@ansvar/eu-regulations-mcp Apache-2.0 2 versions

@ansvar/eu-regulations-mcp

The first open-source MCP server for European cybersecurity regulations. Query DORA, NIS2, GDPR, EU AI Act, and more directly from Claude.

Versions

Apache-2.0

License

Yes

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

ansvar

mcpmodel-context-protocolcompliancegdprnis2doraai-acteu-regulationscybersecuritycyber-resilience-acteuropean-unionlegalregulatoryclaudellm

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
install-scripts	install-script:postinstall	AI (install-scripts): Conditional tsc build only if dist is absent; no network fetch or arbitrary code execution.	ai	2026/05/09
phantom-deps	phantom-dep:ajv	AI (phantom-deps): ajv is declared in dependencies and likely used via config validation or indirect import; stable false positive for this package.	ai	2026/05/09
phantom-deps	phantom-dep:jsdom	AI (phantom-deps): jsdom declared in dependencies; used in test/build context per package.json scripts; stable false positive.	ai	2026/05/09

Version	Deps	Published
1.1.2	5 / 14	2026-02-17
0.1.0	3 / 6	2026-01-26

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

2 findings

HIGH Package has 'postinstall' script install-scripts

Script: test -f dist/index.js || npm run build

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.