Depfender MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add -e "DEPFENDER_API_URL=${DEPFENDER_API_URL}" -e "DEPFENDER_API_KEY=${DEPFENDER_API_KEY}" depfender -- npx @depfenderdev/mcp
Required:DEPFENDER_API_URLDEPFENDER_API_KEY
README.md

Scan packages for data exfiltration and security threats from your IDE.

@depfenderdev/mcp

MCP server for Depfender — scan packages for data exfiltration and security threats directly from your IDE.

Installation

Cursor

Add to your Cursor MCP settings:

{
  "mcpServers": {
    "depfender": {
      "command": "npx",
      "args": ["@depfenderdev/mcp"]
    }
  }
}

Claude Code

claude mcp add depfender -- npx @depfenderdev/mcp

VS Code

Add to your VS Code MCP settings (.vscode/mcp.json):

{
  "mcpServers": {
    "depfender": {
      "command": "npx",
      "args": ["@depfenderdev/mcp"]
    }
  }
}

Tools

`scan_package`

Scans a package for data exfiltration and security threats.

Parameters:

  • package (required) — package name (e.g., lodash)
  • version (optional) — version to scan (defaults to latest)
  • ecosystem (optional) — package ecosystem: npm, pypi, cargo, maven (default: npm)

Development

Setup

npm install
npm run build

Environment Variables

Variable Required Description
DEPFENDER_API_URL Yes Backend API URL (e.g., http://localhost:3000)
DEPFENDER_API_KEY Yes Backend API secret (x-internal-secret value)

Local IDE Configuration

Add to your MCP settings (e.g., Claude Desktop claude_desktop_config.json):

{
  "mcpServers": {
    "depfender": {
      "command": "node",
      "args": ["/path/to/mcp/dist/index.js"],
      "env": {
        "DEPFENDER_API_URL": "http://localhost:3000",
        "DEPFENDER_API_KEY": "your-api-secret"
      }
    }
  }
}

Testing

npm test                    # Run all tests
npm run test:watch          # Watch mode

E2E tests require DEPFENDER_API_KEY and a running backend:

DEPFENDER_API_KEY=your-secret DEPFENDER_API_URL=http://localhost:3000 npm test

Scripts

npm run dev                 # Run with tsx (no build needed)
npm run build               # Compile TypeScript

Community

License

MIT

Tools (1)

scan_packageScans a package for data exfiltration and security threats.

Environment Variables

DEPFENDER_API_URLrequiredBackend API URL
DEPFENDER_API_KEYrequiredBackend API secret

Configuration

claude_desktop_config.json
{
  "mcpServers": {
    "depfender": {
      "command": "npx",
      "args": ["@depfenderdev/mcp"],
      "env": {
        "DEPFENDER_API_URL": "http://localhost:3000",
        "DEPFENDER_API_KEY": "your-api-secret"
      }
    }
  }
}

Try it

Scan the lodash package for any known security threats.
Check the latest version of the requests library on PyPI for data exfiltration risks.
Perform a security scan on the tokio crate from Cargo.
Scan the maven package org.springframework:spring-core for vulnerabilities.

Frequently Asked Questions

What are the key features of Depfender?

Scans software packages for data exfiltration risks. Identifies security threats in project dependencies. Supports npm, PyPI, Cargo, and Maven ecosystems. Integrates directly into IDE workflows via MCP.

What can I use Depfender for?

Vetting new third-party dependencies before adding them to a project. Auditing existing project dependencies for hidden security vulnerabilities. Ensuring compliance with security policies by scanning packages during development. Automating security checks for multi-language projects within a single IDE.

How do I install Depfender?

Install Depfender by running: Add to Cursor MCP settings

What MCP clients work with Depfender?

Depfender works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Depfender docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all monitoring servers →

Related MCP Servers

Skylos
Find dead code, secrets, and exploitable flows in Python, TypeScript, and Go.
monitoring344 stars
Linux MCP Server
Read-only Linux system administration and diagnostics on RHEL-based systems.
monitoring189 stars
Charles MCP Server
Integrates Charles Proxy with MCP clients for real-time network traffic analysis
monitoring118 stars
HomeButler
All-in-one homelab management MCP server.
monitoring64 stars
Wireshark MCP
Give your AI assistant a packet analyzer.
monitoring55 stars
RenderDoc MCP
Analyze GPU frame captures for graphics debugging and performance analysis.
monitoring42 stars