All @redhat-cloud-services/hcc-feo-mcp versions
@redhat-cloud-services/hcc-feo-mcp @0.3.2
HCC Frontend Operator MCP package for dynamic schema-driven FEO configuration management
Maintainers
Keywords
Dependencies (7)
| Package | Constraint | Registry Status |
|---|---|---|
| ajv | ^8.12.0 | auto_approved |
| zod | ^3.25.76 | auto_approved |
| yaml | ^2.3.4 | auto_approved |
| tslib | ^2.3.0 | auto_approved |
| node-fetch | ^3.3.2 | auto_approved |
| typescript | ^5.0.0 | auto_approved |
| @modelcontextprotocol/sdk | ^1.22.0 | auto_approved |
Transitive Dependency Tree
Changes from v0.3.0
Dependency Changes
Script Changes
+ preinstallFile Changes
Risk Dispositions (1 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
install-script:preinstall |
— | reject | sean | redhat-cloud-services supply-chain compromise (2026-06-01): injected preinstall hook. Auto-reject any version with a preinstall script. |
SAST Findings (4)
Script: node index.js
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Review Summary
Risk score: 85. Findings: 3 high (+75), 1 medium (+10), 3 info (+0).
Published to npm: