vet-mcp Server

What

The vet MCP server helps MCP clients (Claude Code, Cursor, VS Code) vet open source packages, protecting against slopsquatting attacks, malicious packages, vulnerabilities, and other security risks. Supports npm and PyPI ecosystems.

How

Start Server

• SSE Transport: vet server mcp --server-type sse
• Stdio Transport: vet -l /tmp/vet-mcp.log server mcp --server-type stdio (Avoid stdout logging to prevent interference)

Configure Clients

Cursor

Add to .cursor/mcp.json or ~/.cursor/mcp.json:

{
  "mcpServers": {
    "vet-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "ghcr.io/safedep/vet:latest", "-l", "/tmp/vet-mcp.log", "server", "mcp"]
    }
  }
}

Visual Studio Code

Add to .vscode/mcp.json or User Settings settings.json:

{
  "mcp": {
    "servers": {
      "vet-mcp": {
        "command": "docker",
        "args": ["run", "--rm", "-i", "ghcr.io/safedep/vet:latest", "-l", "/tmp/vet-mcp.log", "server", "mcp"]
      }
    }
  }
}

Claude Code

Add to .mcp.json:

{
  "mcpServers": {
    "vet-mcp": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "ghcr.io/safedep/vet:latest", "server", "mcp"]
    }
  }
}

Notes

• Docker containers need periodic updates to the latest version.
• Can use vet binary directly with stdio transport: vet -l /tmp/vet-mcp.log server mcp --server-type stdio