@depfenderdev/mcp
MCP server for Depfender — scan packages for data exfiltration and security threats directly from your IDE.
Installation
Cursor
Add to your Cursor MCP settings:
{
"mcpServers": {
"depfender": {
"command": "npx",
"args": ["@depfenderdev/mcp"]
}
}
}
Claude Code
claude mcp add depfender -- npx @depfenderdev/mcp
VS Code
Add to your VS Code MCP settings (.vscode/mcp.json):
{
"mcpServers": {
"depfender": {
"command": "npx",
"args": ["@depfenderdev/mcp"]
}
}
}
Tools
scan_package
Scans a package for data exfiltration and security threats.
Parameters:
package(required) — package name (e.g.,lodash)version(optional) — version to scan (defaults to latest)ecosystem(optional) — package ecosystem:npm,pypi,cargo,maven(default:npm)
Development
Setup
npm install
npm run build
Environment Variables
| Variable | Required | Description |
|---|---|---|
DEPFENDER_API_URL | Yes | Backend API URL (e.g., http://localhost:3000) |
DEPFENDER_API_KEY | Yes | Backend API secret (x-internal-secret value) |
Local IDE Configuration
Add to your MCP settings (e.g., Claude Desktop claude_desktop_config.json):
{
"mcpServers": {
"depfender": {
"command": "node",
"args": ["/path/to/mcp/dist/index.js"],
"env": {
"DEPFENDER_API_URL": "http://localhost:3000",
"DEPFENDER_API_KEY": "your-api-secret"
}
}
}
}
Testing
npm test # Run all tests
npm run test:watch # Watch mode
E2E tests require DEPFENDER_API_KEY and a running backend:
DEPFENDER_API_KEY=your-secret DEPFENDER_API_URL=http://localhost:3000 npm test
Scripts
npm run dev # Run with tsx (no build needed)
npm run build # Compile TypeScript
Community
- GitHub Discussions — Questions and ideas
- Twitter/X — Updates and announcements
- Website — Full documentation