// MCP TOOL REFERENCE

DEPSCOPE TOOLS

22 tools from the Depscope MCP Server, categorised by risk level.

View the Depscope policy →
// ALL 22 DEPSCOPE TOOLS
READ 18 tools
Read check_bulk Fast pre-flight filter for a batch of (ecosystem, package) pairs. DB-only, <100ms for 100 items. USE WHEN: ... Read check_compatibility Is this specific multi-package version combo verified to work together? USE WHEN: pinning a stack (next@15 ... Read check_malicious Supply-chain malware check against OpenSSF/OSV. USE WHEN: about to suggest install of an unvetted/unfamilia... Read check_package Full machine-readable JSON report (~2k tokens). USE WHEN: you need to programmatically parse specific field... Read check_typosquat Typosquat detector. USE WHEN: name differs from a well-known package by 1-2 chars (`lodsh`, `reqeusts`); co... Read compare_packages Side-by-side comparison (health, vulns, downloads, maintainers, last release) of 2-10 packages in the same ... Read contact_depscope Inbound ticket: bug/listing/security/anomaly/partnership. USE WHEN: reporting wrong data (`bug`), requestin... Read find_alternatives Curated replacements for deprecated/unhealthy packages, including stdlib built-ins (e.g. `fs.rm` for rimraf... Read get_breaking_changes Breaking changes between two majors of the SAME package (`next@14`→`15`). USE WHEN: user is bumping a major... Read get_health_score Single 0-100 health score — cheapest go/no-go gate (>=70 safe). USE WHEN: CI gating or pkg already screened... Read get_known_bugs Non-CVE known bugs for a specific package version. USE WHEN: unexpected behavior that is NOT a security iss... Read get_latest_version Latest published version + deprecation flag — the cheapest call. USE WHEN: only a version string matters (p... Read get_migration_path Prescriptive migration plan between DIFFERENT packages — rationale + literal code diff + breaking changes +... Read get_package_prompt LLM-optimised package brief — plain text ~300 tokens (~75% cheaper than JSON). Verdict (SAFE/AVOID/URGENT/M... Read get_trending Live trending packages with rank-delta and weekly growth %. USE WHEN: 'what is rising in npm/PyPI/Cargo rig... Read get_trust_signals One-call aggregate of ALL non-CVE supply-chain trust signals: maintainer trust (bus factor, ownership chang... Read get_vulnerabilities CVE/OSV advisories affecting the latest (or specified) version. USE WHEN: security-sensitive project; user ... Read scan_project Full dep-list audit with per-package health+vulns and prioritized actions (REMOVE NOW / URGENT / REPLACE / ...
WRITE 4 tools
Write install_command Canonical install command(s) across every package manager of the ecosystem (npm/pnpm/yarn/bun, pip/uv/poetr... Write package_exists Boolean registry existence check. USE WHEN: about to emit a package name in an install command but unsure i... Write pin_safe Highest version below the chosen CVE severity tier, respecting a semver constraint. USE WHEN: writing a pac... Write resolve_error Map error OR free-text query to a verified fix. USE WHEN: user pastes a concrete error/stack (ENOENT, Impor...
// FAQ
How many tools does the Depscope MCP server have? +

The Depscope MCP server exposes 22 tools across 2 categories: Read, Write.

How do I enforce policies on Depscope tools? +

Route the Depscope server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do Depscope tools fall into? +

Depscope tools are categorised as Read (18), Write (4). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.