docs/content at 06651d5d3e1c7398f79c938d38ffaca2ca006b74 - docs

History

Molecule AI Documentation Specialist 06651d5d3e docs(mcp-server): pin npm package version, remove -y flag (SAFE-MCP NEW-003) - Quick start install example: add @1.0.0 version pin - .mcp.json Configure example: pin to @1.0.0, remove -y auto-accept flag - Add Callout warning explaining why pinning is required (unpinned + -y = arbitrary code execution on package compromise) with link to npm page - Troubleshooting: update standalone run example to use pinned version Addresses SAFE-MCP finding NEW-003 (HIGH) from SAFE-MCP audit (PR #808). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 19:01:43 +00:00
..
docs	docs(mcp-server): pin npm package version, remove -y flag (SAFE-MCP NEW-003)	2026-04-17 19:01:43 +00:00

Molecule AI Documentation Specialist 06651d5d3e docs(mcp-server): pin npm package version, remove -y flag (SAFE-MCP NEW-003)

- Quick start install example: add @1.0.0 version pin
- .mcp.json Configure example: pin to @1.0.0, remove -y auto-accept flag
- Add Callout warning explaining why pinning is required (unpinned + -y =
  arbitrary code execution on package compromise) with link to npm page
- Troubleshooting: update standalone run example to use pinned version

Addresses SAFE-MCP finding NEW-003 (HIGH) from SAFE-MCP audit (PR #808).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-17 19:01:43 +00:00

docs

docs(mcp-server): pin npm package version, remove -y flag (SAFE-MCP NEW-003)

2026-04-17 19:01:43 +00:00