cli-mcp-go-ecosystem / vuln by-module

vuln by-module - cli-mcp-go-ecosystem CLI reference

NAME

by-module - every advisory affecting a module path

SYNOPSIS

by-module

DESCRIPTION

Returns every advisory affecting a given Go module path. Output is a JSON array of OSV-shaped advisories. Empty array means no known advisories at this time.

MCP tool name: vuln_by-module. Input: args (string array, first element is the module path).

Examples:

cli-mcp-go-ecosystem vuln by-module golang.org/x/crypto
# [{"id":"GO-2024-...","affected":[...]}, ...]

# module with no known advisories
cli-mcp-go-ecosystem vuln by-module github.com/urfave/cli/v3
# []

# MCP form
mcporter call go-ecosystem.vuln_by-module \
  --args '{"args":["golang.org/x/crypto"]}'

The module path is the same canonical form used in go.mod. Pass the full module path; do not include a version. Advisories include their own affected.ranges data so you can determine which versions are vulnerable.

Operating model: do not interpret an empty result as "this module is safe forever". Re-query before major releases or on a schedule. The database is updated as new advisories are published.

Usage:

by-module [GLOBAL OPTIONS] [command [COMMAND OPTIONS]] [ARGUMENTS...]