Question 1

What is the deptrust MCP server?

Accepted Answer

deptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more. It runs locally as a CLI and as an MCP server. It calls public package registry and OSV APIs directly; there is no hosted deptrust service to trust or configure.

Question 2

How do I connect to deptrust?

Accepted Answer

Add deptrust to your MCP client configuration to expose its tools to your AI agent. See the repository linked on this page for setup details.

Question 3

Does deptrust require authentication?

Accepted Answer

deptrust does not require authentication ("none").

deptrust

Details

FAQ