@lightsparkdev/grid-mcp

The official MCP Server for the Lightspark Grid API

Supply chain provenance

Status for the latest visible version.

Maintainers

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:env-spread	AI (semgrep): Intentional pattern: merging upstream client envs into Deno subprocess for MCP server context propagation.	ai	2026/04/29
semgrep	semgrep:base64-decode	AI (semgrep): Standard Basic auth header parsing; not obfuscation.	ai	2026/04/29
semgrep	semgrep:dynamic-require	AI (semgrep): Fires on data-URI base64 construction, not arbitrary module loading.	ai	2026/04/29
semgrep	semgrep:api-obfuscation-reflect	AI (semgrep): Reflect.get used in a Proxy for API access tracking, not evasion.	ai	2026/04/29
phantom-deps	phantom-dep:ajv	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:cors	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:hono	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:jq-web	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:cookie-parser	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@hono/node-server	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:zod-to-json-schema	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29
phantom-deps	phantom-dep:@cloudflare/cabidela	AI (phantom-deps): Framework-scoped package loaded by convention.	ai	2026/04/29
phantom-deps	phantom-dep:zod-validation-error	AI (phantom-deps): Declared dep used via config/convention, not direct import.	ai	2026/04/29

Version	Deps	Published
1.7.1	22 / 0	2026-04-28
1.7.0	22 / 0	2026-04-27