cuttalo/depscope
mcp`.
Ask AI about cuttalo/depscope
Powered by Claude · Grounded in docs
I know everything about cuttalo/depscope. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
DepScope
Package Intelligence for AI Agents. Stops AI coding agents (Claude, ChatGPT, Cursor, Windsurf, Copilot, Cline) from installing hallucinated, deprecated, or malicious packages across 19 ecosystems.
→ Live at depscope.dev · 8.4M+ packages · 42K+ vulnerabilities (99% EPSS-enriched) · zero auth · free
Quick start (MCP)
Claude Desktop / Cursor / Windsurf — remote
{
"mcpServers": {
"depscope": {
"url": "https://mcp.depscope.dev/mcp"
}
}
}
Claude Code / local — stdio
{
"mcpServers": {
"depscope": {
"command": "npx",
"args": ["-y", "depscope-mcp"]
}
}
}
The MCP server source is at cuttalo/depscope-mcp (AGPL-3.0).
What it does
22 MCP tools across 19 package ecosystems:
npm · pypi · cargo · go · composer · maven · nuget · rubygems · pub · hex · swift · cocoapods · cpan · hackage · cran · conda · homebrew · jsr · julia
| Tool | Purpose |
|---|---|
check_package | Full safety check: deprecation · vulnerabilities · health · recommendation |
check_malicious | Malicious-package detector |
check_typosquat | Typosquat detection vs popular names |
package_exists | Hallucination detector (404 = LLM invented it) |
get_health_score | 0–100 health score with breakdown |
get_vulnerabilities | Vulnerabilities + severity scoring |
find_alternatives | Suggested alternatives for deprecated/abandoned packages |
get_breaking_changes | Major-version migration notes |
get_known_bugs | Known issues for a package |
compare_packages | Side-by-side comparison |
check_compatibility | Stack-level compatibility check |
resolve_error | Error message → likely cause + fix |
install_command | Verified install command for the target ecosystem |
get_latest_version | Latest stable version + maturity signal |
pin_safe | Suggested safe version pin |
get_trust_signals | Multi-signal trust score |
get_migration_path | Step-by-step upgrade plan |
scan_project | Bulk scan of dependency manifests |
check_bulk | Fast pre-flight filter for batches |
get_trending | Trending packages by ecosystem |
get_package_prompt | Compact LLM-friendly summary |
contact_depscope | Report a missing package or false positive |
REST API
Same data, plain HTTPS — no MCP client needed.
curl https://depscope.dev/api/check/npm/lodash
curl https://depscope.dev/api/check/pypi/requests
curl https://depscope.dev/api/check/cargo/serde
Full reference: depscope.dev/integrate
Why
LLMs frequently invent package names that look real but don't exist (fastapi-turbo, lodahs, tokio-stream-extras). When an agent tries to install one, it can hit an attacker's typosquat. DepScope verifies every package before install.
Read more: depscope.dev/why
Pricing
Free. No auth required. Generous rate limits.
If you need higher quotas, SLA, or on-prem deployment, contact us at depscope@cuttalo.com.
Open source vs proprietary
This repository is a landing page with documentation only.
-
MCP server (client SDK) — open source, AGPL-3.0: → cuttalo/depscope-mcp → npm: depscope-mcp
-
Backend (API + intelligence layer) — proprietary, hosted at
depscope.dev.
This split lets us keep the client free, auditable, and community-extensible while sustaining the infrastructure that powers it.
Links
- Homepage · depscope.dev
- API docs · depscope.dev/integrate
- MCP server source · cuttalo/depscope-mcp
- npm · depscope-mcp
- Glama listing · glama.ai/mcp/servers/cuttalo/depscope
- Awesome MCP · punkpeye/awesome-mcp-servers
License
This README and accompanying landing files: CC-BY-4.0. MCP client SDK: AGPL-3.0 (see cuttalo/depscope-mcp). Backend service: proprietary.
Built by Cuttalo srl · Italy 🇮🇹