Model Context Protocol implementation for TypeScript
Drift inferred · capture-to-capture
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/server
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/server
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/server
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/client
transport stdio · streamable-http · http · sse counts 1 tools · 0 res
· 0 prompts
permission surface via code analysis
tools
-
greet
evidence-backed
findings quoted directly from the published source artifact — not inferred
shell / exec 1
- shell package/dist/esm/client/stdio.js :65
this._process = spawn(this._serverParams.command, this._serverParams.args ?? [], {
network 2
- net package/dist/cjs/server/webStandardStreamableHttp.js :39
* async fetch(request: Request): Promise<Response> { - net package/dist/esm/server/webStandardStreamableHttp.js :36
* async fetch(request: Request): Promise<Response> {
declared dependencies 40
- @hono/node-server@^1.19.9
- ajv@^8.17.1
- ajv-formats@^3.0.1
- content-type@^1.0.5
- cors@^2.8.5
- cross-spawn@^7.0.5
- eventsource@^3.0.2
- eventsource-parser@^3.0.0
- express@^5.2.1
- express-rate-limit@^8.2.1
- hono@^4.11.4
- jose@^6.1.3
- json-schema-typed@^8.0.2
- pkce-challenge@^5.0.0
- raw-body@^3.0.0
- zod@^3.25 || ^4.0
- zod-to-json-schema@^3.25.1
- @cfworker/json-schema@^4.1.1
- @eslint/js@^9.39.1
- @modelcontextprotocol/conformance@^0.1.14
- @types/content-type@^1.1.8
- @types/cors@^2.8.17
- @types/cross-spawn@^6.0.6
- @types/eventsource@^1.1.15
- @types/express@^5.0.0
- @types/express-serve-static-core@^5.1.0
- @types/node@^22.12.0
- @types/supertest@^6.0.2
- @types/ws@^8.5.12
- @typescript/native-preview@^7.0.0-dev.20251103.1
- eslint@^9.8.0
- eslint-config-prettier@^10.1.8
- eslint-plugin-n@^17.23.1
- prettier@3.6.2
- supertest@^7.0.0
- tsx@^4.16.5
- typescript@^5.5.4
- typescript-eslint@^8.48.1
- vitest@^4.0.8
- ws@^8.18.0