io.github.shane-js/ghostfree

MCPcommunity
v0.2.0io.github.shane-jsUnknownUpdated 2mo agonpmGitHub

MCP server that scans your repo's dependencies for security vulnerabilities based on published CVEs.

Every software team could use some help ridding their code base of the ghosts haunting their dependencies. GhostFree is a local MCP server that scans your repository's dependencies for known vulnerabilities based on issued CVEs using OSV.dev, helps you triage and fix findings with NVD and CISA KEV enrichment, and lets you manage accepted risks — all directly from your AI coding assistant. No…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
2mo agoLast update
Package
Authorio.github.shane-js
LicenseUnknown
Version0.2.0
Sourcemcp-registry
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
Dependencies60 resolved · 1 with advisories
Tool surface6 tools · 1 privileged
Security scan✓ Cleanv0.2.0 · 20d ago
DEPfast-xml-parser@4.5.6GHSA-gh4j-gqv2-49f6
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Every software team could use some help ridding their code base of the ghosts haunting their dependencies. GhostFree is a local MCP server that scans your repository's dependencies for known vulnerabilities based on issued CVEs using OSV.dev, helps you triage and fix findings with NVD and CISA KEV enrichment, and lets you manage accepted risks — all directly from your AI coding assistant. No installation, signup, or payment required. Add GhostFree to your MCP settings for whatever code tool you…

Keywords
mcp