Release validation CLI for MCP servers
No malicious attack surface is confirmed. The CLI validates a user-selected MCP HTTP endpoint or user-supplied stdio command; it does not run at install time or contact a fixed external host.
Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
dist/index.jsView on unpkg · L34906A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgSource reaches cloud instance metadata or link-local credential endpoints.
dist/index.jsView on unpkg · L39Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L5942Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.
dist/index.jsView on unpkg · L34906A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgSource reaches cloud instance metadata or link-local credential endpoints.
dist/index.jsView on unpkg · L39Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L5942