Live npm/PyPI dependency-health verdicts so AI agents stop recommending stale or CVE'd packages
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"freshdeps": {
"args": [
"-y",
"freshdeps-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
MCP server exposing live npm / PyPI dependency-health verdicts so AI coding agents can check a package before recommending it — closing the 6–18 month staleness gap in model training data.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'FRESHDEPS_API_BASE' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked FRESHDEPS_API_BASE against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml
Persistent memory using a knowledge graph
Dynamic problem-solving through sequential thought chains
An autonomous agent that conducts deep research on any data using any LLM providers
🌊 The leading agent orchestration platform for Claude. Deploy intelligent multi-agent swarms, coordinate autonomous workflows, and build conversational AI systems. Features enterprise-grade architecture, distributed swarm intelligence, RAG integration, and native Claude Code / Codex Integration
MCP Security Weekly
Get CVE alerts and security updates for io.github.SolvoHQ/freshdeps-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
MCP server exposing live npm / PyPI dependency-health verdicts so AI coding agents can check a package before recommending it — closing the 6–18 month staleness gap in model training data.
check_dependency_freshness| Input | Type |
|---|---|
ecosystem | "npm" | "pypi" |
package | string |
Returns a concise human-readable summary and structured content:
maintenance signal (active/slowing/stale/abandoned/unknown),
latest version, last release/commit age, deprecation/yank/archived flags,
known CVE count (OSV), and a hand-verified alternative if the package is
dead.
It calls ${FRESHDEPS_API_BASE}/api/verdict (default
https://freshdeps.vercel.app).
Once published:
{
"mcpServers": {
"freshdeps": { "command": "npx", "args": ["-y", "freshdeps-mcp"] }
}
}
From this repo (before publish):
{
"mcpServers": {
"freshdeps": {
"command": "node",
"args": ["/absolute/path/to/code/mcp/server.js"]
}
}
}
npm install
FRESHDEPS_API_BASE=http://localhost:3100 node server.js
The server speaks JSON-RPC over stdio (StdioServerTransport).
| Var | Purpose |
|---|---|
FRESHDEPS_API_BASE | backend base URL (default prod) |
GOATCOUNTER_CODE | optional fire-and-forget usage analytics |