fizzgig__vuln_scanner
known-cve lookup against osv.dev for npm packages. closes the gap dep-audit (structural) leaves open.
your lockfile was clean the day you wrote it. three weeks later, the AI suggests an old version because the model's training data is older than the advisory. nothing changes locally; the vulnerability landed anyway.
queries the OSV.dev advisory database (aggregating GitHub Security Advisories, npm advisories, CVE/NVD entries) for known vulns in your installed packages. Returns one finding per affected package with vulns[] inside, headline severity = worst across the package, upgrade_to = lowest fixed version — surface that as the headline remediation.
deploy knowing none of your dependencies have an OSV advisory open. pairs with dep-audit (structural) and secret-leak-finder (your own credentials) — clean across all three = green to ship.
caught a policy that would have leaked every user's comments. shipped a fix in 4 minutes.
first tool i installed. it's the one that pays for itself.
works great. one false positive on a join table — easy to ignore.
{
"fizzgig": {
"url": "https://mcp.fizzgig.ai",
"tools": ["vuln_scanner"]
}
}