@getbeebase/mcp UNLICENSED 29 versions

@getbeebase/mcp

npm

Model Context Protocol server for Beebase — stdio (local) and HTTP/SSE (remote) transports. Manage projects, queues, functions, realtime, RLS, storage via Claude/Cursor/Claude.ai.

29

Versions

UNLICENSED

License

No

Install Scripts

Missing

Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

amaurimoran

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:dist/server.js	AI (source-diff): esbuild --minify output; build script is declared in package.json and samples show benign MCP tool definitions.	ai	2026/05/27
phantom-deps	phantom-dep:express	AI (phantom-deps): Same esbuild bundling pattern; express is imported in dist/httpServer.js.	ai	2026/05/27
phantom-deps	phantom-dep:@modelcontextprotocol/sdk	AI (phantom-deps): Same esbuild bundling pattern; SDK is imported in both dist files.	ai	2026/05/27
source-diff	obfuscated-file:dist/httpServer.js	AI (source-diff): esbuild --minify output; build script is declared in package.json and samples show benign MCP/Express code.	ai	2026/05/27
phantom-deps	phantom-dep:jose	AI (phantom-deps): Deps are bundled via esbuild --packages=external; imports appear in dist output, not raw source files scanned.	ai	2026/05/27
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decode is standard JWT header parsing to inspect the 'alg' field; canonical authentication pattern, not obfuscation.	ai	2026/04/25
typosquat	typosquat.levenshtein:yup	AI (typosquat): Scoped package @getbeebase/mcp is a BaaS MCP server; Levenshtein match to 'yup' is a false positive with no visual or semantic similarity.	ai	2026/04/25

Versions (showing 29 of 29)

Version	Deps	Published
0.17.1	3 / 1	2026-05-01
0.17.0	3 / 0	2026-04-29
0.16.0	3 / 0	2026-04-29
0.15.0	3 / 0	2026-04-28
0.14.0	3 / 0	2026-04-28
0.13.0	3 / 0	2026-04-28
0.12.0	3 / 0	2026-04-28
0.11.0	3 / 0	2026-04-28
0.10.3	3 / 0	2026-04-28
0.10.2	3 / 0	2026-04-28
0.10.1	3 / 0	2026-04-28
0.10.0	3 / 0	2026-04-27
0.9.7	3 / 0	2026-04-25
0.9.5	3 / 0	2026-04-25
0.9.4	3 / 0	2026-04-25
0.9.3	3 / 0	2026-04-25
0.9.2	2 / 0	2026-04-25
0.9.1	2 / 0	2026-04-25
0.9.0	2 / 0	2026-04-25
0.8.8	1 / 0	2026-04-25
0.7.0	1 / 0	2026-04-24
0.6.3	1 / 0	2026-04-24
0.6.2	1 / 0	2026-04-24
0.6.1	1 / 0	2026-04-24
0.5.2	1 / 0	2026-04-24
0.5.1	1 / 0	2026-04-23
0.5.0	1 / 0	2026-04-23
0.4.1	1 / 0	2026-04-23
0.4.0	1 / 0	2026-04-23

v0.17.1

3 findings

HIGH New obfuscated file: dist/httpServer.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/server.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.16.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.15.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.14.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.13.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.12.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.11.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.7

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.9.5

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.9.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.8

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.7.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.6.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.6.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.6.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.5.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.