Check reference / Safety & Security

MCP-02 Server packages version-pinned

Safety & Security · 15% of the grade · deterministic · applies to MCP configs

Deterministic — runs on every scan, no LLM or network needed.

Why it matters

An unpinned npx server re-resolves `latest` on every launch, so a hijacked or breaking release ships straight into your session — with whatever credentials and tool access that server already holds. That is supply-chain drift you never get to review.

How to fix it

Pin an exact version after the package name (`npx -y some-server@1.2.3`) and bump deliberately, after reading the release.

Example

✗ flagged
"args": ["-y", "@example/mcp-server"]
✓ passes
"args": ["-y", "@example/mcp-server@1.2.3"]