DepGuard
Checks npm packages for vulnerabilities (via OSV) and deprecation status, providing real-time dependency safety feedback for AI agents.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@DepGuardCheck lodash 4.17.20 for vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
DepGuard MCP Server
DepGuard is a production MCP server for real-time dependency risk checks while coding.
It checks package updates against:
OSV vulnerabilities (CVE/GHSA)
npm package deprecations
local cache for fast repeated lookups
Status
Docker image:
ghcr.io/foudhilriahi/depguard:latestMulti-arch publish:
linux/amd64,linux/arm64GitHub Pages live proof:
https://foudhilriahi.github.io/DepGuard/
Related MCP server: github-insight-mcp
1) Fastest way to use DepGuard (Docker + MCP)
Add this to your MCP client config:
{
"mcpServers": {
"depguard": {
"command": "docker",
"args": [
"run",
"--rm",
"-i",
"-e",
"CACHE_TTL_SECONDS=86400",
"-e",
"DEPGUARD_CACHE_PATH=/data/cache.sqlite",
"-v",
"depguard-cache:/data",
"ghcr.io/foudhilriahi/depguard:latest"
]
}
}
}Restart your AI IDE/CLI after saving config.
Available MCP tools
check_packagecheck_packages_bulkscan_package_jsonget_cached_result
2) Real online proof (no mocks)
Live proof page
GitHub Pages app in docs/ performs real browser calls to:
https://api.osv.dev/v1/querybatchhttps://registry.npmjs.org/<package>
CI proof artifact
docs/proof/latest.json is generated by running actual DepGuard core logic in CI:
workflow:
.github/workflows/proof-artifact.ymlscript:
scripts/generate-proof.mjs
This is not simulation data.
3) How to test Docker image online (without local Docker)
Use GitHub Actions manual workflow:
Workflow:
.github/workflows/docker-smoke.ymlTrigger: Actions → Docker Smoke Test (GHCR) → Run workflow
It validates:
image can be pulled from GHCR
manifest inspection works
container runtime works (
node --version)MCP entrypoint file exists (
/app/dist/index.js)
So you can prove your container works even without Docker installed locally.
4) GitHub Pages setup
Use workflow-based Pages deploy for consistency:
GitHub repo → Settings → Pages
Source: GitHub Actions
Keep
.github/workflows/pages.ymlenabled
5) Local dev (optional)
npm install
npm run test
npm run build
npm run dev6) Environment variables
CACHE_TTL_SECONDS(default86400)DEPGUARD_CACHE_PATH(default.depguard-cache.sqlite)DEPGUARD_HTTP_TIMEOUT_MS(default7000)DEPGUARD_HTTP_RETRIES(default2)DEPGUARD_HTTP_RETRY_DELAY_MS(default250)
7) CI/CD workflows in this repo
ci.yml→ tests + buildpages.yml→ deploysdocs/to GitHub Pagesproof-artifact.yml→ refreshes real proof JSONpublish-docker.yml→ publishes multi-arch GHCR imagedocker-smoke.yml→ manual online container verification
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/foudhilriahi/DepGuard'
If you have feedback or need assistance with the MCP directory API, please join our Discord server