hound-mcp 0.1.12 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -1
- package/dist/index.js +1142 -8
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -70,7 +70,15 @@ Add to your MCP config file:
|
|
|
70
70
|
|
|
71
71
|
## Tools
|
|
72
72
|
|
|
73
|
-
Hound registers
|
|
73
|
+
Hound registers 12 tools in your MCP client.
|
|
74
|
+
|
|
75
|
+
### `hound_audit` ⭐
|
|
76
|
+
|
|
77
|
+
Scan a whole project by passing your lockfile content. Parses `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `requirements.txt`, `Cargo.lock`, or `go.sum` and batch-queries OSV for vulnerabilities across all dependencies.
|
|
78
|
+
|
|
79
|
+
```text
|
|
80
|
+
hound_audit(lockfile_name: "package-lock.json", lockfile_content: "<contents>")
|
|
81
|
+
```
|
|
74
82
|
|
|
75
83
|
### `hound_vulns`
|
|
76
84
|
|
|
@@ -88,6 +96,38 @@ Comprehensive package profile — licenses, vulnerabilities, OpenSSF Scorecard,
|
|
|
88
96
|
hound_inspect(name: "lodash", version: "4.17.21", ecosystem: "npm")
|
|
89
97
|
```
|
|
90
98
|
|
|
99
|
+
### `hound_score`
|
|
100
|
+
|
|
101
|
+
Compute a 0–100 Hound Score combining vulnerability severity (40 pts), OpenSSF Scorecard (25 pts), release recency (20 pts), and license risk (15 pts). Returns a letter grade A–F with a full breakdown.
|
|
102
|
+
|
|
103
|
+
```text
|
|
104
|
+
hound_score(name: "express", version: "4.18.2", ecosystem: "npm")
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
### `hound_upgrade`
|
|
108
|
+
|
|
109
|
+
Find the minimum version upgrade that resolves all known vulnerabilities. Checks every published version and returns the nearest safe one.
|
|
110
|
+
|
|
111
|
+
```text
|
|
112
|
+
hound_upgrade(name: "lodash", version: "4.17.20", ecosystem: "npm")
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
### `hound_compare`
|
|
116
|
+
|
|
117
|
+
Side-by-side comparison of two packages across vulnerabilities, OpenSSF Scorecard, GitHub stars, release recency, and license. Returns a recommendation.
|
|
118
|
+
|
|
119
|
+
```text
|
|
120
|
+
hound_compare(package_a: "express", package_b: "fastify", ecosystem: "npm")
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
### `hound_preinstall`
|
|
124
|
+
|
|
125
|
+
Safety check before installing a package. Checks vulnerabilities, typosquatting risk, abandonment, and license. Returns a GO / CAUTION / NO-GO verdict.
|
|
126
|
+
|
|
127
|
+
```text
|
|
128
|
+
hound_preinstall(name: "some-package", version: "1.0.0", ecosystem: "npm")
|
|
129
|
+
```
|
|
130
|
+
|
|
91
131
|
### `hound_tree`
|
|
92
132
|
|
|
93
133
|
Full resolved dependency tree including all transitive dependencies, with depth and relation type.
|
|
@@ -113,6 +153,16 @@ Generates likely typo variants of a package name and checks which ones exist in
|
|
|
113
153
|
hound_typosquat(name: "lodash", ecosystem: "npm")
|
|
114
154
|
```
|
|
115
155
|
|
|
156
|
+
### `hound_license_check`
|
|
157
|
+
|
|
158
|
+
Scan a lockfile for license compliance. Resolves licenses for all dependencies and flags packages that violate the chosen policy.
|
|
159
|
+
|
|
160
|
+
```text
|
|
161
|
+
hound_license_check(lockfile_name: "package-lock.json", lockfile_content: "<contents>", policy: "permissive")
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
Policies: `permissive` (MIT/Apache/BSD only), `copyleft` (allows GPL but not AGPL), `none` (report only).
|
|
165
|
+
|
|
116
166
|
### `hound_popular`
|
|
117
167
|
|
|
118
168
|
Scan a list of popular (or user-specified) packages for known vulnerabilities. Great for a quick ecosystem health check.
|