mcp-server
cap-js/mcp-serverModel Context Protocol (MCP) server for AI-assisted development of CAP applications.
Some concerns found — review before installing
We found some patterns that are worth checking. They might be harmless, but it's good practice to understand what a package does before trusting it. Read through the findings below.
What We Found(1 issue)
Each card explains what was found and what it means in plain English. Click "Technical details" for the full breakdown.
Risky. This package doesn't lock its dependency versions. That means if one of its dependencies gets hacked tomorrow, you'd automatically download the hacked version. Good packages always pin their versions.
Technical details
Using '*' or 'latest' as a dependency version means any future version will be installed automatically — including compromised ones.
"*"Finding Summary
0
Critical
0
High
1
Medium
0
Low
0
Info