@jrooig/mcpshield 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +7 -0
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -349,6 +349,13 @@ async function main() {
349
349
  // stdin/stdout piped (the protocol channel we intercept); stderr inherited
350
350
  // so the target server's own diagnostics stay visible on our stderr.
351
351
  stdio: ['pipe', 'pipe', 'inherit'],
352
+ // Windows: MCP servers are usually launched via npx/npm, which are .cmd shims
353
+ // that Node's spawn cannot exec directly (ENOENT) — without a shell the proxy
354
+ // fails to start any npx-based target on Windows ("Server disconnected"). The
355
+ // command/args come from the trusted client config, so there's no injection
356
+ // surface. (Args with spaces on Windows are a known shell edge; acceptable for
357
+ // the common npx/node/uvx cases.)
358
+ shell: process.platform === 'win32',
352
359
  });
353
360
  child.on('error', (err) => {
354
361
  fail(`failed to spawn target server "${options.targetCommand}": ${err.message}`);
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@jrooig/mcpshield",
3
3
  "publishConfig": { "access": "public" },
4
- "version": "0.1.0",
4
+ "version": "0.1.1",
5
5
  "description": "Zero-trust security proxy and runtime firewall for MCP agents. Intercepts JSON-RPC 2.0 over stdio between MCP clients and servers.",
6
6
  "type": "module",
7
7
  "main": "dist/index.js",