mopanc/depguard
🔌 MCP Servermopanc
A comprehensive security guardian for npm packages featuring static analysis, vulnerability auditing, and AI hallucination protection.
depguard is a sophisticated security-focused MCP server that acts as a pre-install guardian for npm-based projects. By leveraging static code analysis, it helps developers identify malicious patterns and potential supply-chain vulnerabilities before they reach the production environment. A standout feature is its native implementation of the CycloneDX 1.6 SBOM standard, allowing for precise software bill of materials generation and Vulnerability Exploitability eXchange (VEX) reporting without relying on external heavy dependencies.
Beyond traditional security, depguard addresses modern AI challenges by including specific guards against AI hallucinations, ensuring that automated code generation or dependency suggestions remain within safe parameters. With 28 distinct MCP tools available, it provides a modular interface for developers to audit, monitor, and secure their projects. Its architecture is intentionally minimalist, ensuring high performance and reliability by avoiding unnecessary runtime overhead while maintaining strict adherence to public security schemas.
💡Highlights
- ├─28 integrated MCP security tools
- ├─CycloneDX 1.6 SBOM with VEX support
- └─Zero runtime dependencies
🎯For
- ├─Security Engineers
- ├─DevOps Engineers
- └─Full-stack Developers