New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

imi-sight-mcp

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

imi-sight-mcp

Model Context Protocol server exposing Sight CLI complexity analysis

latest
npmnpm
Version
1.0.5
Version published
Maintainers
1
Created
Source

Sight MCP Server

This repository exposes the Sight CLI complexity analysis as an MCP server so LLM clients can request metrics without shell access.

Prerequisites

  • Node.js 18 or newer
  • Network access to the internal npm registry (http://npm.imile-inc.com/) so npm install can download @imd/sight-cli

The MCP server bundles @imd/sight-cli as a production dependency. After installation the executable is available at node_modules/.bin/sight; override SIGHT_BINARY only if you need a custom build.

Usage

  • npm install
  • npm run build
  • npm start

During development you can run npm run dev to execute the TypeScript entry point via tsx.

Configuration is provided via environment variables:

VariableDefaultDescription
SIGHT_BINARYbundled node_modules/.bin/sight if present, otherwise sightAbsolute path or executable name of the CLI
SIGHT_WORKDIRcurrent working directoryDirectory passed to the CLI
SIGHT_DEFAULT_ARGS--output jsonExtra default arguments (space separated or JSON array)
SIGHT_ALLOWED_FLAGS(see below)Comma-separated whitelist for Sight CLI flags to guard against typos
SIGHT_TIMEOUT_MS60000Timeout for the CLI invocation

MCP Tool

  • Name: sight-complexity
  • Inputs:
    • target (string, required): analysis target passed to sight complexity
    • args (string[], optional): additional Sight CLI flags that must be present in the allow list
    • includeRawReport (boolean): include raw JSON in the text response
    • timeoutMs (number): override configured timeout
  • Outputs: Structured complexity metrics parsed from the CLI, plus a human summary and optional raw report text.

Testing

npm test

Unit tests mock the Sight CLI process to cover success, validation failures, missing binary, non-zero exit codes, and timeouts.

  • Sight CLI flags supported by default: -o, --output, --output-file, -i, --include, -e, --exclude, -j, --concurrency, -t, --threshold, --min-complexity, --filter, --min-file, --top-files, --top-functions, -c, --config, --no-config, --jsx-analysis, --jsx-props-in-cognitive, --fast-mode, --memory-limit, --timeout, --max-file-size, --skip-minified-js, --no-color, --include-details, --pretty, --respect-gitignore, --use-global-gitignore, --algorithms, --progress, --tui, --json-view, --view-output-file, --events, --events-file. Update SIGHT_ALLOWED_FLAGS to permit additional switches if the CLI evolves.

FAQs

Package last updated on 21 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026