Saves tokens, energy & blocks unsafe packages — 22 tools, 19 ecosystems, 1.2M+ pkgs, MIT.
Saves tokens, energy & blocks unsafe packages — 22 tools, 19 ecosystems, 1.2M+ pkgs, MIT.
mcp · v0.8.2
by Depscope.dev
DepScope MCP Server
Package intelligence MCP server for AI agents. Stops AI coding agents (Claude, ChatGPT, Cursor, Windsurf, Copilot) from installing hallucinated, deprecated, or malicious packages across 19 ecosystems.
→ Backed by depscope.dev — 1.2M+ packages indexed, 19,000+ vulnerabilities tracked, real-time.
Why this exists
LLMs frequently invent package names that look real but don't exist (fastapi-turbo, lodahs, tokio-stream-extras). When an agent tries to install one, it might hit an attacker's typosquat. DepScope verifies every package before install.
Quick start
Claude Desktop / Cursor / Windsurf (remote MCP)
Add to your MCP config:
{
"mcpServers": {
"depscope": {
"url": "https://mcp.depscope.dev/mcp"
}
}
}
Local (stdio via npx)
{
"mcpServers": {
"depscope": {
"command": "npx",
"args": ["-y", "depscope-mcp"]
}
}
}
Tools (22)
| Tool | Purpose |
|---|---|
check_package |
Full package check: deprecated/CVE/health/recommendation |
get_health_score |
0-100 score with breakdown (maintenance/popularity/security/maturity/community) |
get_vulnerabilities |
Open CVEs from OSV + KEV/EPSS |
package_exists |
Hallucination detector (404 = LLM invented it) |
find_alternatives |
Curated alternatives for deprecated/abandoned packages |
get_typosquat |
Suspicious name similarity check |
get_breaking_changes |
Migration plan between versions |
get_bugs |
Known bugs from GitHub issues |
compare_packages |
Side-by-side health/license/vuln comparison |
resolve_error |
Map error message → likely cause + fix |
search_errors |
Find similar error reports across ecosystems |
check_compat |
Stack compatibility check |
get_latest_version |
Latest stable + maturity signal |
| ... and 9 more | full list in tools.js |
Ecosystems (19)
npm · pypi · cargo · go · composer · maven · nuget · rubygems · pub · hex · swift · cocoapods · cpan · hackage · cran · conda · homebrew · jsr · julia
Pricing
Free. No auth required. Generous rate limits. The MCP server is open-source (AGPL-3.0); the backend (depscope.dev API) is proprietary.
License
AGPL-3.0-or-later. Backend is proprietary; this client is open.
Links
- depscope.dev — homepage
- docs — integration guide
- awesome-mcp-servers