Skip to main content
Glama
toan203

osv-ui-mcp

by toan203
OverviewSchemaRelated ServersScoreDiscussions
Local

open_dashboard

Launch a visual dashboard to review CVE details, severity charts, and upgrade guides for npm, Python, Go, and Rust projects before applying security fixes.

Instructions

Launch the osv-ui visual dashboard in the browser for human review. This is the HUMAN-IN-THE-LOOP step — always offer this before applying fixes. The dashboard shows full CVE details, severity charts, and the upgrade guide. Returns the dashboard URL. If already running for this path, returns existing URL.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
pathNoPath to the project directory to display in the dashboard.
portNoPort to run the dashboard on. Default: auto-assigned starting from 2003.

Implementation Reference

  • packages/mcp/bin/osv-ui-mcp.js:230-262 (handler)
    The handleOpenDashboard function manages the launching of the osv-ui browser dashboard, including port assignment and opening the URL in the browser.
    async function handleOpenDashboard({ path: dir = '.', port }) {
  const absDir = resolve(dir);

  // Already running?
  const existing = runningDashboards.get(absDir);
  if (existing) {
    const url = `http://localhost:${existing.port}`;
    try { const { default: open } = await import('open'); await open(url); } catch {}
    return ok(`Dashboard already running at ${url}\n\nThe osv-ui dashboard is now open in your browser. Review the vulnerabilities and upgrade guide, then come back and tell me which packages you want to fix.`);
  }

  const assignedPort = port || nextPort++;
  const osvUiBin = findOsvUiBin();

  if (!osvUiBin) {
    return err(
      'osv-ui CLI not found. Install it first:\n\n  npm install -g osv-ui\n\nThen retry open_dashboard.'
    );
  }

  // Spawn osv-ui detached with discovery enabled
  const child = spawn(
    process.execPath,
    [osvUiBin, absDir, `--port=${assignedPort}`, '--no-open'],
    { detached: true, stdio: 'ignore' }
  );
  child.unref();
  runningDashboards.set(absDir, { port: assignedPort, pid: child.pid });

  // Wait for server to be ready
  await waitForPort(assignedPort, 8000);

  const url = `http://localhost:${assignedPort}`;
  • packages/mcp/bin/osv-ui-mcp.js:66-85 (schema)
    The schema definition for the 'open_dashboard' tool, detailing input parameters such as 'path' and 'port'.
      name: 'open_dashboard',
  description:
    'Launch the osv-ui visual dashboard in the browser for human review. ' +
    'This is the HUMAN-IN-THE-LOOP step — always offer this before applying fixes. ' +
    'The dashboard shows full CVE details, severity charts, and the upgrade guide. ' +
    'Returns the dashboard URL. If already running for this path, returns existing URL.',
  inputSchema: {
    type: 'object',
    properties: {
      path: {
        type: 'string',
        description: 'Path to the project directory to display in the dashboard.',
      },
      port: {
        type: 'number',
        description: 'Port to run the dashboard on. Default: auto-assigned starting from 2003.',
      },
    },
  },
},
  • packages/mcp/bin/osv-ui-mcp.js:144-150 (registration)
    The request handler registration where 'open_dashboard' is mapped to the 'handleOpenDashboard' function.
    server.setRequestHandler(CallToolRequestSchema, async (request) => {
  const { name, arguments: args } = request.params;

  try {
    switch (name) {
      case 'scan_project': return await handleScanProject(args);
      case 'open_dashboard': return await handleOpenDashboard(args);
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/toan203/osv-ui'

If you have feedback or need assistance with the MCP directory API, please join our Discord server