Check reference / Safety & Security
MCP-02 Server packages version-pinned
Deterministic — runs on every scan, no LLM or network needed.
Why it matters
An unpinned npx server re-resolves `latest` on every launch, so a hijacked or breaking release ships straight into your session — with whatever credentials and tool access that server already holds. That is supply-chain drift you never get to review.
How to fix it
Pin an exact version after the package name (`npx -y some-server@1.2.3`) and bump deliberately, after reading the release.
Example
✗ flagged
"args": ["-y", "@example/mcp-server"]✓ passes
"args": ["-y", "@example/mcp-server@1.2.3"]