64
grade C
10 days ago
glama
Depfender MCP Server
Enables users to scan software packages for data exfiltration and security threats directly within their IDE across npm, PyPI, Cargo, and Maven ecosystems. This tool helps ensure the safety of project dependencies by identifying potential risks before they are integrated.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
✅
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
✅
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 2 credentials: DEPFENDER_API_KEY, HONEYCOMB_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.🔐 secret
DEPFENDER_API_KEY— Yes Backend API secret (x-internal-secret value)config
DEPFENDER_API_URL— Yes Backend API URL (e.g., http://localhost:3000)🔐 secret
HONEYCOMB_API_KEYconfig
OTEL_ENABLEDconfig
OTEL_EXPORTER_OTLP_ENDPOINT// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/depfenderdev-mcp-u43rr9)commit: a8a1d59c2203bc98b4b371a2a2fff2d977e3b9b9
code hash: edf2c92fa0d2b21bef749495a17461c18467851bae939f48b727dc042697b7ca
verified: 4/11/2026, 2:56:43 PM