This is a security analysis tool that runs as an MCP server to evaluate your npm dependencies. It exposes operations to calculate trust scores (0-100) based on CVE history, maintainer activity, commit frequency, download stats, and funding. You can scan entire dependency trees, check individual packages, detect typosquatting attempts, and identify zombie dependencies that haven't been maintained in over a year. The blast radius analysis shows how many files would be affected if a package were compromised. It also suggests migration paths to safer alternatives using a built-in mapping of 131 packages to 192 alternatives. Useful when you want Claude to audit your supply chain risk during development, especially for projects with deep transitive dependency trees where manual review isn't practical.
claude mcp add --transport stdio ertugrulakben-dep-oracle -- npx -y dep-oracle