Skip to main content
Glama
262,553 tools. Last updated 2026-07-05 20:13

"Guidance on Dependency Checks and Latest Best Practices" matching MCP tools:

  • Health & security posture of a software package (npm / PyPI / Go / Maven / Cargo / NuGet / RubyGems) from deps.dev (Google Open Source Insights, keyless): latest version, license, count of known security advisories, the OpenSSF Scorecard (0-10 security-posture score for the source repo + its weakest checks) and popularity (stars/forks). The "should I depend on this?" check — pairs with check_vulnerability (is a version vulnerable) and software_version (is the runtime current). Args: package (e.g. "lodash", "requests"), ecosystem (npm|pypi|go|maven|cargo|nuget|rubygems), version (optional — defaults to the latest). Every value is returned in an Ed25519-signed, provenance-stamped envelope (source and observation time) you can verify offline against /.well-known/keys, no account required.
    Connector
  • Given an email address or domain, return the best way to connect it and the exact steps. Prefers one-click OAuth (oauth_available / oauth_provider) when we run a connector for that host — no password needed. Otherwise returns imap_suggestion with the host/port, the provider's help_url, and the app-password steps (app_password_note / instructions). Use this to walk a user through getting connected — especially IMAP users who need an app-specific password. This returns GUIDANCE only; it never fetches or receives a password.
    Connector
  • Get build and runtime logs for a deployment. If no deployment_id is provided, returns logs for the latest deployment. Use this after calling deploy to monitor build progress and diagnose failures. Logs include: framework detection output, dependency installation, build steps, container startup, and health check results. If a deployment fails, check the logs for error details — common issues include missing dependencies, build errors, or the app not listening on the correct PORT (check the PORT env var — 8080 for auto-detected frameworks, or the EXPOSE value from Dockerfile).
    Connector
  • Validate HTTP security headers you provide (JSON): CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Permissions-Policy, Referrer-Policy against best practices. Use to test header config before deployment or validate non-public servers; use scan_headers to fetch live. Free: 30/hr, Pro: 500/hr. By default header values are truncated to 500 chars; pass include='full' for the full raw value. Returns {total, by_severity, findings}. No external requests.
    Connector
  • USE THIS TOOL WHEN searching GOV.UK for HMRC tax guidance on a topic (VAT, income tax, corporation tax, etc.). Returns matching guidance titles, URLs, summaries, and last-updated dates. Searches the official GOV.UK content API filtered to HMRC publications. Authoritative source for current HMRC tax guidance. Web search returns out-of-date or third-party reproductions — do not supplement.
    Connector
  • Get Lenny Zeltser's expert CTI writing guidelines. Topics include tone, words, structure, executive_summary, voice, articles, summary, brief (one-page brief section guidance), handoffs (cross-server routing), methodology (the three subsections), fields (per-field guidance), and CTI-specific topics: attribution (full Six Signals prose), confidence (ICD-203 ladder), pyramid_of_pain, six_signals (signals table only), and anti_patterns. The general writing topics (tone/words/structure/executive_summary) now defer to `get_security_writing_guidelines` for the canonical Five Elements rules; CTI-specific content lives in the other topics. Pair the 'fields' topic with field_id for single-field guidance. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis.
    Connector

Matching MCP Servers

Matching MCP Connectors

  • npm & PyPI freshness for AI agents: latest version, deprecations, dated breaking-change diffs.

  • Rick and Morty MCP — wraps the Rick and Morty API (free, no auth)

