You're viewing a demo portfolio

Join the waitlist
PRSM

security_fetch_dependency_graph

Active

Tool of DataNexus MCP

declared in 3.4.2

Fetch the full dependency tree for a package version including transitive dependencies. Read-only. No side effects. Idempotent. Hard 8-second timeout — large dependency trees may return partial results. package: Package name. Required. version: Exact version string e.g. 1.2.3. Required. ecosystem: One of PyPI, npm, Maven, Go, Cargo, NuGet, RubyGems. Required. Returns all direct and transitive dependencies with version constraints. Use this to understand full supply chain exposure. Use security_fetch_package_vulnerabilities instead when you only need CVEs for a single package. Verified source: deps.dev (Google). 1-hour cache. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_fetch_dependency_graph", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".

Parameters schema

{
  "type": "object",
  "required": [
    "package",
    "version",
    "ecosystem"
  ],
  "properties": {
    "package": {
      "type": "string",
      "description": "Package name e.g. requests. Required."
    },
    "version": {
      "type": "string",
      "description": "Package version e.g. 2.28.0. Required."
    },
    "ecosystem": {
      "type": "string",
      "description": "Package ecosystem: npm, pypi, cargo, go, maven, nuget. Required."
    }
  },
  "additionalProperties": false
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.50.

Parent server

DataNexus MCP

1/7 registries
View full server →