Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

PatchPilot

БесплатноНе проверен

Security scanner for vibe coders that checks npm packages for known vulnerabilities before installation, integrating with AI coding tools like Claude Code and C

GitHubEmbed

Описание

Security scanner for vibe coders that checks npm packages for known vulnerabilities before installation, integrating with AI coding tools like Claude Code and Cursor.

README

Security scanner for vibe coders. Checks npm packages for known vulnerabilities before you install them.

What it does

PatchPilot is an MCP server that integrates with Claude Code, Cursor, and other AI coding tools. When you're about to install a package, you can ask Claude to check if it's safe first.

Example:

You: "Check if [email protected] is safe to use"
Claude: 🚨 [email protected] has 4 known vulnerabilities!
        ...
        💡 Recommendation: Update to [email protected] or later

Installation

Prerequisites

  • Node.js 18+
  • Claude Code or another MCP-compatible client

Setup

  1. Clone this repository:
git clone https://github.com/YOUR_USERNAME/patchpilot-mcp.git
cd patchpilot-mcp
  1. Install dependencies:
npm install
  1. Build:
npm run build

Add to Claude Code

Add to your Claude Code config (~/.claude/settings.json):

{
  "mcpServers": {
    "patchpilot": {
      "command": "node",
      "args": ["/path/to/patchpilot-mcp/dist/index.js"]
    }
  }
}

Or for development (without building):

{
  "mcpServers": {
    "patchpilot": {
      "command": "npx",
      "args": ["tsx", "/path/to/patchpilot-mcp/src/index.ts"]
    }
  }
}

Restart Claude Code after adding the config.

Usage

Once installed, ask Claude to check packages:

How it works

PatchPilot uses the OSV API (Google's Open Source Vulnerabilities database) to check packages. The API is:

  • Free (no API key needed)
  • Fast
  • Comprehensive (aggregates data from npm, GitHub, NVD, and more)

Available Tools

check_package

Check a single npm package for known vulnerabilities.

Input:

  • name: Package name (e.g., "lodash")
  • version: Package version (e.g., "4.17.0")

Output:

  • Vulnerability count and severity breakdown
  • Details of each vulnerability
  • Recommended fix version

License

MIT

from github.com/ProduktEntdecker/patchpilot-mcp

Установка PatchPilot

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/ProduktEntdecker/patchpilot-mcp

FAQ

PatchPilot MCP бесплатный?

Да, PatchPilot MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для PatchPilot?

Нет, PatchPilot работает без API-ключей и переменных окружения.

PatchPilot — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить PatchPilot в Claude Desktop, Claude Code или Cursor?

Открой PatchPilot на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare PatchPilot with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development