opensrc-mcp
Verified Safeby dmmulroy
Overview
A codemode MCP server for fetching and querying dependency source code, optimized for AI agents.
Installation
npx opensrc-mcpSecurity Notes
The server employs robust sandboxing using Node.js's `vm.createContext` to execute agent-provided JavaScript. Key security measures include: `deepFreeze` of injected API objects to prevent modification, explicit disabling/undefined of dangerous global functions (`setTimeout`, `require`, `process`, `fetch`, etc.) to prevent arbitrary system access or network calls, a 30-second execution timeout to prevent infinite loops, and explicit path traversal prevention in file reading functions. External network operations (fetching packages/repos) are handled by the server's controlled `opensrc` dependency. While `vm` sandboxes are not entirely infallible against sophisticated attacks, this implementation is highly secure for its intended purpose of executing untrusted JavaScript code.
Similar Servers
git-mcp-server
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
context-engine
Provides an agent-agnostic local context engine via Model Context Protocol (MCP) for coding agents, enabling semantic search, planning, code review, and prompt enhancement with AI integration.
codeweaver
A code intelligence platform that provides semantically rich, context-aware code search for AI agents, aimed at reducing cognitive load and token costs for coding tasks.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.