ghostfree

GhostFree

MCP server that scans your repo's dependencies for security vulnerabilities based on published CVEs.

stdiocommunityapplication

Package Details

ghostfree

0.2.0•https://www.npmjs.com/package/ghostfree

Transportstdio

Runtimenpx

Runtime Arguments

Positional

Position 0

-y

Package Arguments

Named

--repo-pathRequired

Absolute path to the repository to scan for vulnerable dependencies.

Environment Variables

GHOSTFREE_DIR(file)

Override the directory where GhostFree stores its data files (accepted-risks.yml, config.yml). Defaults to .ghostfree/ in the scanned repository root.

GHOSTFREE_MIN_SEVERITY(str)

Default:MEDIUM

Minimum CVE severity level to surface. One of: CRITICAL, HIGH, MEDIUM (default), LOW.

NVD_API_KEY(str)

Secret

Optional NVD API key for higher rate limits when enriching CVE details. Free to request at https://nvd.nist.gov/developers/request-an-api-key.