nielspeter/sonarlint-mcp-server

MCP server providing SonarLint code analysis for Claude Desktop and other MCP clients

→ nielspeter/sonarlint-mcp-server· npm: @nielspeter/sonarlint-mcp-server· listed on npm

Install from

npm

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 3 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

⚠️

Tests do not pass

Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/nielspeter-sonarlint-mcp-server-kxx7by)](https://m8ven.ai/mcp/nielspeter-sonarlint-mcp-server-kxx7by)

commit: 1696132f7ca6fb4ecb2da3b780cb3859750001fb

code hash: dcb467ed866a6839c3c0f9a6b120965f072528b0a7c312960f9004b873a7a196

verified: 4/18/2026, 4:18:38 PM

view raw JSON →