Skip to content

Add Socket.dev supply-chain security (and audit other repos for same need) #24

Description

@mickdarling

Why

The npm ecosystem is in a heightened supply-chain-attack period (shai-hulud worm, Nx/AI-injected-malware campaigns, Glassworm, ongoing maintainer-account-takeover patterns). Dependabot — which we have enabled — is a CVE-database matcher; it does not perform behavioral analysis on packages and does not flag supply-chain-attack indicators like obfuscated code, suspicious postinstall scripts, dependency confusion patterns, or anomalous network endpoints.

Socket.dev provides exactly the layer Dependabot doesn't: per-package behavioral analysis, with a GitHub App that posts inline PR comments when a dependency change introduces concerning behavior. Free for OSS projects. Catches the attack classes (Nx-pattern injected code, postinstall worms, etc.) that CVE-based tools miss by definition.

This complements our existing posture of conservatively pinning dependencies and not auto-updating during the current threat window — Socket gives us active monitoring so we know about emergent risk without forcing update activity.

Immediate context (this repo)

MCPAQL/tools currently has 18 open Dependabot alerts (17 transitive via @modelcontextprotocol/sdk, 1 via ajv). None are in code paths the CLI binary actually exercises, but the same dependency chain shows up in other MCPAQL repos where exposure is real (HTTP server code paths in mcpaql-adapter, eventually adapter-studio). Installing Socket once at the org level — or on the repos where it matters most — would give us behavioral visibility across the whole chain.

What to do

  • Install the Socket GitHub App on MCPAQL/tools. Free for OSS.
  • Verify the initial baseline scan completes — Socket will post a one-time report listing flagged packages already in the tree (high/medium/low concern by behavior).
  • Review the baseline report and either remediate or document acceptance for each behavioral flag (mirrors the "risk tolerable" pattern we use for Dependabot).
  • Decide whether to enable the inline PR review workflow (recommended) and/or the block-on-high-severity workflow (optional, may be too aggressive for solo-maintainer cadence).

Reminder: audit other repos for the same need

After this lands on MCPAQL/tools, walk the list and install where appropriate. Priority order:

MCPAQL org

  • MCPAQL/mcpaql-adapter — uses MCP SDK; HTTP server code paths ARE exercised here (unlike tools). Same Dependabot alerts will matter more.
  • MCPAQL/adapter-generator — produces code; supply-chain compromise here would propagate to every generated adapter. High priority.
  • MCPAQL/examples — contains node_modules for generated adapters; large surface area.
  • MCPAQL/adapter-studio — currently a README only, but will run on Cloudflare Workers and exercise real dependencies once code lands. Install at first-commit time so the baseline scan covers the initial PR.
  • MCPAQL/pi-bridge — separate dependency tree; check before any new commit.
  • MCPAQL/website — has Node tooling (scripts/generate-repo-docs.mjs) plus build-time deps.
  • MCPAQL/spec — has linting/validation tooling.

DollhouseMCP sister-org (audit separately)

Supply-chain risk is org-agnostic; the sister org should get the same treatment.

  • DollhouseMCP/mcp-server — biggest npm surface in the whole portfolio, highest-priority install.
  • DollhouseMCP/collection — npm tooling + the catalog itself.
  • DollhouseMCP/bridge — Python (Socket has Python ecosystem support; alternatively pip-audit + safety).
  • DollhouseMCP/elemental-surveys, DollhouseMCP/elemental-resumes, DollhouseMCP/elemental-vitality — product-line repos with their own dep trees.
  • Other DollhouseMCP private repos with Node dependencies — case-by-case.

(Filed as a reminder in this issue rather than as separate per-repo issues to avoid issue sprawl. When the audit happens, file follow-up issues only for repos where installation has actual work attached.)

Alternatives considered

  • Phylum — similar behavioral analysis vendor, free tier. Equivalent capability; choosing Socket because its GitHub App integration is more mature and the inline-PR-comment workflow is what we want.
  • Snyk Open Source — broader (CVE + behavior + license), heavier setup. Overkill for the gap we're filling; Dependabot already covers the CVE side.
  • Doing nothing — current posture (don't auto-update + conservative pinning) is defensible but blind. Socket adds the monitoring layer without forcing update activity.

Out of scope for this issue

  • Changing the "don't auto-update during heightened-threat period" policy
  • Manually overriding transitive dependencies via npm overrides
  • The 18 existing Dependabot alerts on this repo (separate decision: mark "Risk tolerable" with notes once Socket baseline is in place)
  • Migrating off the MCP SDK or switching dependencies

Reference

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions