Security Intelligence for AI Coding Agents

Name: DepsShield MCP Server
Author: DepsShield

Real-time dependency risk scoring that helps AI assistants like Claude, Cursor, and Cline make secure package decisions automatically.

Get Started View on npm →

Early Access npm ecosystem More coming soon

The Growing Threat

2 hours. 2.6 billion downloads. 10% of cloud environments compromised.

That was September 2025—when attackers hijacked 18 npm packages including chalk and debug. But here's the real problem: 97% of developers now use AI coding assistants that suggest packages at machine speed, with zero security awareness. These tools don't know if a maintainer was just phished, if a package contains malware, or if a critical CVE was published this morning.

36%

of AI-generated code contains security vulnerabilities

Stanford/NYU research

<3 sec

DepsShield response time for security decisions

AI accelerates development. It's also accelerating attacks. Your AI assistant needs a security layer.

The Solution

DepsShield is an MCP server that gives AI coding assistants real-time security intelligence. Before your AI suggests a package, it checks for vulnerabilities, maintenance status, and security signals.

{
  "package": "lodash@4.17.20",
  "riskScore": 156,
  "riskLevel": "HIGH",
  "vulnerabilities": [
    {
      "id": "CVE-2020-8203",
      "severity": "HIGH",
      "title": "Prototype Pollution"
    }
  ],
  "recommendation": "Upgrade to 4.17.21 or use lodash-es"
}

How It Works

Zero installation. Just add to your config and restart.

Add to your config

Claude Desktop Cursor Cline/VS Code

{
  "mcpServers": {
    "depsshield": {
      "command": "npx",
      "args": ["-y", "@depsshield/mcp-server"]
    }
  }
}

Config: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows)

{
  "mcpServers": {
    "depsshield": {
      "command": "npx",
      "args": ["-y", "@depsshield/mcp-server"]
    }
  }
}

Settings → Features → MCP Servers → Add Server

{
  "mcpServers": {
    "depsshield": {
      "command": "npx",
      "args": ["-y", "@depsshield/mcp-server"]
    }
  }
}

VS Code Settings → Cline → MCP Servers

You're protected

Restart your AI tool. DepsShield now checks every package against real-time vulnerability data before your AI suggests it.

What You Get

Vulnerability Detection

Cross-references packages against OSV, GitHub Advisory, and npm audit databases in real-time.

Maintainer Analysis

Flags suspicious maintainer changes, abandoned packages, and typosquatting attempts.

Works Everywhere

Compatible with Claude Desktop, Cursor, Cline, Windsurf, and any MCP-compatible tool.

Sub-3 Second Latency

Built for AI agent speed. Get security decisions before your AI finishes typing.

Coming Soon

Python ecosystem (PyPI)
Java ecosystem (Maven)
Go modules
Enterprise features: SSO, audit logs, custom policies

Get notified when we add your ecosystem