Dependencies in light of recent npm exploit

Question

Dependencies in light of recent npm exploit

Closed this issue 12 days ago · 4 comments

How did you handle the dependencies in light of the recent npm exploit?
Do you regard this server as safe at the present time?

Answer 1 · 2025-10-24T20:27:57.000Z

Thanks for opening this issue. The ticket MCP-272 was created for internal tracking.

Answer 2 · 2025-10-27T09:29:05.000Z

Hi @jwoehr ,

we weren't affected by the latest supply chain attacks in the npm ecosystem and the server is, as far as we know, safe for use.

We are not aware of any CVE affecting any of our dependencies.

We have dependabot configured to find security issues, and we have in our plans to tighten the security even more.

Are you concerned about anything specific?

Answer 3 · 2025-10-27T14:15:20.000Z

No special concerns, @kmruiz , just wondering if the team is on top of the supply chain hack.
Looking at using the server in a project.
Thanks for your response.

Answer 4 · 2025-10-28T13:58:16.000Z

The corresponding JIRA ticket has been automatically closed.