Verified record · from the answer index
pkgxray
mcptested · static-verifiedscore 53/100signed passport ✓published 7d ago · verified 2026-07-113,354 monthly downloads
Zero-dep local CLI and MCP server that scans npm packages for supply-chain risk. OSV vuln pre-check, sandboxed quarantine, tarball-integrity verification, calibrated static heuristics, GitHub provenance cross-check.
Install
claude mcp add pkgxray -- npx -y pkgxray
npm:pkgxray · published by adamsjack711-ux · source repository