Model Context Protocol implementation for TypeScript - Server package
Drift inferred · capture-to-capture
- HIGH code analysis flagged dynamic code execution in @modelcontextprotocol/server
transport stdio · streamable-http counts 1 tools · 0 res
· 0 prompts
permission surface via code analysis
tools
-
greet
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed v2.0.0-alpha.2 · analyzer v18 · 8h ago
danger signals1
- dynamic code executionnew Function()package/dist/src-IKPjmxu7.mjs:5877
const validate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode)(this, this.scope.get());
evidence-backed
findings quoted directly from the published source artifact — not inferred
network 1
- net package/dist/index.mjs :1766
* async fetch(request: Request): Promise<Response> {
tool registrations 1
- greet package/dist/src-IKPjmxu7.mjs :9623
declared dependencies 21
- zod@^4.0
- @cfworker/json-schema@^4.1.1
- @eslint/js@^9.39.2
- @types/cross-spawn@^6.0.6
- @types/eventsource@^1.1.15
- @typescript/native-preview@^7.0.0-dev.20251217.1
- eslint@^9.39.2
- eslint-config-prettier@^10.1.8
- eslint-plugin-n@^17.23.1
- prettier@3.6.2
- supertest@^7.0.0
- tsdown@^0.18.0
- tsx@^4.16.5
- typescript@^5.9.3
- typescript-eslint@^8.48.1
- vitest@^4.0.15
- @modelcontextprotocol/core@^2.0.0-alpha.1
- @modelcontextprotocol/eslint-config@^2.0.0
- @modelcontextprotocol/test-helpers@^2.0.0-alpha.0
- @modelcontextprotocol/tsconfig@^2.0.0
- @modelcontextprotocol/vitest-config@^2.0.0