npm-check-prepublish
Verified Safeby kmalakoff
Overview
A verification tool for npm packages (modules, CLI tools) to catch common packaging and runtime issues before publishing.
Installation
npx npm-check-prepublishSecurity Notes
The project uses 'eval' in its `bin/cli.js` entry point for dual ESM/CJS compatibility. While this is a recognized pattern for this specific use case to ensure a single executable works across module environments without requiring two separate bin files, `eval` is generally a high-risk function and warrants careful scrutiny. However, in this context, it's not used for arbitrary user input. The tool also extensively uses `child_process.execSync` to run `npm` commands and the package's own CLI binaries. These commands are constructed internally from `package.json` fields or hardcoded strings, not directly from untrusted user input, which mitigates the risk. There are no apparent hardcoded secrets or malicious network activity beyond standard npm operations.
Similar Servers
jsonv-ts
Provides a type-safe JSON Schema builder and validator in TypeScript, with integrated Hono middleware for OpenAPI generation and request validation, and an MCP (Model Context Protocol) server/client for agent-based interactions.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.
developer-mcp
This repository appears to be a JavaScript/TypeScript project, likely an SDK, library, or development tool, built for developers.
logicstamp-mcp
Provides AI assistants with structured access to React/TypeScript codebases through LogicStamp Context's analysis engine, enabling safe analysis, modification, and verification of code.