23 | class SecurityAuditServer { 24 | private server: Server 25 | private securityHandler: SecurityAuditHandler 26 | 27 | constructor() { 28 | // Initialize MCP server with basic configuration 29 | this.server = new Server( 30 | { 31 | name: 'mcp-security-audit-server', 32 | version: '0.1.0', 33 | }, 34 | { 35 | capabilities: { 36 | tools: {}, 37 | }, 38 | } 39 | ) 40 | 41 | // Create security audit handler instance 42 | this.securityHandler = new SecurityAuditHandler() 43 | this.setupToolHandlers() 44 | 45 | // Setup error handling 46 | this.server.onerror = (error) => console.error('[MCP Error]', error) 47 | 48 | // Handle graceful shutdown 49 | process.on('SIGINT', async () => { 50 | await this.server.close() 51 | process.exit(0) 52 | }) 53 | } 54 | 55 | /** 56 | * Setup handlers for tool-related requests 57 | * Registers available tools and their handlers 58 | */ 59 | private setupToolHandlers() { 60 | // Register available tools 61 | this.server.setRequestHandler(ListToolsRequestSchema, async () => ({ 62 | tools: [ 63 | { 64 | name: 'audit_nodejs_dependencies', 65 | description: 'Audit specific dependencies for vulnerabilities', 66 | inputSchema: { 67 | type: 'object', 68 | properties: { 69 | dependencies: { 70 | type: 'object', 71 | additionalProperties: { 72 | type: 'string', 73 | }, 74 | description: 'Dependencies object from package.json', 75 | } 76 | }, 77 | required: ['dependencies'], 78 | }, 79 | }, 80 | ], 81 | })) 82 | 83 | // Handle tool execution requests 84 | this.server.setRequestHandler(CallToolRequestSchema, async (request) => { 85 | // Validate request parameters 86 | if (!request.params.arguments) { 87 | throw new McpError( 88 | ErrorCode.InvalidParams, 89 | 'Missing arguments' 90 | ) 91 | } 92 | 93 | // Route request to appropriate handler 94 | switch (request.params.name) { 95 | case 'audit_nodejs_dependencies': 96 | return this.securityHandler.auditNodejsDependencies( 97 | request.params.arguments as { dependencies: NpmDependencies } 98 | ); 99 | default: 100 | throw new McpError(ErrorCode.MethodNotFound, `Unknown tool: ${request.params.name}`); 101 | } 102 | }) 103 | } 104 | 105 | /** 106 | * Start the server using stdio transport 107 | */ 108 | async run() { 109 | const transport = new StdioServerTransport() 110 | await this.server.connect(transport) 111 | console.error('Security Audit MCP server running on stdio') 112 | } 113 | } 114 | 115 | // Create and start server instance 116 | const server = new SecurityAuditServer() 117 | server.run().catch(console.error) 118 | -------------------------------------------------------------------------------- /src/test/test.ts: -------------------------------------------------------------------------------- 1 | import npmFetch from 'npm-registry-fetch'; 2 | import { SecurityAuditHandler } from '../handlers/security.js'; 3 | import * as path from 'path'; 4 | import * as fs from 'fs'; 5 | 6 | async function testNpmRegistry() { 7 | try { 8 | // 测试 1: Registry 连接和完整响应 9 | // console.log('Test 1: Testing npm registry connection and full response...'); 10 | // const pingResponse = await npmFetch.json('/-/ping'); 11 | // console.log('Registry connection:', pingResponse ? 'OK' : 'Failed'); 12 | // console.log('Full ping response:', JSON.stringify(pingResponse, null, 2)); 13 | 14 | // 测试 2: 单个依赖审计(已知漏洞版本)- 完整响应 15 | console.log('\nTest 2: Testing single dependency audit with full response...'); 16 | const handler = new SecurityAuditHandler(); 17 | const singleDep = { 18 | // 'lodash': '4.17.1', // 多个已知漏洞 19 | // '@modelcontextprotocol/sdk': '1.5.0', 20 | "next": "14.2.17" 21 | }; 22 | 23 | console.log('\nSending audit requests for single dependencies:'); 24 | for (const [name, version] of Object.entries(singleDep)) { 25 | console.log(`\nAuditing ${name}@${version}`); 26 | const auditData = { 27 | name: "single-dependency-audit", 28 | version: "1.0.0", 29 | requires: { [name]: version }, 30 | dependencies: { 31 | [name]: { version: version.replace('^', '') } 32 | } 33 | }; 34 | console.log('Request data:', JSON.stringify(auditData, null, 2)); 35 | 36 | try { 37 | const response = await npmFetch.json('/-/npm/v1/security/audits', { 38 | method: 'POST', 39 | body: auditData, 40 | gzip: true 41 | }); 42 | console.log('Full API Response:', JSON.stringify(response, null, 2)); 43 | } catch (error) { 44 | console.error(`Error auditing ${name}:`, error); 45 | } 46 | } 47 | 48 | // const singleAuditResult = await handler.auditDependencies({ 49 | // dependencies: singleDep, 50 | // level: 'low' 51 | // }); 52 | 53 | // console.log('\nProcessed Single Dependency Results:'); 54 | // console.log(JSON.stringify(singleAuditResult, null, 2)); 55 | 56 | // // 