context-snipe v0.2.0
·
7 commits
to main
since this release
First public release of the clean rewrite.
A ~0.85 MB pure-Rust MCP server that gives AI coding tools deterministic dependency + CVE context. It reads your lockfiles, queries OSV.dev, and reports only the advisories that affect packages actually present in your dependency tree — deduped across GHSA/PYSEC and graded by a computed CVSS base score.
Tools
scan_dependencies— list the resolved dependency treecheck_vulnerabilities— advisories affecting that tree (with aseverity_minfilter)
Ecosystems
Cargo.lock · pnpm-lock.yaml / yarn.lock / package-lock.json / package.json · poetry.lock / uv.lock / requirements.txt · go.sum / go.mod
Use it
- MCP: point your client at the binary with
args: ["serve"](see the README). - CLI:
context-snipe scan <dir>
Single standalone Windows x64 executable — no runtime dependencies.
context-snipe-x86_64-pc-windows.exe
SHA-256: 383a28c82ac04b13b584f68212d739a57e790b1fff0935ec8495b88a5b9b3d3f