npm - trace-mcp - Versions diffs - 1.21.2 → 1.22.0 - Mend

trace-mcp 1.21.2 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE CHANGED Viewed

@@ -1,137 +1,21 @@
-Elastic License 2.0 + Ethical Use Addendum
-Copyright 2026 Nikolai Vysotskyi
-URL: https://www.elastic.co/licensing/elastic-license
-## Acceptance
-By using the software, you agree to all of the terms and conditions below.
-## Copyright License
-The licensor grants you a non-exclusive, royalty-free, worldwide,
-non-sublicensable, non-transferable license to use, copy, distribute, make
-available, and prepare derivative works of the software, in each case subject
-to the limitations and conditions below.
-## Limitations
-You may not provide the software to third parties as a hosted or managed
-service, where the service provides users with access to any substantial set
-of the features or functionality of the software.
-You may not alter, remove, or obscure any licensing, copyright, or other
-notices of the licensor in the software. Any use of the licensor's trademarks
-is subject to applicable law.
-## Ethical Use Restrictions
-In addition to the limitations above, you may NOT use, deploy, integrate, or
-incorporate this software (in whole or in part, directly or indirectly) in any
-of the following contexts:
-### 1. Military and Warfare
-(a) Military operations, including but not limited to combat planning,
-    logistics of armed conflict, targeting, and battlefield management.
-(b) Development, production, testing, maintenance, or deployment of weapons,
-    weapons systems, munitions, or military-grade equipment.
-(c) Military intelligence gathering or military reconnaissance.
-### 2. Violence and Harm
-(a) Any project, product, or service whose purpose or foreseeable effect is to
-    facilitate, promote, or cause physical violence against individuals or
-    groups.
-(b) Development or operation of autonomous systems designed to cause physical
-    harm to persons.
-### 3. Surveillance
-(a) Mass surveillance of populations, including but not limited to: collection,
-    aggregation, or analysis of personal data of individuals without their
-    informed, voluntary consent and without lawful authority.
-(b) Social scoring systems that rank, classify, or restrict individuals' rights
-    or access to services based on aggregated behavioral data.
-(c) Facial recognition or biometric identification systems used for tracking
-    individuals without their explicit consent.
-### 4. Discrimination and Oppression
-(a) Any use that facilitates discrimination, oppression, or persecution of
-    individuals or groups based on race, ethnicity, national origin, religion,
-    gender, sexual orientation, disability, or political opinion.
-(b) Any use in systems designed to suppress freedom of expression, freedom of
-    assembly, or freedom of the press.
-## Ethical Restrictions Apply to Derivative Works
-Any derivative work based on this software, in whole or in part, must retain
-and be subject to the Ethical Use Restrictions set forth above. You may not
-re-license, sublicense, or otherwise distribute derivative works under terms
-that remove, weaken, or circumvent these restrictions.
-## Clarifications
-- Use by civilian government agencies for non-military, non-surveillance
-  purposes (e.g., healthcare, education, public infrastructure) is permitted.
-- Use by medical or humanitarian organizations, including those operating in
-  conflict zones for the purpose of saving lives, is permitted.
-- Security research, defensive cybersecurity, and lawful penetration testing
-  are permitted.
-- Standard business analytics and application monitoring that process only
-  aggregated, anonymized data are not considered surveillance.
-- Law enforcement use is permitted only where it does not conflict with the
-  Ethical Use Restrictions above.
-## Notices
-You must ensure that anyone who gets a copy of any part of the software from
-you also gets a copy of these terms.
-If you modify the software, you must include in any modified copies of the
-software prominent notices stating that you have modified the software.
-## No Other Rights
-These terms do not imply any licenses other than those expressly granted in
-these terms.
-## Termination
-If you use the software in violation of these terms, such use is not licensed,
-and your licenses will automatically terminate. If the licensor provides you
-with a notice of your violation, and you cease all violation of these terms no
-later than 30 days after you receive that notice, your licenses will be
-reinstated retroactively. However, if you violate these terms after such
-reinstatement, any additional violation of these terms will cause your licenses
-to terminate automatically and permanently.
-## No Liability
-As far as the law allows, the software comes as is, without any warranty or
-condition, and the licensor will not be liable to you for any damages arising
-out of these terms or the use or nature of the software, under any kind of
-legal claim.
-## Definitions
-The **licensor** is the entity offering these terms, and the **software** is
-the software the licensor makes available under these terms, including any
-portion of it.
-**you** refers to the individual or entity agreeing to these terms, including
-any legal entity, sole proprietorship, or other organization that you work for,
-plus all organizations that have control over, are under the control of, or are
-under common control with that organization. **control** means ownership of
-substantially all the assets of an entity, or the power to direct its
-management and policies by vote, contract, or otherwise. Control can be direct
-or indirect.
-**your licenses** are all the licenses granted to you for the software under
-these terms.
-**use** means anything you do with the software requiring one of your licenses.
-**trademark** means trademarks, service marks, and similar rights.
+MIT License
+Copyright (c) 2026 Nikolai Vysotskyi
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -4,6 +4,13 @@
 <h1 align="center">trace-mcp</h1>
+<p align="center">
+  <a href="https://glama.ai/mcp/servers/nikolai-vysotskyi/trace-mcp"><img src="https://glama.ai/mcp/servers/nikolai-vysotskyi/trace-mcp/badges/score.svg" alt="Glama score" /></a>
+  <a href="https://www.npmjs.com/package/trace-mcp"><img src="https://img.shields.io/npm/v/trace-mcp" alt="npm version" /></a>
+  <img src="https://img.shields.io/node/v/trace-mcp" alt="Node.js version" />
+  <a href="LICENSE"><img src="https://img.shields.io/badge/license-MIT-blue" alt="License" /></a>
+</p>
 <p align="center">
   <strong>Framework-aware code intelligence MCP server — 14 frameworks, 7 ORMs, 12 UI libraries, 20+ other integrations (53 total) across 68 languages. Up to 99% token reduction.</strong>
 </p>
@@ -221,6 +228,7 @@ trace-mcp benchmark /path/to/project
 - **Call graph & DI tree** — bidirectional call graphs with 4-tier resolution confidence, optional LSP enrichment for compiler-grade accuracy, NestJS dependency injection
 - **ORM model context** — relationships, schema, metadata for 7 ORMs
 - **Dead code & test gap detection** — find untested exports/symbols (with "unreached" vs "imported_not_called" classification), dead code, per-symbol test reach in impact analysis
+- **Security scanning & MCP server analysis** — OWASP Top-10 pattern scanning, taint analysis (source→sink data flow), MCP security context export for [skill-scan](https://github.com/kkdub/skill-scan) enrichment (tool annotations verification, capability classification, sensitive data flows)
 - **Multi-service subprojects** — link graphs across services via API contracts; cross-service impact analysis; service-scoped decisions
 - **AI-powered analysis** — semantic search with zero-config local ONNX embeddings (no API keys needed), plus optional LLM summarization via Ollama/OpenAI
@@ -704,7 +712,7 @@ The full workflow is in [`.github/workflows/ci.yml`](.github/workflows/ci.yml)
 ## License
-[Elastic License 2.0 + Ethical Use Addendum](LICENSE) — free for personal and internal use. See LICENSE for full terms.
+[MIT](LICENSE)
 ---