home / mcp / dep_oracle mcp server
Provides a predictive dependency security MCP server that evaluates trust scores, zombie detection, blast radius, and typosquat risk for project dependencies.
Configuration
View docs{
"mcpServers": {
"ertugrulakben-dep-oracle": {
"command": "npx",
"args": [
"dep-oracle",
"mcp"
]
}
}
}dep-oracle provides a predictive dependency security engine that integrates with Claude Code through an MCP server. It assigns trust scores to each package in your dependency tree, detects zombie dependencies, estimates blast radius, and offers typosquat protection and migration suggestions, helping you identify and mitigate future supply chain risks before they materialize.
You interact with the MCP server from your MCP client by configuring the server in your Claude Code environment and then asking natural language questions or invoking specific tools. Start a project scan, query the trust score for a package, or request risk analysis for a dependency. The MCP integration exposes tools that you can call to gather actionable insights about your dependencies and to receive suggested safer alternatives.
Prerequisites: ensure Node.js and npm are installed on your system. You will also need access to Claude Code to connect to the MCP server. Install the MCP client package if required by your setup.
Install the MCP client integration for Claude Code and configure the MCP server entry as shown in the settings snippet.
The MCP integration for dep-oracle is defined to run via an inline MCP server configuration. You enable the server by providing the following configuration to Claude Code, which points to the dep-oracle MCP server. This enables natural language queries such as asking for the riskiest dependency, checking a package’s safety, showing zombie dependencies, or asking for migration suggestions.
{
"mcpServers": {
"dep_oracle": {
"command": "npx",
"args": ["dep-oracle", "mcp"]
}
}
}
```} ,{dep-oracle operates with a focus on predictive signals. In offline mode, it can rely on cached data to provide trust scores and risk indicators when the network is unavailable, helping you continue assessments without interrupting development.
Ask for the full project dependency scan, retrieve a single package’s trust score, or request a blast radius analysis. You can compare two packages, check for typosquat risk, or generate a migration list with safer alternatives.
If you encounter connection issues with the MCP server, verify that the command and arguments are correctly configured in your Claude Code settings and that your environment can reach the server URI. Ensure your Node tooling is up to date and that the MCP endpoint is accessible according to your network policies.
This MCP integration complements existing security tools by providing predictive risk signals, maintenance health indicators, and practical migration suggestions to strengthen your supply chain defenses.
Performs a full project dependency scan and returns a comprehensive report with trust scores and risk indicators.
Returns the trust score for a single package or a set of specified packages.
Calculates the blast radius to show how many files in your codebase are affected if a dependency is compromised.
Lists zombie dependencies that have no recent maintenance but are still in use.
Provides safer alternatives for risky dependencies based on a curated mapping.
Checks a package name against known typosquatting patterns and registries.
Compares two packages side-by-side to highlight differences in risk, maintenance, and trust signals.
Generates a JSON report of the scan results, suitable for downstream workflows.