Unpinned npx/bunx/pnpx version in .mcp.json
What it detects
An .mcp.json entry invoking npx, bunx, or pnpx where the package argument has no version pin at all (HIGH) or uses a semver range like ^1.0.0 (MEDIUM). Either way, a future published version — including a compromised one — is silently pulled and run on the next Claude/Cursor startup, with no diff, no review, and no warning to the developer.
This is distinct from CHK-013, which covers the explicit @latest case — CHK-144 catches the more common pattern of simply omitting a version entirely.
Real example
Found unpinned across multiple scanned configs. At that download volume, one compromised maintainer account would auto-propagate to every developer with this config on their next Claude startup.
How to fix it
Replace the bare package argument with an explicit version: "@scope/package@1.2.3" instead of "@scope/package". Update the pin intentionally when you want the new version, rather than letting every startup silently accept whatever was published most recently.
// Before: "args": ["-y", "@upstash/context7-mcp"] // After: "args": ["-y", "@upstash/context7-mcp@1.2.3"]Reference →