Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@mcp-registry/highlight-github-mcp
Advanced tools
@mcp-registry/highlight-github-mcp
The GitHub MCP server provides functionality to extract diffs from Pull Requests.
GitHub Integration
The GitHub MCP server provides functionality to extract diffs from Pull Requests.
Available Tools
get_diff_pr
Retrieves the diff content from a GitHub Pull Request.
Parameters:
owner: Repository owner/organization namerepo: Repository namepr_number: Pull Request number
Returns: Object containing:
content: String containing the PR diff
Authentication
Required: Set the GitHub Personal Access Token as an environment variable:
export GITHUB_TOKEN=<your-github-token>
The token needs at least repo scope permissions to access private repositories. For public repositories, a token with public_repo scope is sufficient.
Error Handling
The server implements standard error handling:
- Missing/invalid token returns
ErrorCode.AuthenticationError - Invalid repository details return
ErrorCode.InvalidParams - Non-existent PR returns
ErrorCode.NotFound - Failed diff fetches return formatted error messages
- Graceful shutdown on SIGINT
Technical Details
- Built using the Highlight AI MCP SDK
- Uses GitHub REST API v3
- Input validation via Zod
- Runs as a stdio-based MCP server
- Supports Node.js >=18.0.0
Limitations
- Rate limits apply based on GitHub API restrictions
- Large diffs may be truncated according to GitHub API limits
- Token requires appropriate repository access permissions
FAQs
The GitHub MCP server provides functionality to extract diffs from Pull Requests.
We found that @mcp-registry/highlight-github-mcp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Apr 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025