@jrooig/mcpshield 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +7 -0
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -349,6 +349,13 @@ async function main() {
|
|
|
349
349
|
// stdin/stdout piped (the protocol channel we intercept); stderr inherited
|
|
350
350
|
// so the target server's own diagnostics stay visible on our stderr.
|
|
351
351
|
stdio: ['pipe', 'pipe', 'inherit'],
|
|
352
|
+
// Windows: MCP servers are usually launched via npx/npm, which are .cmd shims
|
|
353
|
+
// that Node's spawn cannot exec directly (ENOENT) — without a shell the proxy
|
|
354
|
+
// fails to start any npx-based target on Windows ("Server disconnected"). The
|
|
355
|
+
// command/args come from the trusted client config, so there's no injection
|
|
356
|
+
// surface. (Args with spaces on Windows are a known shell edge; acceptable for
|
|
357
|
+
// the common npx/node/uvx cases.)
|
|
358
|
+
shell: process.platform === 'win32',
|
|
352
359
|
});
|
|
353
360
|
child.on('error', (err) => {
|
|
354
361
|
fail(`failed to spawn target server "${options.targetCommand}": ${err.message}`);
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@jrooig/mcpshield",
|
|
3
3
|
"publishConfig": { "access": "public" },
|
|
4
|
-
"version": "0.1.
|
|
4
|
+
"version": "0.1.1",
|
|
5
5
|
"description": "Zero-trust security proxy and runtime firewall for MCP agents. Intercepts JSON-RPC 2.0 over stdio between MCP clients and servers.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "dist/index.js",
|