测试 3: 多个依赖审计 - 完整响应 57 | // console.log('\nTest 3: Testing multiple dependencies audit with full response...'); 58 | // const multipleDeps = { 59 | // 'lodash': '4.17.1', 60 | // 'express': '4.0.0', 61 | // 'moment': '2.0.0' 62 | // }; 63 | 64 | // console.log('\nSending audit requests for multiple dependencies:'); 65 | // for (const [name, version] of Object.entries(multipleDeps)) { 66 | // console.log(`\nAuditing ${name}@${version}`); 67 | // const auditData = { 68 | // name: "multiple-dependencies-audit", 69 | // version: "1.0.0", 70 | // requires: { [name]: version }, 71 | // dependencies: { 72 | // [name]: { version: version.replace('^', '') } 73 | // } 74 | // }; 75 | // console.log('Request data:', JSON.stringify(auditData, null, 2)); 76 | 77 | // try { 78 | // const response = await npmFetch.json('/-/npm/v1/security/audits', { 79 | // method: 'POST', 80 | // body: auditData, 81 | // gzip: true 82 | // }); 83 | // console.log('Full API Response:', JSON.stringify(response, null, 2)); 84 | // } catch (error) { 85 | // console.error(`Error auditing ${name}:`, error); 86 | // } 87 | // } 88 | 89 | // const multipleAuditResult = await handler.auditDependencies({ 90 | // dependencies: multipleDeps, 91 | // level: 'low' 92 | // }); 93 | 94 | // console.log('\nProcessed Multiple Dependencies Results:'); 95 | // console.log(JSON.stringify(multipleAuditResult, null, 2)); 96 | 97 | 98 | // 测试 lodash 4.17.1 的漏洞 99 | // console.log('\nTesting lodash@4.17.1 vulnerabilities...'); 100 | // const handler = new SecurityAuditHandler(); 101 | // const dependencies = { 102 | // "@ai-sdk/deepseek": "^0.1.0" // 已知有漏洞的版本 103 | // }; 104 | 105 | // try { 106 | // const result = await handler.auditDependencies({ dependencies }); 107 | 108 | // console.log('\nAudit Summary:'); 109 | // console.log(JSON.stringify(result, null, 2)); 110 | 111 | 112 | 113 | // } catch (error) { 114 | // console.error('Error during audit:', error); 115 | // } 116 | 117 | } catch (error) { 118 | console.error('Test failed:', error instanceof Error ? error.message : 'Unknown error'); 119 | console.error('Full error:', error); 120 | process.exit(1); 121 | } 122 | } 123 | 124 | // 运行测试 125 | console.log('Starting tests...\n'); 126 | testNpmRegistry().catch(error => { 127 | console.error('Test execution failed:', error); 128 | console.error('Full error details:', error); 129 | process.exit(1); 130 | }); -------------------------------------------------------------------------------- /src/types/index.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * Type definitions for the security audit system 3 | */ 4 | 5 | /** 6 | * Represents a single security vulnerability 7 | */ 8 | export interface Vulnerability { 9 | name: string; // Package name 10 | version: string; // Affected version range 11 | severity: string; // Severity level (critical, high, moderate, low) 12 | description: string; // Detailed description of the vulnerability 13 | recommendation: string; // Recommended action to fix the vulnerability 14 | fixAvailable: boolean; // Whether a fix is available 15 | fixedVersion?: string; // Version that fixes the vulnerability 16 | // references: string[]; 17 | githubAdvisoryId?: string; // GitHub Security Advisory ID 18 | updatedAt?: string; // Last update timestamp 19 | cvss?: { // Common Vulnerability Scoring System 20 | score: number; 21 | vector: string; 22 | }; 23 | cwe?: string[]; // Common Weakness Enumeration identifiers 24 | url?: string; // URL for more information 25 | } 26 | 27 | 28 | /** 29 | * Represents a map of package names to their versions 30 | */ 31 | export interface NpmDependencies { 32 | [key: string]: string; // Package name -> version mapping 33 | } 34 | 35 | -------------------------------------------------------------------------------- /src/types/npm-registry-fetch.d.ts: -------------------------------------------------------------------------------- 1 | declare module 'npm-registry-fetch' { 2 | interface FetchOptions { 3 | method?: string; 4 | body?: any; 5 | gzip?: boolean; 6 | [key: string]: any; 7 | } 8 | 9 | interface NpmFetch { 10 | json(url: string, options?: FetchOptions): Promise; 11 | } 12 | 13 | const npmFetch: NpmFetch; 14 | export default npmFetch; 15 | } -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "ES2022", 4 | "module": "Node16", 5 | "moduleResolution": "Node16", 6 | "outDir": "./build", 7 | "rootDir": "./src", 8 | "strict": true, 9 | "esModuleInterop": true, 10 | "skipLibCheck": true, 11 | "forceConsistentCasingInFileNames": true 12 | }, 13 | "include": ["src/**/*"], 14 | "exclude": ["node_modules"] 15 | } 16 | --------------------------------------------------------------------------------