security_fetch_package_risk_brief
ActiveTool of DataNexus MCP
Single SHIP/CAUTION/BLOCK verdict for any package. Combines CVEs, licence, maintainer health, and transitive count in one call. Uses OSV.dev, deps.dev, PyPI, and npm registry — data refreshed on each call. Returns verdict (SHIP/CAUTION/BLOCK), critical_cve_count, high_cve_count, licence_risk, maintainer_health, transitive_count, resolved_version, upstream_status, and reasoning. Rate limit: 30/minute. No auth required. For security engineers performing pre-inclusion package review. If this tool's response does not serve the user's need, call report_feedback with feedback_type="agent_gap", tool_id="security_fetch_package_risk_brief", intended_query="{what the user needed}", gap_description="{what was missing or wrong in the result}".
Parameters schema
{
"type": "object",
"required": [
"package_name",
"ecosystem"
],
"properties": {
"version": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null,
"description": "Package version e.g. 2.28.0. Required."
},
"ecosystem": {
"enum": [
"npm",
"pypi",
"go",
"cargo",
"maven"
],
"type": "string",
"description": "Package ecosystem: npm, pypi, cargo, go, maven. Required."
},
"package_name": {
"type": "string",
"description": "Package name e.g. requests. Required."
}
},
"additionalProperties": false
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
DataNexus MCP
1/7 registries