context-snipe reads your lockfiles, queries OSV.dev, and hands your AI assistant a short, ranked, deterministic vulnerability report — over the Model Context Protocol. One binary. No runtime. No telemetry.
One command grabs the right binary for your platform and puts it on your PATH. No package manager, no build, no runtime.
curl -fsSL https://raw.githubusercontent.com/RP-Digital-Innovations/context-snipe/main/install.sh | sh irm https://raw.githubusercontent.com/RP-Digital-Innovations/context-snipe/main/install.ps1 | iex Prefer to grab a binary by hand? Pick your platform:
Add context-snipe as an MCP server. Claude Desktop and Cursor use the same shape.
{ "mcpServers": { "context-snipe": { "command": "/usr/local/bin/context-snipe", "args": ["serve"] } } }
Restart your client, then ask: "Check this project for vulnerable dependencies."
Generic vulnerability scanners dump hundreds of advisories. context-snipe gives your AI exactly the signal it needs, nothing more.
Prefer the lockfile when present; fall back to the manifest when not.
Read the source, file issues, submit PRs. Built by RP Digital Innovations.
★ Star on GitHub