This server brings SafeDep's package security scanning directly into Claude and MCP-compatible IDEs. It exposes vet's malware detection and vulnerability analysis capabilities, letting you scan dependencies for malicious code, check packages against known threat databases, and validate licenses or OpenSSF Scorecard thresholds before you commit. The malware detection catches zero-day threats through behavioral analysis, while the policy engine uses CEL expressions to enforce security rules. Reach for this when you want real-time supply chain protection in your AI workflow, whether you're reviewing package.json files, inspecting GitHub Actions, or evaluating dependencies before merging. Works with npm, PyPI, Maven, Go, Rust, and container images. Free for open source projects with optional SafeDep Cloud integration.
claude mcp add --transport stdio io.github.safedep-vet-mcp uvx vet-mcp