Local supply-chain CVE scanner via OSV/NVD. Scans deps and IDE extensions. No upload.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-devinder1-tridentchain-security": {
"args": [
"-y",
"@tridentchain/security-cli"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Local-first vulnerability scanner for project dependencies, developer tools, and IDE extensions. Uses multi-source intelligence (OSV, NVD, GHSA, Sonatype) with KEV/EPSS prioritization.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@tridentchain/security-cli' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked @tridentchain/security-cli against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for io.github.DevInder1/tridentchain-security and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Local-first vulnerability scanner for project dependencies, developer tools, and IDE extensions.
Uses multi-source intelligence (OSV, NVD, GHSA, Sonatype) with KEV/EPSS prioritization.
No API key required for default usage.
Public repo: https://github.com/DevInder1/supply-chain-scanner-public
pip3 install tridentchain-security
npm install -g @tridentchain/security-cli
tridentchain-security --help
Agents & MCP (Claude, Cursor, VS Code):
pip3 install "tridentchain-security>=0.1.1" tridentchain-mcp
What you can do: docs/CAPABILITIES.md
Full guide: docs/INSTALL_AND_USE.md
Cross-platform (macOS / Linux / Windows): docs/CROSS_PLATFORM.md
(PyPI: tridentchain-security · npm: @tridentchain/security-cli)
tridentchain-security --scan all --project-path . --output-dir scanner-output
from scanner import run_scan
summary = run_scan(
project_path=".",
scan="all",
run_profile="full", # no API key required
output_dir="scanner-output",
)
print(summary["summary"])
| Profile | Description |
|---|---|
full (default) | Project + system + extensions. OSV + NVD without keys. |
quick | Faster project-focused scan. |
offline | Local advisory DB only, no network. |
| Power-user | Add GITHUB_TOKEN, NVD_API_KEY, optional SONATYPE_TOKEN for best coverage. |
No repo clone required if the pip package is installed:
pip3 install tridentchain-security
cd apps/desktop && npm install && npm run start
See apps/desktop/README.md and docs/DISTRIBUTION_VERIFICATION.md.
One install, every agent: pip install "tridentchain-security>=0.1.2" tridentchain-mcp
| Guide | Description |
|---|---|
| Agent integrations | Claude · OpenAI · Cursor · VS Code · Windsurf · Zed · MCP · CLI |
| Capabilities | Everything you can do today |
| Architecture | MCP + unified tools design |
./scripts/setup-agent-mcp.sh cursor # prints setup for your agent
Phase 2 — Claude MCP: pip install tridentchain-mcp · Setup guide · Plugin
Phase 3 — OpenAI + Cursor: examples/openai/ · Cursor setup · .cursor/mcp.json.example
Phase 4 — VS Code (Anthropic MCP): Open repo → MCP ready · [VS Code setup](docs/VSC