Edison Watch
Security

MCP Dependency Pinning

Supply-chain protection for MCP servers installed via package runners like npx and uvx.

Edison Watch prevents supply-chain attacks by automatically pinning MCP server dependencies on first run.

Purpose

MCP servers installed via package runners (npx, uvx) can be vulnerable to supply-chain attacks if dependencies are updated maliciously. Pinning ensures:

  • Reproducible execution: Same exact code runs every time
  • Tamper resistance: Lockfiles are stored securely and cannot be modified without admin action
  • Version control: Exact package versions are locked, preventing unexpected updates

How It Works

  1. First-Run Resolution: When a server using npx or uvx is first mounted, Edison Watch:

    • Resolves the full transitive dependency graph
    • Generates a lockfile (npm: package-lock.json, Python: uv.lock)
    • Stores the lockfile securely in the local database

  2. Ephemeral Runtime: On each mount:

    • Creates a temporary runtime directory
    • Installs dependencies from the stored lockfile (not from package registries)
    • Executes the server from the isolated runtime environment

  3. Fail-Closed: If pinning fails (network issues, corrupted lockfile), the server will not start. This ensures no unpinned code executes.

Admin Controls

All pinning management is done through the admin dashboard:

  • View Status: See pinned package versions and dates in server overview
  • Clear Pin: Remove cached lockfile to force re-pinning (useful after package updates)
  • Clear All Pins: Bulk operation to clear all server pins

No command-line or environment variable configuration is required-all controls are UI-driven for security and auditability.

Previous

Self-Serve Security

Next

Enterprise

On this page