{
  "name": "io.github.snyk/snyk-ls",
  "description": "The official Snyk MCP lets an AI coding assistant scan a project for security vulnerabilities — open-source dependencies, code patterns, container images, infrastructure-as-code — and surface the findings inline in the conversation. Built for the \"fix it before commit\" workflow rather than the periodic CI scan. Note: the standalone @snyk/mcp-server package is archived — Snyk now ships the MCP surface inside its language server (snyk-ls) and IDE integrations rather than as a separate npm package. New installs should use the language-server-bundled MCP via the Snyk extension for VS Code or JetBrains.",
  "status": "active",
  "version": "latest",
  "_meta": {
    "com.top-mcps/lastVerified": "2026-05-31",
    "com.top-mcps/score": {
      "value": 73,
      "rubricVersion": "2026-04",
      "lastComputed": "2026-06-02T13:16:41.646Z",
      "methodology": "https://top-mcps.com/about/methodology"
    },
    "com.top-mcps/stats": {
      "fetchedAt": "2026-06-02T11:55:52.314Z",
      "githubStars": 80,
      "lastCommitAt": "2026-05-27T10:49:45Z"
    }
  },
  "repository": {
    "url": "https://github.com/snyk/snyk-ls",
    "source": "github"
  },
  "author": {
    "name": "Snyk"
  },
  "packages": [
    {
      "registryType": "npm",
      "registryBaseUrl": "https://registry.npmjs.org",
      "identifier": "@snyk/mcp-server",
      "version": "latest",
      "transport": {
        "type": "stdio"
      },
      "environmentVariables": [
        {
          "name": "SNYK_TOKEN",
          "description": "SNYK_TOKEN — required credential for Snyk (MCP archived).",
          "isRequired": true,
          "isSecret": true
        }
      ]
    }
  ],
  "capabilities": {
    "security": {
      "scope": "network",
      "sandbox": "Snyk API token in env. Source code for Snyk Code scans is uploaded to the Snyk service. OSS scans use the local manifest only. Use the lowest-privilege token your plan supports.",
      "gotchas": [
        "Source upload happens for Code scans — review data-residency policy before enabling on sensitive repos.",
        "Snyk tokens are long-lived; rotate per the credential-rotation playbook.",
        "Free-tier rate limits apply per token; coordinate across the team to avoid surprise throttling."
      ]
    }
  },
  "_links": {
    "html": "https://top-mcps.com/mcp/snyk",
    "markdown": "https://top-mcps.com/mcp/snyk.md",
    "methodology": "https://top-mcps.com/about/methodology"
  }
}