From a5dcec576f863264e885677c8f70cdb9dc2d76c8 Mon Sep 17 00:00:00 2001 From: Shane Hughes <> Date: Sat, 4 Apr 2026 09:29:52 -0400 Subject: [PATCH 1/3] feat: add ghostfree tool --- website/data/tools.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/website/data/tools.yml b/website/data/tools.yml index 434f87f7f..9d7cf7aa6 100644 --- a/website/data/tools.yml +++ b/website/data/tools.yml @@ -308,6 +308,41 @@ tools: - macos - launchagent + - id: ghostfree + name: GhostFree — Dependency Vulnerability Scanner + description: >- + An MCP server (with an easy-install VS Code Extension) that helps you find, triage, and fix dependency + vulnerabilities directly from your AI coding assistant. Scans manifest files across + Node.js, Python, Go, Rust, Java, and .NET projects, enriches findings with CVSS scores + and CWE classification from NVD, and flags actively exploited vulnerabilities via the + CISA Known Exploited Vulnerabilities (KEV) catalogue. No signup or API key required. + category: VS Code Extensions + featured: false + requirements: + - VS Code version 1.101.0 or higher + - Internet connection to fetch vulnerability data + links: + github: https://github.com/shane-js/ghostfree + npm: https://www.npmjs.com/package/ghostfree + vscode: vscode:extension/shane-js.ghostfree + vscode-insiders: vscode-insiders:extension/shane-js.ghostfree + marketplace: https://marketplace.visualstudio.com/items?itemName=shane-js.ghostfree + features: + - "🔍 Discover: Finds manifest files across Node.js, Python, Go, Rust, Java, and .NET projects" + - "🛡️ Scan: Queries OSV.dev for published CVEs across all discovered packages" + - "📊 Enrich: Fetches CVSS vectors and CWE classification from NVD" + - "🚨 KEV Check: Flags vulnerabilities listed as actively exploited by CISA" + - "✅ Accept Risks: Record and track accepted risks with justifications" + - "🔌 Zero Config: Installs the MCP server automatically — no JSON editing needed - just start it and run the `/ghostfree.scan` prompt" + tags: + - mcp + - security + - cve + - dependencies + - osv + - npm + - vscode + - id: copilot-swarm-orchestrator name: Copilot Swarm Orchestrator description: >- From ebe226e2b802a9cb31590c5397ea11e814a8133b Mon Sep 17 00:00:00 2001 From: Shane <12244245+shane-js@users.noreply.github.com> Date: Sat, 4 Apr 2026 10:32:24 -0400 Subject: [PATCH 2/3] Update website/data/tools.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- website/data/tools.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/website/data/tools.yml b/website/data/tools.yml index 9d7cf7aa6..64ebcdb6f 100644 --- a/website/data/tools.yml +++ b/website/data/tools.yml @@ -342,6 +342,7 @@ tools: - osv - npm - vscode + - extension - id: copilot-swarm-orchestrator name: Copilot Swarm Orchestrator From 989a10b04ae4031399d7d8039040af811d77f9ef Mon Sep 17 00:00:00 2001 From: Shane <12244245+shane-js@users.noreply.github.com> Date: Sat, 4 Apr 2026 10:32:37 -0400 Subject: [PATCH 3/3] Update website/data/tools.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- website/data/tools.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/data/tools.yml b/website/data/tools.yml index 64ebcdb6f..4237d707c 100644 --- a/website/data/tools.yml +++ b/website/data/tools.yml @@ -315,7 +315,7 @@ tools: vulnerabilities directly from your AI coding assistant. Scans manifest files across Node.js, Python, Go, Rust, Java, and .NET projects, enriches findings with CVSS scores and CWE classification from NVD, and flags actively exploited vulnerabilities via the - CISA Known Exploited Vulnerabilities (KEV) catalogue. No signup or API key required. + CISA Known Exploited Vulnerabilities (KEV) Catalog. No signup or API key required. category: VS Code Extensions featured: false requirements: