Is Plugin Kit safe to use?

Plugin Kit has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Plugin Kit?

Plugin Kit supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

Is Plugin Kit actively maintained?

Plugin Kit is actively maintained — last commit was 0 days ago. It has 330 GitHub stars.

Plugin Kit

Utilities for building ESLint plugins.

ActiveNot tested

Developer Tools

★ 330↓ 69567.9k/wknpm GitHub

55CNo CVEsactive

Quick Install

{
  "mcpServers": {
    "plugin-kit": {
      "args": [
        "-y",
        "@eslint/plugin-kit"
      ],
      "command": "npx"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/plugin-kit)](https://mcppedia.org/s/plugin-kit)

Should you use this server?

This repository is the home of the following packages:

✓

Is it safe?

No known CVEs for @eslint/plugin-kit. 2 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 0 days ago. 330 stars. 69,567,892 weekly downloads.

Will it work with my client?

Transport: sse, http. Compatibility not confirmed.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@eslint/plugin-kit' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

55C

Last scored 2h ago

How we score →

Security

20/30

No open vulnerabilities. 2 fixed CVEs.

✓

Known CVEs — No known CVEs for @eslint/plugin-kitcheck OSV.dev

○

Tool safety

Advisories (0 open, 2 fixed)

mediumCVSS 4GHSA-xffm-g5w8-qvg7Fixed

@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

### Summary The `ConfigCommentParser#parseJSONLikeConfig` API is vulnerable to a Regular Expression Denial of Service (ReDoS) attack in its only argument. ### Details The regular expression at [packages/plugin-kit/src/config-comment-parser.js:158](https://github.com/eslint/rewrite/blob/bd4bf23c59f0e4886df671cdebd5abaeb1e0d916/packages/plugin-kit/src/config-comment-parser.js#L158) is vulnerable to a quadratic runtime attack because the grouped expression is not anchored. This can be solved by

Affected: >= 0Fixed in 0.3.4Published Jul 18, 2025source \u2192

lowCVSS 3.1CVE-2024-21539Fixed

Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

Crafting a very large and well crafted string can increase the CPU usage and crash the program. ## POC ```js const { ConfigCommentParser } = require("@eslint/plugin-kit"); var str = ""; for (var i = 0; i < 1000000; i++) { str += " "; } str += "A"; console.log("start") var parser = new ConfigCommentParser(); console.log(parser.parseStringConfig(str, "")); console.log("end") // run `npm i @eslint/plugin-kit` and `node attack.js` // then the program will stuck forever with high CPU usage ``

Affected: >= 0Fixed in 0.2.3Published Nov 15, 2024source \u2192

Frequently Asked Questions

Is Plugin Kit safe to use?: Plugin Kit has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Plugin Kit?: Plugin Kit supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
Is Plugin Kit actively maintained?: Plugin Kit is actively maintained — last commit was 0 days ago. It has 330 GitHub stars.

Plugin Kit

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Advisories (0 open, 2 fixed)

Reviews

Frequently Asked Questions

Similar servers

XcodeBuildMCP

Gemini Cli

Nitrostack

Jcodemunch Mcp

Discussion