securityv0.5.0free
fizzgig__dep_audit
reviews package.json + lockfile for placement, range, and integrity issues.
7 checks across placement (dev-only linters in production deps), version-range discipline (caret on 0.x deps), lockfile integrity (duplicate transitive versions = bundle bloat), runtime engines field, and parse failures. Now with package-name-aware severity tiering — security-critical packages (auth/payment/crypto/db/AI SDK families) stay high; cosmetic packages (UI / icons / styling) drop to medium.
● live● v0.5.0● free
// input schema
{
"type": "object"
"required": [
"project"
]
"properties": {
"project": {
"type": "string"
"description": "the project slug or path"
}
"strict": {
"type": "boolean"
"default": false
"description": "fail on warnings, not just errors"
}
}
}
// output schema
{
"type": "object"
"properties": {
"ok": {
"type": "boolean"
}
"findings": {
"type": "array"
"items": {
"type": "object"
"properties": {
"severity": {
"enum": [
"info"
"warn"
"high"
"critical"
]
}
"message": {
"type": "string"
}
"fix": {
"type": "string"
}
}
}
}
}
}
// example call from cursor
→ fizzgig__dep_audit(project="myapp")
{
"ok": false,
"findings": [
{ "severity": "high",
"message": "policy uses user_id without auth.uid()",
"fix": "USING (auth.uid() = user_id)" }
],
"scanned": 3, "duration_ms": 142
}
// reviews
@maya.codes★★★★★
2 days agocaught a policy that would have leaked every user's comments. shipped a fix in 4 minutes.
@solo_at_3am★★★★★
1 week agofirst tool i installed. it's the one that pays for itself.
@vibebuilder★★★★☆
2 weeks agoworks great. one false positive on a join table — easy to ignore.
// primary action
add to your editor
paste this into your mcp config.
{
"fizzgig": {
"url": "https://mcp.fizzgig.ai",
"tools": ["dep_audit"]
}
}// pricing
free
unlimited calls on the free tier.