Skip to content
Tools / mcp-toolbox / Dependencies

Dependency Analysis

mcp-toolbox

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV
57% Freshness
2505 Dependencies
855 Outdated
0 Stale
9.3 Avg Behind

Dependency List

Latest release v1.1.0

All 2504 Outdated 1101 Has CVE 44 GPL 7
Dependency Type Current Latest Behind CVE License
mariadb
npm
 Transitive 3.4.5 3.5.2 2 behind LGPL-2.1-or-later
mariadb
npm
 Transitive 3.4.5 3.5.2 2 behind LGPL-2.1-or-later
@opentelemetry/api
npm
 Transitive 1.9.0 1.9.1 1 behind Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
@opentelemetry/api
npm
 Transitive 1.9.0 1.9.1 1 behind Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
@opentelemetry/api
npm
 Transitive 1.9.0 1.9.1 1 behind Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
github.com/martignoni/hugo-notice
golang
 Direct v0.0.0-20240707105359-40327ac00cc4 GPL-3.0 AND GPL-3.0-only
node-forge
npm
 Transitive 1.4.0 1.4.0 Current BSD-3-Clause OR GPL-2.0-only

License Breakdown

MIT 1482
Apache-2.0 457
ISC 160
BSD-3-Clause 120
Unknown 99
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 46
Apache-2.0 AND BSD-3-Clause 39
BSD-2-Clause 24
CC0-1.0 AND MIT 21
BlueOak-1.0.0 13
Apache-2.0 AND MIT 5
0BSD 4
Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only) 3
BSD-2-Clause AND BSD-3-Clause 3
Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 2
BSD-2-Clause AND JSON 2
ISC AND MIT 2
LGPL-2.1-or-later 2
LicenseRef-scancode-generic-cla AND MIT 2
MIT AND MIT-0 2
MIT OR (MIT AND WTFPL) 2
MPL-2.0 2
AFL-2.1 AND AFL-3.0 AND BSD-3-Clause 1
Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause 1
Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSL-1.0 AND CC-BY-3.0 AND HPND AND MIT AND NCSA AND OpenSSL AND Zlib 1
Apache-2.0 AND BSD-3-Clause AND MIT 1
Apache-2.0 AND CC-BY-SA-4.0 1
Apache-2.0 AND LicenseRef-scancode-dco-1.1 AND MIT 1
Apache-2.0 AND Unlicense 1
BSD-3-Clause OR GPL-2.0-only 1
CC-BY-4.0 1
GPL-3.0 AND GPL-3.0-only 1
LicenseRef-scancode-public-domain 1
MIT-0 1

CVE Severity

critical 3
high 19
medium 14
low 2
unknown 6

Beta — feedback welcome: [email protected]