npx -y @considered/harmful
Most MCP servers suggest
using npx -y as the recommended way to install a server. This downloads and
executes arbitrary scripts from the internet. This is grossly insecure and I
think the MCP authors should use more secure ways to package and distribute
their MCP servers to users.
This package was created as a joke to illustrate this.
Usage
npx -y @considered/harmful