home / mcp / socket mcp server
Provides public and self-hosted MCP endpoints to query dependency security scores for npm, PyPI, and more.
Configuration
View docs{
"mcpServers": {
"socketdev-socket-mcp": {
"url": "https://mcp.socket.dev/",
"headers": {
"SOCKET_API_KEY": "YOUR_API_KEY"
}
}
}
}You deploy and use a Socket MCP Server to let AI assistants check dependency vulnerability scores and security information across package ecosystems. It supports a public hosted service for instant use and local deployments in stdio or HTTP modes, enabling seamless integration with your favorite MCP clients.
Use the public Socket MCP server to get started without any setup. Point your MCP client to the public URL and begin querying dependency scores for npm, PyPI, and other ecosystems. If you prefer hosting your own server, run a local MCP in stdio or HTTP mode and connect your MCP client to that local instance. You can process multiple dependencies in a single request to save time.
To query a specific dependency, instruct your AI assistant to check the security score for a given package and version. For example, you can ask for the score of express version 4.18.2, or request an analysis of your project’s dependencies. The service returns comprehensive metrics across supply chain, quality, maintenance, vulnerability, and license scores.
Prerequisites: Node.js v16 or higher and npm or yarn.
Option A: Use the public Socket MCP server (recommended). No installation or API key is required for the public server.
Option B: Run a local MCP server in stdio mode using npm or npx. This lets you host MCP on your own machine and connect your MCP clients to it.
Complete steps for the local stdio setup are shown in the code blocks below. Follow these exactly to start a self-hosted MCP server.
Option C: Run a local MCP server in HTTP mode to expose a remote-access API on localhost. This is useful when you want to connect clients across machines or orchestrate it with your own infrastructure.
Tools exposed by the Socket MCP Server include the depscore tool, which provides dependency scoring information across ecosystems. You can query multiple dependencies in a single request and receive metrics such as supply_chain, quality, maintenance, vulnerability, and license scores.
Configuration and health checks: When running in HTTP mode, the server offers a health endpoint for Kubernetes, Docker, and general monitoring. The health endpoint responds with status, version, and timestamp to help you verify the service health.
Security and API keys: For local deployments, you typically provide an API key with the packages:list scope to allow the MCP server to query package metadata. Use a key with the required permissions to avoid authentication errors.
Troubleshooting tips: If the public server isn’t responding, verify you’re using the correct URL, confirm your client configuration, and consider restarting the MCP client. For local servers, ensure Node.js v16+ is installed and the API key is set. If you encounter authentication errors, double-check the key and its scope or regenerate it.
Query the Socket MCP API for dependency scoring information across ecosystems, returning metrics such as supply_chain, quality, maintenance, vulnerability, and license.