Code-MCP

Instructions

Input Schema

Input Schema (JSON Schema)

Implementation Reference

• src/tools/fullstack.ts:104-207 (handler)

  The handler function for the 'check_dependencies' tool. It generates a markdown report with commands for auditing, checking outdated packages, and updating dependencies for various package managers (npm, yarn, pnpm, pip, cargo), along with best practices and CI integration examples.
  export function checkDependenciesHandler(args: any) { const { packageManager } = args; const commands: Record<string, { audit: string; outdated: string; update: string }> = { npm: { audit: "npm audit", outdated: "npm outdated", update: "npm update" }, yarn: { audit: "yarn audit", outdated: "yarn outdated", update: "yarn upgrade" }, pnpm: { audit: "pnpm audit", outdated: "pnpm outdated", update: "pnpm update" }, pip: { audit: "pip-audit", outdated: "pip list --outdated", update: "pip install --upgrade" }, cargo: { audit: "cargo audit", outdated: "cargo outdated", update: "cargo update" } }; const cmds = commands[packageManager]; const check = `# Dependency Health Check ## Package Manager: ${packageManager} --- ## Commands to Run ### 1. Security Audit \`\`\`bash ${cmds.audit} \`\`\` Checks for known vulnerabilities in dependencies. ### 2. Check Outdated \`\`\`bash ${cmds.outdated} \`\`\` Lists packages with newer versions available. ### 3. Update Dependencies \`\`\`bash ${cmds.update} \`\`\` Updates to latest compatible versions. --- ## Dependency Best Practices ### Security - [ ] Run audit before every release - [ ] Enable Dependabot/Renovate for automatic updates - [ ] Review changelogs before major updates - [ ] Pin versions in production ### Maintenance - [ ] Update dependencies monthly - [ ] Remove unused dependencies - [ ] Avoid deprecated packages - [ ] Lock file committed to git ### Automated Tools - **Snyk**: Free security scanning - **Dependabot**: Auto-update PRs - **Renovate**: Advanced dependency management - **npm-check**: Interactive updates ## Docker Security Scanning \`\`\`bash docker scout cves <image> # Scan for vulnerabilities docker scout quickview <image> # Quick security overview docker scout recommendations # Get fix recommendations \`\`\` ## GitHub Actions Integration Add to \`.github/workflows/security.yml\`: \`\`\`yaml name: Security Scan on: [push, pull_request] jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: npm audit --audit-level=high \`\`\` `; return { content: [{ type: "text", text: check }] }; }
• src/tools/fullstack.ts:95-102 (schema)

  The Zod schema definition for the 'check_dependencies' tool, specifying input parameters: packageManager (required enum) and optional packageFile path.
  export const checkDependenciesSchema = { name: "check_dependencies", description: "Analyzes project dependencies for security vulnerabilities, deprecations, and outdated packages. Essential for maintaining healthy projects.", inputSchema: z.object({ packageManager: z.enum(["npm", "yarn", "pnpm", "pip", "cargo"]).describe("Package manager to check"), packageFile: z.string().optional().describe("Path to package file (package.json, requirements.txt, etc.)") }) };
• src/server.ts:119-119 (registration)

  Registration of the 'check_dependencies' tool in the HTTP server's toolRegistry Map, linking schema and handler.
  ["check_dependencies", { schema: checkDependenciesSchema, handler: checkDependenciesHandler }],
• src/index.ts:114-114 (registration)

  Registration of the 'check_dependencies' tool in the stdio server's toolRegistry Map, linking schema and handler.
  ["check_dependencies", { schema: checkDependenciesSchema, handler: checkDependenciesHandler }],