Skip to content

Index

MCP Server + CLI

Stop risky packages before they reach your machine.

safe-pkgs runs package safety checks before install and returns a single decision your tools can enforce: allow, risk, reasons, and metadata.

Start in 60 Seconds See config spec

Typical Decision

{
  "allow": false,
  "risk": "high",
  "reasons": [
    "package is too new (published 2 days ago)",
    "postinstall script found"
  ],
  "metadata": {
    "latest": "1.2.4",
    "requested": "1.2.3"
  }
}
7 checksaggregated into one risk score
3 registriesnpm + crates.io + pypi
Audit logappend-only local trail

Cost model

No subscription required.

Local-first runtime

safe-pkgs runs as a local Rust binary (CLI + MCP) and keeps cache/audit artifacts on your machine.

Public data sources

Built-in checks use public registry/advisory endpoints (npm, crates.io, pypi, OSV) with no API key requirement.

Why safe-pkgs

Fast installs are great. Blind installs are not.

Catch common supply-chain risk

Typosquat checks, install-script detection, and advisory lookups reduce obvious package abuse before install.

Enforce policy, not vibes

Configure a max allowed risk. If checks fail or risk is too high, the decision is explicit and machine-enforceable.

Keep decisions auditable

Every decision can be logged with reasons and metadata so teams can review what was blocked and why.

How it works + pipeline

One combined decision map.

Combined safe-pkgs architecture showing input surfaces, concurrent checks, risk aggregation, policy gate, and decision output.

Provider matrix

Check support by registry

Check support map showing which checks are available for each registry

In-editor flow

What usage looks like

Without safe-pkgs
AI agent adding a package without safe-pkgs — no safety check performed
With safe-pkgs
AI agent blocked by safe-pkgs — risk level, CVEs, and reasons surfaced before install

How to start

Copy, run, integrate.

Build and run MCP server

cargo build --release
./target/release/safe-pkgs serve

Optional: run one-off audit

safe-pkgs audit /path/to/project-or-lockfile

MCP client config snippet

{
  "servers": {
    "safe-pkgs": {
      "type": "stdio",
      "command": "/path/to/safe-pkgs",
      "args": ["serve"]
    }
  },
  "inputs": []
}