DepHealth MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@DepHealth MCPaudit the dependencies in ./my-project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
DepHealth MCP
Dependency security & health auditing for AI agents — no account, no API key.
DepHealth is an MCP server that lets any AI agent (Claude Code, Claude Desktop, Cursor, …) answer two questions instantly:
"Are this project's dependencies safe?" →
audit_project"Should I add / upgrade to this package?" →
check_package
Vulnerability data comes from Google's OSV.dev (738K+ advisories, 40+ ecosystems); package health signals (latest version, license, release recency, deprecation) come from deps.dev. Both are free public APIs — zero signup, zero keys, zero config.
Why this instead of Snyk/Socket MCP?
DepHealth | Snyk MCP | Socket MCP | |
Account required | No | Yes | Yes (OAuth) |
API key / auth flow | None | Snyk auth | Sign-in via client |
Ecosystems | npm, PyPI, Go, crates.io | many | many |
Token-lean output | Yes — capped, structured | — | — |
Open source | MIT | partial | partial |
MCP servers are notorious for context bloat (some inject 50K+ tokens of schema). DepHealth exposes 2 tools, 1 resource, 1 prompt with compact structured outputs — advisories are capped at 5 per package, worst-severity first, with the fix version included.
Related MCP server: @4da/mcp-server
Install
Requires Python 3.11+ and uv.
git clone https://github.com/hasarahman/dephealth-mcp
cd dephealth-mcp && uv syncClaude Code:
claude mcp add --scope user dephealth -- uv run --project /path/to/dephealth-mcp dephealth-mcpClaude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"dephealth": {
"command": "uv",
"args": ["run", "--project", "/path/to/dephealth-mcp", "dephealth-mcp"]
}
}
}Tools
audit_project(path)
Scans every supported manifest directly in path — package.json, requirements.txt, pyproject.toml, go.mod, Cargo.toml — batch-queries OSV, and returns a structured report:
verdict: "1 of 2 checked dependencies have known vulnerabilities (worst severity: HIGH)."
vulnerable_packages:
- lodash 4.17.20 (npm) — 5 advisories
GHSA-35jh-r3h4-6jhm CVE-2021-23337 HIGH Command Injection fixed_in: 4.17.21
...
unpinned_skipped: ["flask"] # hygiene flag: deps with no resolvable versionRange specifiers (^4.17.20, >=2.0) are audited at their floor and marked version_is_range_floor: true.
check_package(ecosystem, name, version?)
The "should I add this?" tool. Omit version to check the latest release. Combines OSV advisories with deps.dev health signals and returns a verdict:
avoid— CRITICAL/HIGH vulnerabilities in this versioncaution— lower-severity vulns, no release in 2+ years, or deprecatedok— clean and maintained
check_package("npm", "left-pad")
→ verdict: caution
reasons: ["no release since 2018-04-09 (possibly unmaintained)",
"latest version is marked deprecated"]Resource & prompt
dephealth://ecosystems— supported ecosystems and their manifest filessecurity_review(project_path)— a guided prompt: audit, verify upgrade targets are clean, produce a prioritized remediation list
Development
uv run pytest # in-process MCP client tests (hit the live free APIs)
uv run fastmcp dev src/dephealth_mcp/server.py # interactive inspectorBuilt with FastMCP. MIT license.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/hasarahman/dephealth-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server