audit
Run security audits on npm packages to identify and fix vulnerabilities in dependencies, with options for automatic fixes and severity filtering.
Instructions
Run a security audit on the package
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | Absolute path to the package directory | |
| fix | No | Automatically fix vulnerabilities | |
| level | No | Minimum vulnerability level to report | |
| production | No | Only audit production dependencies |
Implementation Reference
- src/index.ts:324-350 (handler)Registration and handler implementation for the 'audit' MCP tool.
// ── npm audit ── server.tool( "audit", "Run a security audit on the package", { path: z.string().describe("Absolute path to the package directory"), fix: z.boolean().optional().describe("Automatically fix vulnerabilities"), level: z .enum(["info", "low", "moderate", "high", "critical"]) .optional() .describe("Minimum vulnerability level to report"), production: z.boolean().optional().describe("Only audit production dependencies"), }, async ({ path, fix, level, production }) => { const args = fix ? ["audit", "fix"] : ["audit"]; args.push("--json"); if (level) args.push("--audit-level", level); if (production) args.push("--omit=dev"); try { const { stdout } = await run(args, path); return { content: [{ type: "text", text: stdout }] }; } catch (e: any) { // npm audit exits non-zero when vulnerabilities found return { content: [{ type: "text", text: e.stdout || e.stderr || e.message }] }; } }, );