Step 1
Install in your client
Config is the same across clients — only the file and path differ.
CD
Supported in Claude Desktopstdio, sse · Node 18+
Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"vite": {
"args": [
"-y",
"vite"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/vite)
Read me
What Vite does
Vite (French word for "quick", pronounced /viːt/, like "veet") is a build tool that aims to provide a faster and leaner development experience for modern web projects. It consists of two major parts:
Test This Server
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'vite' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Scored, not listed
Why this score
Five weighted categories — click any category to see the underlying evidence.
Score breakdown
62/100across 5 weighted dimensions
0255075100
20
20
12
10
−38
Security
Maintenance
Efficiency
Documentation
Compatibility
Categoriesclick a row to see evidence
Security
OSV.dev21 fixed
GHSA-4w7w-66w2-5vf9medium · fixedCVSS 4
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
### Summary Any files ending with `.map` even out side the project can be returned to the browser. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - have a sensitive content in files ending with `.map` and the path is predictable ### Details In Vite v7.3.1, the dev server’s handling of `.map` requests for
CVE-2026-39365medium · fixedCVSS 4
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
### Summary Any files ending with `.map` even out side the project can be returned to the browser. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - have a sensitive content in files ending with `.map` and the path is predictable ### Details In Vite v7.3.1, the dev server’s handling of `.map` requests for
CVE-2026-39364medium · fixedCVSS 4
Vite: `server.fs.deny` bypassed with queries
### Summary The contents of files that are specified by [`server.fs.deny`](https://vite.dev/config/server-options#server-fs-deny) can be returned to the browser. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - the sensitive file exists in the allowed directories specified by [`server.fs.allow`](https://vi
GHSA-v2wj-q39q-566rmedium · fixedCVSS 4
Vite: `server.fs.deny` bypassed with queries
### Summary The contents of files that are specified by [`server.fs.deny`](https://vite.dev/config/server-options#server-fs-deny) can be returned to the browser. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - the sensitive file exists in the allowed directories specified by [`server.fs.allow`](https://vi
CVE-2026-39363medium · fixedCVSS 4
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket
### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-strict) check was not enforced to the `fetchModule` method that is exposed in Vite dev server's WebSocket. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - WebSocket is not disabled by `server.ws: false` Arbitrary files on the ser
Community
Reviews
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is Vite safe to use?
- Vite has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
- How do I install Vite?
- Vite supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What AI clients work with Vite?
- Vite is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
- Is Vite actively maintained?
- Vite is actively maintained — last commit was 0 days ago. It has 80,988 GitHub stars.
Related
Similar servers
Others in developer-tools
X
XcodeBuildMCP97XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
5.8k 1
XcodeBuildMCP97A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
5.8k 2
G
Mcp Gitlab96MCP server for using the GitLab API
1.6k 12
Figma Console Mcp96MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode
1.8k 2
MCP Security Weekly
Get CVE alerts and security updates for Vite and similar servers.
Community
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.