Supply chain risk scoring for npm, PyPI, and GitHub repos
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard
Hono: Path traversal in toSSG() allows writing files outside the output directory
Hono missing validation of cookie name on write path in setCookie()
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
Hono: Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection
process.env. You'll be asked to provide them before it can run.BACKEND_URLCLOUDFLARE_ACCOUNT_IDCLOUDFLARE_EMAILCLOUDFLARE_GLOBAL_API_KEYCOMMIT_API_KEY— A CLI audit with set → 200 + results v1.20.0: missing Authorization header → 0 paid conversionsCOMMIT_API_URLDB_PATHDEPLOY_FORCEDEPLOY_FORCE_STALEGITHUB_ACTIONSGITHUB_REF_NAMENO_COLORPORTPRERELEASEREFREPO_SUFFIXTARGET_COMMITTRIGGERING_ACTOR[](https://m8ven.ai/mcp/piiiico-proof-of-commitment-ydj3zy)