@depfenderdev/mcp

MCP server for Depfender — scan packages for data exfiltration and security threats directly from your IDE.

---

Installation

Cursor

Add to your Cursor MCP settings:

{
  "mcpServers": {
    "depfender": {
      "command": "npx",
      "args": ["@depfenderdev/mcp"]
    }
  }
}

Claude Code

claude mcp add depfender -- npx @depfenderdev/mcp

VS Code

Add to your VS Code MCP settings (.vscode/mcp.json):

{
  "mcpServers": {
    "depfender": {
      "command": "npx",
      "args": ["@depfenderdev/mcp"]
    }
  }
}

---

Tools

scan_package

Scans a package for data exfiltration and security threats.

Parameters:

• package (required) — package name (e.g., lodash)
• version (optional) — version to scan (defaults to latest)
• ecosystem (optional) — package ecosystem: npm, pypi, cargo, maven (default: npm)

---

Development

Setup

npm install
npm run build

Environment Variables

Variable	Required	Description
DEPFENDER_API_URL	Yes	Backend API URL (e.g., http://localhost:3000)
DEPFENDER_API_KEY	Yes	Backend API secret (x-internal-secret value)

Local IDE Configuration

Add to your MCP settings (e.g., Claude Desktop claude_desktop_config.json):

{
  "mcpServers": {
    "depfender": {
      "command": "node",
      "args": ["/path/to/mcp/dist/index.js"],
      "env": {
        "DEPFENDER_API_URL": "http://localhost:3000",
        "DEPFENDER_API_KEY": "your-api-secret"
      }
    }
  }
}

Testing

npm test                    # Run all tests
npm run test:watch          # Watch mode

E2E tests require DEPFENDER_API_KEY and a running backend:

DEPFENDER_API_KEY=your-secret DEPFENDER_API_URL=http://localhost:3000 npm test

Scripts

npm run dev                 # Run with tsx (no build needed)
npm run build               # Compile TypeScript

---

Community

• GitHub Discussions — Questions and ideas
• Twitter/X — Updates and announcements
• Website — Full documentation

---

License

MIT