Skip to main content
Glama
toan203

osv-ui-mcp

by toan203
OverviewSchemaRelated ServersScoreDiscussions
Local

get_fix_commands

Generate safe upgrade commands for vulnerable packages to review before applying fixes. Returns npm install and pip install commands grouped by ecosystem.

Instructions

Get the safe upgrade commands for vulnerable packages WITHOUT executing them. Use this to show the user what will be changed before calling apply_fixes. Returns a list of commands grouped by ecosystem (npm install / pip install).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
pathYesPath to the project directory.
packagesNoOptional: only return fix commands for these package names. If omitted, returns all fixable packages.
severity_filterNoOnly return fixes for this severity or above. Default: all.

Implementation Reference

  • packages/mcp/bin/osv-ui-mcp.js:275-306 (handler)
    The handleGetFixCommands function retrieves fixable vulnerabilities and generates a table of commands to upgrade packages.
    async function handleGetFixCommands({ path: dir = '.', packages, severity_filter = 'all' }) {
  const absDir = resolve(dir);
  const result = await scanService(absDir, { noOsv: false });
  const sevOrder = { critical: 0, high: 1, moderate: 2, low: 3 };
  const filterRank = sevOrder[severity_filter] ?? 4;

  const fixable = getFixableGroups(result.vulns, packages, filterRank);

  if (fixable.length === 0) {
    return ok('No fixable vulnerabilities found' + (packages ? ` for packages: ${packages.join(', ')}` : '') + '.');
  }

  const lines = [
    `## Fix commands for ${result.name}`,
    '',
    `The following ${fixable.length} package(s) can be upgraded to fix CVEs:`,
    '',
    '| Package | Current | Safe version | Fixes | Command |',
    '|---------|---------|-------------|-------|---------|',
  ];

  for (const f of fixable) {
    lines.push(`| \`${f.name}\` | ${f.currentVersion} | **${f.fixVersion}** | ${f.cveCount} CVE(s) | \`${f.command}\` |`);
  }

  lines.push('');
  lines.push('⚠️ **Review before running.** Call `apply_fixes` with the package names you want to upgrade.');
  lines.push('');
  lines.push('**To apply all:** `apply_fixes({ path: "' + dir + '", packages: [' + fixable.map(f => `"${f.name}"`).join(', ') + '] })`');

  return ok(lines.join('\n'));
}
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/toan203/osv-ui'

If you have feedback or need assistance with the MCP directory API, please join our Discord server