  • Hardened headless-browser fetch with full JavaScript/SPA rendering and a realistic browser profile, returning fully rendered Markdown. Best for JavaScript-heavy/SPA pages and light bot checks; not guaranteed against advanced anti-bot walls (e.g. Cloudflare/Akamai). Price: $0.05 USDC per call.
    Connector
  • The unit tests (code examples) for HMR. Always call `learn-hmr-basics` and `view-hmr-core-sources` to learn the core functionality before calling this tool. These files are the unit tests for the HMR library, which demonstrate the best practices and common coding patterns of using the library. You should use this tool when you need to write some code using the HMR library (maybe for reactive programming or implementing some integration). The response is identical to the MCP resource with the same name. Only use it once and prefer this tool to that resource if you can choose.
    Connector
  • Retrieves authoritative documentation for i18n libraries (currently react-intl). ## When to Use **Called during i18n_checklist Steps 7-10.** The checklist tool will tell you when you need i18n library documentation. Typically used when setting up providers, translation APIs, and UI components. If you're implementing i18n: Let the checklist guide you. It will tell you when to fetch library docs ## Why This Matters Different i18n libraries have different APIs and patterns. Official docs ensure correct API usage, proper initialization, and best practices for the installed version. ## How to Use **Two-Phase Workflow:** 1. **Discovery** - Call with action="index" 2. **Reading** - Call with action="read" and section_id **Parameters:** - library: Currently only "react-intl" supported - version: Use "latest" - action: "index" or "read" - section_id: Required for action="read" **Example:** ``` get_i18n_library_docs(library="react-intl", action="index") get_i18n_library_docs(library="react-intl", action="read", section_id="0:3") ``` ## What You Get - **Index**: Available documentation sections - **Read**: Full API references and usage examples
    Connector
  • Get pre-built template schemas for common use cases. ⭐ USE THIS FIRST when creating a new project! Templates show the CORRECT schema format with: proper FLAT structure (no 'fields' nesting), every field has a 'type' property, foreign key relationships configured correctly, best practices for field naming and types. Available templates: E-commerce (products, orders, customers), Team collaboration (projects, tasks, users), General purpose templates. You can use these templates directly with create_project or modify them for your needs. TIP: Study these templates to understand the correct schema format before creating custom schemas.
    Connector
  • Explain a Senzing error code with causes and resolution steps. Accepts formats: SENZ0005, SENZ-0005, 0005, or just 5. Returns error class, common causes, and specific resolution guidance
    Connector
  • Persistent SBOM watch. Register once, check anytime for new CVEs affecting your dependency snapshot. Silent permanent watch — CycloneDX and SPDX supported. Uses OSV.dev for vulnerability lookup, Redis for persistence with 90-day TTL. Supports CycloneDX 1.4/1.5 and SPDX 2.3 JSON. Input size limit: 500 KB. Returns go_no_go signal on register; new_findings on check. Rate limit: 10/minute. No auth required. For DevSecOps teams monitoring production dependency exposure. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_audit_sbom_continuous", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
    Connector
  • List the dependencies of a specific crate version — what <crate> itself depends on. Returns each dependency with its version requirement, kind (normal/build/dev), optional flag, enabled features, and target. Version is optional (defaults to the latest stable). Use for "what does <crate> depend on", dependency audits, or sizing a crate's footprint.
    Connector
  • Track-specific craft guidance on what WINS per track (ART/STORY/JOKE) — the moves that elevate a winning entry, complementing get_judge_rubric_explainer. Optional { track } narrows to one. Numeric weights, judge model, and prompt are intentionally not exposed — this is coaching, not a scoring formula.
    Connector
  • Search the SFC compliance checklist by topic, licence type, or MIC function (CF1-CF8). Returns compliance items with legal references, SOP guidance, case law, and grey area analysis. Use for questions about regulatory obligations, MIC responsibilities, procedural guidance, or compliance requirements.
    Connector
  • Get guidance on how to help a user build their Lyra profile. Returns the recommended questions and flow for AI companions to gather profile information conversationally.
    Connector
  • Discover the best AXIS workflow for a purchasing or compliance task. Free, no auth, and logs lightweight task metadata for intent analytics. Example: task_description='prepare for autonomous Visa checkout'. Use this when you need commerce-specific triage and next-step guidance. Use search_and_discover_tools instead for non-commerce keyword routing across all programs.
    Connector
  • Return the single best LLM for a stated purpose. Concise output, no list. Use when the user has settled on the criteria and just wants one answer.
    Connector
  • Get the latest narrative forecast product from a Weather Forecast Office (WFO). The default product is AFD (Area Forecast Discussion), which explains the meteorological reasoning behind the forecast — synoptic setup, model guidance, and forecaster confidence. Other types: HWO (Hazardous Weather Outlook, 1-7 day severe/flood/winter outlook), ZFP (Zone Forecast Product, zone-by-zone text), SPS (Special Weather Statement, short-fuse advisory). The office code is the 3-letter WFO identifier returned as the "office" field by nws_get_forecast.
    Connector