Live npm/PyPI dependency-health verdicts so AI agents stop recommending stale or CVE'd packages
MCP server exposing live npm / PyPI dependency-health verdicts so AI coding agents can check a package before recommending it — closing the 6–18 month staleness gap in model training data. Returns a concise human-readable summary and structured content: maintenance signal (////), latest version, last release/commit age, deprecation/yank/archived flags, known CVE count (OSV), and a hand-verified…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
MCP server exposing live npm / PyPI dependency-health verdicts so AI coding agents can check a package before recommending it — closing the 6–18 month staleness gap in model training data. Returns a concise human-readable summary and structured content: maintenance signal (////), latest version, last release/commit age, deprecation/yank/archived flags, known CVE count (OSV), and a hand-verified alternative if the package is From this repo (before publish): The server speaks JSON-RPC over stdio…