tanav.aiScanResearchARDGet Started
Open appTry free scan →
Checkers / CHK-144
CHK-144
MEDIUM – HIGH

Unpinned npx/bunx/pnpx version in .mcp.json

category: supply_chain · source: services/scanner/mcp_config_scanner.py
OWASP MCP Top 10MCP-T09Supply Chain Compromise

What it detects

An .mcp.json entry invoking npx, bunx, or pnpx where the package argument has no version pin at all (HIGH) or uses a semver range like ^1.0.0 (MEDIUM). Either way, a future published version — including a compromised one — is silently pulled and run on the next Claude/Cursor startup, with no diff, no review, and no warning to the developer.

This is distinct from CHK-013, which covers the explicit @latest case — CHK-144 catches the more common pattern of simply omitting a version entirely.

Real example

@upstash/context7-mcp1.06M downloads/weekCONFIRMED

Found unpinned across multiple scanned configs. At that download volume, one compromised maintainer account would auto-propagate to every developer with this config on their next Claude startup.

How to fix it

Pin to an exact version and commit the pin to version control

Replace the bare package argument with an explicit version: "@scope/package@1.2.3" instead of "@scope/package". Update the pin intentionally when you want the new version, rather than letting every startup silently accept whatever was published most recently.

// Before:
"args": ["-y", "@upstash/context7-mcp"]

// After:
"args": ["-y", "@upstash/context7-mcp@1.2.3"]
Reference →