Scans dependencies for vulnerabilities, license issues, and typosquatting across npm, PyPI, Go, Cargo, Maven, NuGet, and RubyGems without requiring API keys or accounts. Exposes 12 tools including hound_audit for scanning entire lockfiles, hound_preinstall for go/no-go verdicts before adding packages, hound_compare for side-by-side package evaluation, and hound_license_check for compliance scanning. Pulls data from Google's deps.dev and OSV APIs. Built specifically for AI coding agents that recommend packages without knowing if they're safe. Useful when auditing inherited codebases, running pre-merge security checks on lockfile diffs, or gating releases on dependency safety in CI pipelines.
claude mcp add --transport stdio io.github.tiluckdave-hound uvx hound