Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| hound_vulns | List all known vulnerabilities for a specific package version, grouped by severity with fix versions and advisory links. |
| hound_inspect | Get a comprehensive profile of a package version: licenses, vulnerabilities, OpenSSF scorecard, GitHub stats, and dependency count — all in one call. |
| hound_tree | Show the full resolved dependency tree for a package version, including all transitive dependencies with their depth and relation type. |
| hound_typosquat | Check if a package name looks like a typosquat of a popular package. Generates likely typo variants and checks which ones exist in the registry. |
| hound_advisories | Get full details for a security advisory by ID (GHSA, CVE, or OSV ID). Returns title, severity, affected versions, fix versions, and references. |
| hound_popular | Scan a list of popular (or user-specified) packages for known vulnerabilities. Quickly surface which widely-used packages in an ecosystem have open security issues. |
| hound_audit | Scan a project's lockfile for dependency risks. Parses package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, Cargo.lock, or go.sum and batch-queries OSV for vulnerabilities across all dependencies. |
| hound_compare | Side-by-side comparison of two packages: vulnerabilities, OpenSSF Scorecard, GitHub stars, release recency, and license. Returns a recommendation. |
| hound_license_check | Scan a lockfile for license compliance. Resolves licenses for every dependency and flags packages that violate the chosen policy (permissive, copyleft, or none). |
| hound_preinstall | Safety check before installing a package. Checks known vulnerabilities, typosquatting risk, abandonment, and license concerns. Returns a go/no-go verdict. |
| hound_score | Compute a 0-100 Hound Score for a package version combining vulnerability severity, OpenSSF Scorecard, release recency, and license risk. Returns a letter grade (A-F) with a breakdown. |
| hound_upgrade | Find the minimum version upgrade that resolves all known vulnerabilities for a package. Checks every published version and returns the nearest safe one. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| security_audit | Run a full security audit on the current project's dependencies. Scans for vulnerabilities, license issues, and typosquat risks across your entire dependency tree. |
| package_evaluation | Evaluate a package before adding it as a dependency. Returns a go/no-go recommendation with security, license, and health analysis. |
| pre_release_check | Run a pre-release dependency scan before shipping. Checks for vulnerabilities and license issues that could block a release. |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |