2 days ago
SafeDep MCP Server protects AI coding agents from supply chain attacks by checking every open source package before installation.
When your AI suggests a package, SafeDep validates it against our threat intelligence database, built from continuous scanning, behavioral analysis, and human security researcher verification. Malicious packages are blocked instantly. Safe packages install without friction.
We detect threats in hours, not the 24-48 hours it takes for public disclosure. Same intelligence that caught Shai-Hulud and S1ngularity.
Overview
SafeDep MCP Server
SafeDep MCP Server protect AI coding workflows from supply chain attacks. Every npm, PyPI, and open source package is checked against real-time threat intelligence before installation.
The problem: AI coding tools install packages without the scrutiny a human would apply. One malicious package can steal AWS keys, GitHub tokens, and API secrets from the environment.
The solution: SafeDep validates every package that the AI suggests with the agent loop before installation. Malicious packages are blocked with clear explanations. Safe packages install invisibly. Zero friction when there's no threat.
Key Features
- Real-time detection — SafeDep scan packages as they're published to public open source registries, detecting threats in hours, not days
- Zero friction — Invisible when packages are safe.
- Broad ecosystem coverage — npm, PyPI, and expanding to more registries
Supported Tools
- Claude Code
- Cursor
- Windsurf
- Zed
- Gemini CLI
- OpenAI Codex
- Any MCP-compatible IDE
Getting Started
- Sign up at app.safedep.io
- Get your API key from Settings → API Keys
- Configure your IDE with the MCP endpoint
Endpoint: https://mcp.safedep.io/model-context-protocol/threats/v1/mcp
Full setup instructions: docs.safedep.io/apps/mcp/overview
Server Config
{
"mcpServers": {
"safedep": {
"url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "",
"X-Tenant-ID": ""
}
}
}
}