All @mastra/mcp-registry-registry versions
@mastra/mcp-registry-registry @1.0.2
MCP server for registry registry services.
Maintainers
Dependencies (3)
| Package | Constraint | Registry Status |
|---|---|---|
| zod | ^4.3.6 | auto_approved |
| easy-day-js | ^1.11.21 | auto_approved |
| @modelcontextprotocol/sdk | ^1.27.1 | auto_approved |
Dev Dependencies (16)
| Package | Constraint | Registry Status |
|---|---|---|
| tsx | ^4.21.0 | auto_approved |
| hono | ^4.12.8 | auto_approved |
| tsup | ^8.5.1 | auto_approved |
| eslint | ^10.2.1 | auto_approved |
| vitest | 4.1.5 | No greenflagged match |
| cross-env | ^10.1.0 | auto_approved |
| @vitest/ui | 4.1.5 | auto_approved |
| typescript | ^5.9.3 | auto_approved |
| @mastra/mcp | ^1.5.2 | auto_approved |
| @types/node | 22.19.15 | auto_approved |
| @mastra/core | 1.28.0 | auto_approved |
| @internal/lint | 0.0.86 | Not imported |
| @wong2/mcp-cli | ^1.13.0 | Not imported |
| @hono/node-server | ^1.19.11 | auto_approved |
| @vitest/coverage-v8 | 4.1.5 | auto_approved |
| @internal/types-builder | 0.0.61 | Not imported |
Transitive Dependency Tree
Changes from v1.0.1
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | easy-day-js | ^1.11.21 |
File Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression is a strong supply-chain compromise signal for this package; should block until CI/CD publishing is restored. |
SAST Findings (2)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version was published by a different npm account (ehindero) than the most recent previously approved version (GitHub Actions) on 2026-06-17, but ehindero is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
Review Summary
Risk score: 58. Findings: 1 high (+25), 3 medium (+30), 1 low (+3), 2 info (+0).
Published to npm: