Merge pull request #117 from SocketDev/anthropic-updates

compatibility with latest @modelcontextprotocol/sdk

Author: kapravel

index.ts

@@ -65,49 +65,53 @@ async function getApiKeyInteractively (): Promise<string> {
 // Initialize API key
 let SOCKET_API_KEY = process.env['SOCKET_API_KEY'] || ''
 
+// Build headers dynamically to reflect current API key
+function buildSocketHeaders (): Record<string, string> {
+  return {
+    'user-agent': `socket-mcp/${VERSION}`,
+    accept: 'application/x-ndjson',
+    'content-type': 'application/json',
+    authorization: `Bearer ${SOCKET_API_KEY}`
+  }
+}
+
 // No session management: each HTTP request is handled statelessly
 
 // Create server instance
 const server = new McpServer({
   name: 'socket',
   version: VERSION,
-  description: 'Socket MCP server',
-  capabilities: {
-    resources: {},
-    tools: {},
-    streaming: {}
-  },
 })
 
-server.tool(
+server.registerTool(
   'depscore',
-  "Get the dependency score of packages with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low. When checking dependencies, make sure to also check the imports in the code, not just the manifest files (pyproject.toml, package.json, etc).",
   {
-    packages: z.array(z.object({
-      ecosystem: z.string().describe('The package ecosystem (e.g., npm, pypi)').default('npm'),
-      depname: z.string().describe('The name of the dependency'),
-      version: z.string().describe("The version of the dependency, use 'unknown' if not known").default('unknown'),
-    })).describe('Array of packages to check'),
+    title: 'Dependency Score Tool',
+    description: "Get the dependency score of packages with the `depscore` tool from Socket. Use 'unknown' for version if not known. Use this tool to scan dependencies for their quality and security on existing code or when code is generated. Stop generating code and ask the user how to proceed when any of the scores are low. When checking dependencies, make sure to also check the imports in the code, not just the manifest files (pyproject.toml, package.json, etc).",
+    inputSchema: z.object({
+      packages: z.array(z.object({
+        ecosystem: z.string().describe('The package ecosystem (e.g., npm, pypi)').default('npm'),
+        depname: z.string().describe('The name of the dependency'),
+        version: z.string().describe("The version of the dependency, use 'unknown' if not known").default('unknown'),
+      })).describe('Array of packages to check'),
+    }),
+    annotations: {
+      readOnlyHint: true,
+    },
   },
   async ({ packages }) => {
     logger.info(`Received request for ${packages.length} packages`)
 
-    const SOCKET_HEADERS = {
-      'user-agent': `socket-mcp/${VERSION}`,
-      accept: 'application/x-ndjson',
-      'content-type': 'application/json',
-      authorization: `Bearer ${SOCKET_API_KEY}`
-    }
-
     // Build components array for the API request
     const components = packages.map(pkg => {
-      const cleanedVersion = pkg.version.replace(/[\^~]/g, '') // Remove ^ and ~ from version
+      const cleanedVersion = (pkg.version ?? 'unknown').replace(/[\^~]/g, '') // Remove ^ and ~ from version
+      const ecosystem = pkg.ecosystem ?? 'npm'
       let purl: string
       if (cleanedVersion === '1.0.0' || cleanedVersion === 'unknown' || !cleanedVersion) {
-        purl = `pkg:${pkg.ecosystem}/${pkg.depname}`
+        purl = `pkg:${ecosystem}/${pkg.depname}`
       } else {
         logger.info(`Using version ${cleanedVersion} for ${pkg.depname}`)
-        purl = `pkg:${pkg.ecosystem}/${pkg.depname}@${cleanedVersion}`
+        purl = `pkg:${ecosystem}/${pkg.depname}@${cleanedVersion}`
       }
       return { purl }
     })
@@ -116,7 +120,7 @@ server.tool(
       // Make a POST request to the Socket API with all packages
       const response = await fetch(SOCKET_API_URL, {
         method: 'POST',
-        headers: SOCKET_HEADERS,
+        headers: buildSocketHeaders(),
         body: JSON.stringify({ components })
       })
 
@@ -187,6 +191,8 @@ server.tool(
               .join(', ')
 
             results.push(`${purl}: ${scoreEntries}`)
+          } else {
+            results.push(`${purl}: No score found`)
           }
         }
 

manifest.json

@@ -1,7 +1,7 @@
 {
-  "manifest_version": "0.1",
+  "manifest_version": "0.2",
   "name": "Socket",
-  "version": "0.0.12",
+  "version": "0.0.13",
   "description": "Socket MCP server for scanning dependencies",
   "long_description": "__Secure your code by default.__\nThe Socket MCP server brings powerful, real-time dependency scanning directly into Claude. Instantly audit packages from npm, PyPI, Cargo, and more—right inside your chats—with zero setup. Built on the Model Context Protocol (MCP), this extension automatically evaluates packages for:\n - Vulnerabilities and malware\n - Supply chain risks\n - Code quality and maintenance\n - License compliance\n\n With a single command, Claude will return detailed security scores (0–100) across five critical dimensions—helping you make informed decisions and avoid risky dependencies before they hit production.",
   "author": {
@@ -47,6 +47,7 @@
     "vibecoding"
   ],
   "license": "MIT",
+  "privacy_policies": ["https://socket.dev/privacy"],
   "repository": {
     "type": "git",
     "url": "https://github.com/SocketDev/socket-mcp"

mock-client/stdio-client.ts

@@ -12,7 +12,9 @@ async function main () {
     args: ['--experimental-strip-types', serverPath],
 
     env: {
-      ...process.env,
+      ...Object.fromEntries(
+        Object.entries(process.env).filter(([, value]) => value !== undefined)
+      ) as Record<string, string>,
       SOCKET_API_KEY: process.env['SOCKET_API_KEY'] || ''
     }
   })

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@socketsecurity/mcp",
-  "version": "0.0.12",
+  "version": "0.0.13",
   "type": "module",
   "main": "./index.js",
   "bin": {
@@ -23,6 +23,7 @@
     "build-mcpb": "run-s build build-mcpb:*",
     "build-mcpb:versions_match": "node --experimental-strip-types scripts/check-versions.ts",
     "build-mcpb:validate": "npx mcpb validate ./",
+    "build-mcpb:ensure-deps": "npm install --production --ignore-scripts",
     "build-mcpb:mcpb-pack": "npx mcpb pack ./",
     "clean": "./scripts/clean.sh",
     "debug-stdio": "node --experimental-strip-types ./mock-client/debug-client.ts",
@@ -33,6 +34,8 @@
   },
   "keywords": [],
   "files": [
+    "package.json",
+    "package-lock.json",
     "index.js",
     "index.d.ts",
     "index.d.ts.map",

package.json

@@ -14,7 +14,9 @@ test('Socket MCP Server', async (t) => {
     command: 'node',
     args: ['--experimental-strip-types', serverPath],
     env: {
-      ...process.env,
+      ...Object.fromEntries(
+        Object.entries(process.env).filter(([, value]) => value !== undefined)
+      ) as Record<string, string>,
       SOCKET_API_KEY: apiKey
     }
   })