Hound MCP
JSON →Hound is a free, open-source MCP server that gives AI coding agents a nose for supply chain security. It scans packages for vulnerabilities, checks licenses, inspects dependency trees, and detects typosquatting â with zero API keys, zero config, and zero cost.
Install
npx -y hound-mcp Tools · 12
- hound_audit Scan an entire lockfile for vulnerabilities across all dependencies
- hound_score 0–100 Hound Score (vulns + scorecard + recency + license) with letter grade
- hound_compare Side-by-side comparison of two packages with a recommendation
- hound_preinstall GO / CAUTION / NO-GO verdict before installing a package
- hound_upgrade Find the minimum safe version upgrade that resolves all known vulns
- hound_license_check Scan a lockfile for license compliance against a policy
- hound_vulns All known vulnerabilities for a package version, grouped by severity
- hound_inspect Full package profile — license, vulns, scorecard, stars, dep count
- hound_tree Full resolved dependency tree with transitive deps
- hound_typosquat Detect typosquatting variants of a package name
- hound_advisories Full advisory details by GHSA, CVE, or OSV ID
- hound_popular Scan popular packages for known vulnerabilities
Links
★ 5 GitHub stars