osv-ui-mcp 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/Dockerfile +6 -0
  2. package/README.md +15 -2
  3. package/bin/osv-ui-mcp.js +1 -1
  4. package/package.json +2 -2
package/Dockerfile ADDED
@@ -0,0 +1,6 @@
1
+ FROM node:20-alpine
2
+ WORKDIR /app
3
+ COPY package.json ./
4
+ RUN npm install --production
5
+ COPY . .
6
+ ENTRYPOINT ["node", "bin/osv-ui-mcp.js"]
package/README.md CHANGED
@@ -1,8 +1,21 @@
1
1
  # osv-ui-mcp
2
2
 
3
- > MCP server for [osv-ui](https://github.com/toan203/osv-ui) — scan projects for CVEs inside Claude, Cursor, or any MCP client, with **human-in-the-loop UI confirmation** before applying fixes.
3
+ > MCP server for [osv-ui](https://github.com/toan203/osv-ui) — scan projects for CVEs inside Claude Desktop, Cursor, and more.
4
4
 
5
- ## What makes this different
5
+
6
+ ## Why this exists
7
+
8
+ AI Agents (like Claude or Cursor) can write code, but they shouldn't always be trusted to "blindly" fix security vulnerabilities.
9
+
10
+ **osv-ui-mcp** provides a **Human-in-the-loop** workflow:
11
+ 1. The AI scans your project and finds vulnerabilities.
12
+ 2. Instead of just showing text, it **opens a beautiful visual dashboard** in your browser.
13
+ 3. You review the CVEs, severity, and suggested fixes in the UI.
14
+ 4. You tell the AI: *"OK, fix exactly what I saw in the dashboard."*
15
+
16
+ ![Human-in-the-loop Flow](../../docs/mcp/human-in-the-loop.webp)
17
+
18
+ ## Comparison with others
6
19
 
7
20
  | | osv-ui-mcp | StacklokLabs/osv-mcp | others |
8
21
  |---|:---:|:---:|:---:|
package/bin/osv-ui-mcp.js CHANGED
@@ -250,7 +250,7 @@ async function handleOpenDashboard({ path: dir = '.', port }) {
250
250
  // Spawn osv-ui detached with discovery enabled
251
251
  const child = spawn(
252
252
  process.execPath,
253
- [osvUiBin, '-d', absDir, `--port=${assignedPort}`, '--no-open'],
253
+ [osvUiBin, absDir, `--port=${assignedPort}`, '--no-open'],
254
254
  { detached: true, stdio: 'ignore' }
255
255
  );
256
256
  child.unref();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "osv-ui-mcp",
3
- "version": "1.0.4",
3
+ "version": "1.0.6",
4
4
  "description": "MCP server for osv-ui — scan projects for CVEs, open visual dashboard, apply fixes with human confirmation",
5
5
  "type": "module",
6
6
  "bin": {
@@ -20,7 +20,7 @@
20
20
  "dependencies": {
21
21
  "@modelcontextprotocol/sdk": "^1.0.0",
22
22
  "open": "^9.1.0",
23
- "osv-ui": "^1.1.3"
23
+ "osv-ui": "^1.1.5"
24
24
  },
25
25
  "engines": {
26
26
  "node": ">=18.0.0"