registry  /  react-docs-mcp  /  1.1.0

react-docs-mcp@1.1.0

MCP server providing AI agents with semantic search over React documentation

AI Security Review

scanned 2d ago · by lpm-firewall-ai

The package is not confirmed malicious, but its postinstall hook starts the MCP server path and can clone the React docs repository during installation. This is package-aligned but should not occur from a version-check lifecycle hook.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
Unexpected install-time network access and cache writes; no confirmed credential theft or persistence.
Mechanism
install-time server startup and git clone
Attack narrative
On install, package.json runs dist/index.js with --version. The entrypoint does not handle that flag; it configures the React docs preset and starts the MCP server, whose initialization clones the official React docs repo into a user cache directory if absent. No source evidence shows credential collection, exfiltration, destructive behavior, or AI-agent control-surface mutation.
Rationale
Static source inspection shows an install-time lifecycle misbehavior with package-aligned network/cache activity, but not a concrete malicious payload. Warn rather than block so consumers are aware of unexpected postinstall execution.
Evidence
package.jsondist/index.jsdist/server.jsdist/docsManager.jsdist/config.jsdist/embeddingService.jsdist/presets/reactDocs.jsREADME.md~/.cache/react-docs-mcp/react-dev-repo
Network endpoints3
github.com/reactjs/react.dev.gitreact.devXenova/all-MiniLM-L6-v2

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node dist/index.js --version
  • dist/index.js ignores --version and starts createServer()
  • dist/server.js calls docsManager.initialize() before stdio server startup
  • dist/docsManager.js clones https://github.com/reactjs/react.dev.git to cache when missing
Evidence against
  • No credential, env, or home-directory harvesting found
  • No exfiltration endpoints beyond package-aligned GitHub/react docs URLs
  • Network use is for React docs git clone and local embedding model download
  • No eval/vm/Function or dynamic require/import found
  • No destructive filesystem operations found
  • MCP tools are documentation search, get_doc, list_sections, update_docs
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 42.4 KB of source, external domains: github.com, react.dev, reactnative.dev

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node dist/index.js --version || echo 'Run: npx react-docs-mcp'
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node dist/index.js --version || echo 'Run: npx react-docs-mcp'
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings