Back to Home
TurkNet icon

LicenGuard

Verified Safe

by TurkNet

View Source

Overview

Inventory, analyze, and manage open-source software (OSS) libraries and their licenses, including risk assessment, with integration for AI copilots.

Installation

Run Command
API_URL=http://localhost:4000 OPENAI_API_KEY=sk-... npm run dev

Environment Variables

  • API_URL
  • OPENAI_API_KEY
  • OPENAI_API_URL
  • OPENAI_MODEL
  • LOCAL_LLM_API_KEY
  • LOCAL_LLM_API_URL
  • LOCAL_LLM_MODEL
  • LOCAL_LLM_AUTH_HEADER
  • LOCAL_LLM_EXTRA_HEADERS
  • RESPONSE_LANGUAGE
  • MCP_AUTO_IMPORT
  • MCP_STDIO_ENABLED
  • MCP_HTTP_ENABLED
  • MCP_HTTP_PORT
  • MCP_HTTP_HOST
  • MCP_HTTP_PATH
  • MCP_HTTP_ALLOWED_HOSTS
  • MCP_HTTP_ALLOWED_ORIGINS
  • REPO_SCAN_GITHUB_TOKEN
  • GITHUB_TOKEN
  • GH_TOKEN
  • REPO_SCAN_BITBUCKET_USER
  • BITBUCKET_USER
  • BITBUCKET_USERNAME
  • REPO_SCAN_BITBUCKET_APP_PASSWORD
  • BITBUCKET_APP_PASSWORD
  • BITBUCKET_TOKEN
  • BITBUCKET_BASIC_TOKEN

Security Notes

The server correctly uses `subprocess.run` with list arguments for `git clone`, mitigating common shell injection risks. MongoDB queries use `re.escape` for user input, preventing regex injection. API keys are managed via environment variables. The architecture relies heavily on LLM interactions which carry inherent risks like hallucination or data privacy concerns, but the code itself does not show immediate RCE vulnerabilities from user input. A debug endpoint for listing tools is exposed via HTTP, which should be disabled in production.

Similar Servers

core

3566

A framework for building AI-Native IDE products, providing core functionalities like editor, file management, terminal, debugging, search, and extension support, with a strong focus on AI integration and interactive UI components.

Web & APIs
6
$High

chunkhound

279

Transforms codebases into searchable knowledge bases for AI assistants using semantic search and regex search, with deep research capabilities for code and files.

Coding Agents
7
$Medium

metorial-platform

186

The Metorial Platform is an open source integration platform for agentic AI, designed to connect any AI model to thousands of APIs, data sources, and tools with a single function call, built to scale for enterprise-grade AI applications.

Web & APIs
9
$Low

dependency-management-mcp-server

59

Integrate Sonatype's dependency management and security intelligence platform with AI assistants to provide real-time insights into open source security, license compliance, and dependency health.

AI & ML
8
$Medium

Stats

Interest Score0
Security Score8
Cost ClassHigh
Avg Tokens1200
Stars0
Forks0
Last Update2025-12-04

Tags

OSSLicense ManagementRisk ScoringFastAPIMongoDBMCP