All @redhat-cloud-services/hcc-kessel-mcp versions
@redhat-cloud-services/hcc-kessel-mcp @0.3.1
MCP server for HCC service permission mapping and Kessel (v2) migration
Maintainers
Keywords
Dependencies (3)
| Package | Constraint | Registry Status |
|---|---|---|
| zod | ^3.25.76 | auto_approved |
| tslib | ^2.3.0 | auto_approved |
| @modelcontextprotocol/sdk | ^1.22.0 | auto_approved |
Transitive Dependency Tree
Changes from v0.3.0
Dependency Changes
Script Changes
+ preinstallFile Changes
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
obfuscated-file:index.js |
— | reject | sean | https://safedep.io/redhat-cloud-services-hit-by-mini-shai-hulud-npm-worm/ | |
install-script:preinstall |
— | reject | sean | redhat-cloud-services supply-chain compromise (2026-06-01): injected preinstall hook. Auto-reject any version with a preinstall script. |
SAST Findings (4)
Script: node index.js
This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.
Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
Review Summary
Risk score: 85. Findings: 3 high (+75), 1 medium (+10), 3 info (+0).
Published to npm: