Why
The npm ecosystem is in a heightened supply-chain-attack period (shai-hulud worm, Nx/AI-injected-malware campaigns, Glassworm, ongoing maintainer-account-takeover patterns). Dependabot — which we have enabled — is a CVE-database matcher; it does not perform behavioral analysis on packages and does not flag supply-chain-attack indicators like obfuscated code, suspicious postinstall scripts, dependency confusion patterns, or anomalous network endpoints.
Socket.dev provides exactly the layer Dependabot doesn't: per-package behavioral analysis, with a GitHub App that posts inline PR comments when a dependency change introduces concerning behavior. Free for OSS projects. Catches the attack classes (Nx-pattern injected code, postinstall worms, etc.) that CVE-based tools miss by definition.
This complements our existing posture of conservatively pinning dependencies and not auto-updating during the current threat window — Socket gives us active monitoring so we know about emergent risk without forcing update activity.
Immediate context (this repo)
MCPAQL/tools currently has 18 open Dependabot alerts (17 transitive via @modelcontextprotocol/sdk, 1 via ajv). None are in code paths the CLI binary actually exercises, but the same dependency chain shows up in other MCPAQL repos where exposure is real (HTTP server code paths in mcpaql-adapter, eventually adapter-studio). Installing Socket once at the org level — or on the repos where it matters most — would give us behavioral visibility across the whole chain.
What to do
Reminder: audit other repos for the same need
After this lands on MCPAQL/tools, walk the list and install where appropriate. Priority order:
MCPAQL org
DollhouseMCP sister-org (audit separately)
Supply-chain risk is org-agnostic; the sister org should get the same treatment.
(Filed as a reminder in this issue rather than as separate per-repo issues to avoid issue sprawl. When the audit happens, file follow-up issues only for repos where installation has actual work attached.)
Alternatives considered
- Phylum — similar behavioral analysis vendor, free tier. Equivalent capability; choosing Socket because its GitHub App integration is more mature and the inline-PR-comment workflow is what we want.
- Snyk Open Source — broader (CVE + behavior + license), heavier setup. Overkill for the gap we're filling; Dependabot already covers the CVE side.
- Doing nothing — current posture (don't auto-update + conservative pinning) is defensible but blind. Socket adds the monitoring layer without forcing update activity.
Out of scope for this issue
- Changing the "don't auto-update during heightened-threat period" policy
- Manually overriding transitive dependencies via
npm overrides
- The 18 existing Dependabot alerts on this repo (separate decision: mark "Risk tolerable" with notes once Socket baseline is in place)
- Migrating off the MCP SDK or switching dependencies
Reference
Why
The npm ecosystem is in a heightened supply-chain-attack period (shai-hulud worm, Nx/AI-injected-malware campaigns, Glassworm, ongoing maintainer-account-takeover patterns). Dependabot — which we have enabled — is a CVE-database matcher; it does not perform behavioral analysis on packages and does not flag supply-chain-attack indicators like obfuscated code, suspicious postinstall scripts, dependency confusion patterns, or anomalous network endpoints.
Socket.dev provides exactly the layer Dependabot doesn't: per-package behavioral analysis, with a GitHub App that posts inline PR comments when a dependency change introduces concerning behavior. Free for OSS projects. Catches the attack classes (Nx-pattern injected code, postinstall worms, etc.) that CVE-based tools miss by definition.
This complements our existing posture of conservatively pinning dependencies and not auto-updating during the current threat window — Socket gives us active monitoring so we know about emergent risk without forcing update activity.
Immediate context (this repo)
MCPAQL/toolscurrently has 18 open Dependabot alerts (17 transitive via@modelcontextprotocol/sdk, 1 viaajv). None are in code paths the CLI binary actually exercises, but the same dependency chain shows up in other MCPAQL repos where exposure is real (HTTP server code paths inmcpaql-adapter, eventuallyadapter-studio). Installing Socket once at the org level — or on the repos where it matters most — would give us behavioral visibility across the whole chain.What to do
MCPAQL/tools. Free for OSS.Reminder: audit other repos for the same need
After this lands on
MCPAQL/tools, walk the list and install where appropriate. Priority order:MCPAQL org
MCPAQL/mcpaql-adapter— uses MCP SDK; HTTP server code paths ARE exercised here (unlike tools). Same Dependabot alerts will matter more.MCPAQL/adapter-generator— produces code; supply-chain compromise here would propagate to every generated adapter. High priority.MCPAQL/examples— contains node_modules for generated adapters; large surface area.MCPAQL/adapter-studio— currently a README only, but will run on Cloudflare Workers and exercise real dependencies once code lands. Install at first-commit time so the baseline scan covers the initial PR.MCPAQL/pi-bridge— separate dependency tree; check before any new commit.MCPAQL/website— has Node tooling (scripts/generate-repo-docs.mjs) plus build-time deps.MCPAQL/spec— has linting/validation tooling.DollhouseMCP sister-org (audit separately)
Supply-chain risk is org-agnostic; the sister org should get the same treatment.
DollhouseMCP/mcp-server— biggest npm surface in the whole portfolio, highest-priority install.DollhouseMCP/collection— npm tooling + the catalog itself.DollhouseMCP/bridge— Python (Socket has Python ecosystem support; alternativelypip-audit+safety).DollhouseMCP/elemental-surveys,DollhouseMCP/elemental-resumes,DollhouseMCP/elemental-vitality— product-line repos with their own dep trees.(Filed as a reminder in this issue rather than as separate per-repo issues to avoid issue sprawl. When the audit happens, file follow-up issues only for repos where installation has actual work attached.)
Alternatives considered
Out of scope for this issue
npm overridesReference