npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mcpflow.io/github-security-mcp-server

v1.0.2

Published

Model Context Protocol (MCP) server that provides GitHub API tools for user information, security issue creation, and repository security scanning. Built with TypeScript and the MCP SDK

Downloads

5

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mcpflow.iomcpflow.io

Keywords

mcpmcp-servergithub-securitygithub-security-mcp-serveraighasmodel-context-protocolllmmcpflow

Readme

MCP Server for GitHub Tools

Overview

This repository contains a Model Context Protocol (MCP) server implementation that provides tools for interacting with GitHub. The server is built using TypeScript and the MCP SDK, allowing it to be integrated with MCP clients like GitHub Copilot in Visual Studio Code.

Features

The server currently provides the following tools:

  • GitHub User Information: Retrieve details about a GitHub user by username
  • Security Issue Creation: Create security issues in GitHub repositories with appropriate formatting and labels
  • List Security Issues: List all security-related issues in a GitHub repository
  • Security Status Reporting: Get comprehensive security alerts including Dependabot, code scanning, and secret scanning

Prerequisites

  • Node.js
  • npm (included with Node.js)
  • GitHub CLI (gh) installed and authenticated

Authentication

This MCP server is using the GitHub CLI to get a token for the current authenticated user, and use this for authentication purposes.

Usage

Starting the Server

npm start

For development with automatic rebuilding on file changes:

npm run dev

For debugging and inspecting the server:

npm run inspect

VS Code Integration

Running Latest Publised Version

To use the latest publised version, you can choose to add a new tool, select Command (stdio) and use the command npx @rickardhf/github-security-mcp-server.

If you want to just change the mcp.json config file, you can use this configuration

{
    "servers": {
        "my-local-mcp-server": {
            "type": "stdio",
            "command": "npx",
            "args": [
                "@rickardhf/github-security-mcp-server"
            ]
        }
    },
    ...
}

Running Local Version

To use the local version of the mcp server in your editor you can run the built file of your project in a similar way to what is displayed under here. You simply add this server configuration to the mcp.json file, either globally or for that specific workspace.

{
    "servers": {
        "my-local-mcp-server": {
            "type": "stdio",
            "command": "node",
            "args": [
                "c:\\repos\\private\\mcptest\\dist\\index.js"
            ]
        }
    }
}

If you first run the command npm run local-install it will install it globally on your local computer. Then you can run it by using the following configuration

{
    "servers": {
        "my-local-mcp-server": {
            "type": "stdio",
            "command": "npx",
            "args": [
                "github-security-mcp-server"
            ]
        }
    }
}

Available Tools

Get GitHub User

Retrieves information about a GitHub user.

Example:

Get information about the GitHub user "octocat"

Create Security Issue

Creates a security issue in a GitHub repository with proper formatting and security-related labels.

Example:

Create a security issue for XSS vulnerability in the login form

List Security Issues

Lists all security issues in a GitHub repository that have both the "bug" and "security" labels.

Example:

List security issues in the repository "owner/repo-name"

Get Security Status

Retrieves the security status of a GitHub repository, including:

  • Dependabot alerts
  • Code scanning alerts
  • Secret scanning alerts

Example:

Get security status for the repository "owner/repo-name"

Project Structure

  • src/index.ts: Main entry point and server configuration
  • src/common/: Shared utilities and type definitions
    • utils.ts: Shared utility functions (GitHub token retrieval)
    • types.ts: TypeScript type definitions
  • src/operations/: Tool implementations
    • process.ts: Security issue creation functionality