PkgRadar

npm · registry.npmjs.org

@dollhousemcp/mcp-server

Remote Payload, Credential file access

Why PkgRadar flagged 2.0.34

SeveritySignalEvidence
mediumRemote Payloadpackage/dist/web/public/app.js
mediumRemote Payloadpackage/dist/web/routes.js

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.34Review82026-06-23
2.0.35Review82026-06-23
2.0.30Review82026-06-23
2.0.31Review82026-06-23
2.0.32Review82026-06-23
2.0.29Review82026-06-23

Block this in CI

PkgRadar gates @dollhousemcp/mcp-server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem npm @dollhousemcp/[email protected]
Start free — 25 scans / moView full evidence