mirror of
https://github.com/czlonkowski/n8n-mcp.git
synced 2026-01-30 06:22:04 +00:00
217825c6e1
Implements 5 of 8 security fixes from Issue #265 Phase 2: ✅ COMPLETED: - **MEDIUM-05: Dependency Audit Documentation** - Added Security & Dependencies section to README.md - Documents that n8n package vulnerabilities are upstream responsibilities - Explains our direct dependencies are kept up to date - Provides security update workflow - **HIGH-01: SQL Injection ESLint Safeguards** - Installed ESLint with TypeScript support - Created eslint.config.js with no-restricted-syntax rule - Blocks template literals in db.exec() calls - Added JSDoc @security comments to 8 existing db.exec() calls - All static SQL statements documented and safe - **MEDIUM-02: Input Length Limits** - Reduced express.json() body size from 10mb to 1mb - Added URL length validation middleware (2048 char limit) - Returns HTTP 414 for oversized URLs - Logs input_validation_failure events - **HIGH-08: Security Headers** - Installed helmet package - Configured comprehensive CSP, Referrer-Policy, HSTS, Permissions-Policy - Disabled x-powered-by header - All security headers now present on responses - **HIGH-04: Error Sanitization Consistency** - Updated Express global error handler - Now uses sanitizeErrorForClient() method - Ensures no stack traces or internal details leak in any mode - Production-safe error responses ⏳ REMAINING (to be completed): - HIGH-06: CORS production validation - HIGH-05: Multi-tenant shared mode safety check - MEDIUM-04: Audit logging event field verification Files modified: - README.md (new Security & Dependencies section) - package.json, package-lock.json (eslint, helmet dependencies) - eslint.config.js (new ESLint flat config) - src/http-server-single-session.ts (security headers, input limits, error handler) - src/templates/template-repository.ts (JSDoc security comments) - src/scripts/fetch-templates.ts (JSDoc security comments) Part of Issue #265 security audit remediation. Next: Complete remaining 3 fixes, add tests, version bump to 2.16.4. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
163 lines
7.3 KiB
JSON
163 lines
7.3 KiB
JSON
{
|
|
"name": "n8n-mcp",
|
|
"version": "2.16.3",
|
|
"description": "Integration between n8n workflow automation and Model Context Protocol (MCP)",
|
|
"main": "dist/index.js",
|
|
"bin": {
|
|
"n8n-mcp": "./dist/mcp/index.js"
|
|
},
|
|
"scripts": {
|
|
"build": "tsc -p tsconfig.build.json",
|
|
"rebuild": "node dist/scripts/rebuild.js",
|
|
"rebuild:optimized": "node dist/scripts/rebuild-optimized.js",
|
|
"validate": "node dist/scripts/validate.js",
|
|
"test-nodes": "node dist/scripts/test-nodes.js",
|
|
"start": "node dist/mcp/index.js",
|
|
"start:http": "MCP_MODE=http node dist/mcp/index.js",
|
|
"start:http:fixed": "MCP_MODE=http USE_FIXED_HTTP=true node dist/mcp/index.js",
|
|
"start:n8n": "N8N_MODE=true MCP_MODE=http node dist/mcp/index.js",
|
|
"http": "npm run build && npm run start:http:fixed",
|
|
"dev": "npm run build && npm run rebuild && npm run validate",
|
|
"dev:http": "MCP_MODE=http nodemon --watch src --ext ts --exec 'npm run build && npm run start:http'",
|
|
"test:single-session": "./scripts/test-single-session.sh",
|
|
"test:mcp-endpoint": "node scripts/test-mcp-endpoint.js",
|
|
"test:mcp-endpoint:curl": "./scripts/test-mcp-endpoint.sh",
|
|
"test:mcp-stdio": "npm run build && node scripts/test-mcp-stdio.js",
|
|
"test": "vitest",
|
|
"test:ui": "vitest --ui",
|
|
"test:run": "vitest run",
|
|
"test:coverage": "vitest run --coverage",
|
|
"test:ci": "vitest run --coverage --coverage.thresholds.lines=0 --coverage.thresholds.functions=0 --coverage.thresholds.branches=0 --coverage.thresholds.statements=0 --reporter=default --reporter=junit",
|
|
"test:watch": "vitest watch",
|
|
"test:unit": "vitest run tests/unit",
|
|
"test:integration": "vitest run --config vitest.config.integration.ts",
|
|
"test:integration:n8n": "vitest run tests/integration/n8n-api",
|
|
"test:cleanup:orphans": "tsx tests/integration/n8n-api/scripts/cleanup-orphans.ts",
|
|
"test:e2e": "vitest run tests/e2e",
|
|
"lint": "tsc --noEmit",
|
|
"lint:eslint": "eslint 'src/**/*.ts'",
|
|
"typecheck": "tsc --noEmit",
|
|
"update:n8n": "node scripts/update-n8n-deps.js",
|
|
"update:n8n:check": "node scripts/update-n8n-deps.js --dry-run",
|
|
"fetch:templates": "node dist/scripts/fetch-templates.js",
|
|
"fetch:templates:update": "node dist/scripts/fetch-templates.js --update",
|
|
"fetch:templates:extract": "node dist/scripts/fetch-templates.js --extract-only",
|
|
"fetch:templates:robust": "node dist/scripts/fetch-templates-robust.js",
|
|
"prebuild:fts5": "npx tsx scripts/prebuild-fts5.ts",
|
|
"test:templates": "node dist/scripts/test-templates.js",
|
|
"test:protocol-negotiation": "npx tsx src/scripts/test-protocol-negotiation.ts",
|
|
"test:workflow-validation": "node dist/scripts/test-workflow-validation.js",
|
|
"test:template-validation": "node dist/scripts/test-template-validation.js",
|
|
"test:essentials": "node dist/scripts/test-essentials.js",
|
|
"test:enhanced-validation": "node dist/scripts/test-enhanced-validation.js",
|
|
"test:ai-workflow-validation": "node dist/scripts/test-ai-workflow-validation.js",
|
|
"test:mcp-tools": "node dist/scripts/test-mcp-tools.js",
|
|
"test:n8n-manager": "node dist/scripts/test-n8n-manager-integration.js",
|
|
"test:n8n-validate-workflow": "node dist/scripts/test-n8n-validate-workflow.js",
|
|
"test:typeversion-validation": "node dist/scripts/test-typeversion-validation.js",
|
|
"test:error-handling": "node dist/scripts/test-error-handling-validation.js",
|
|
"test:workflow-diff": "node dist/scripts/test-workflow-diff.js",
|
|
"test:transactional-diff": "node dist/scripts/test-transactional-diff.js",
|
|
"test:tools-documentation": "node dist/scripts/test-tools-documentation.js",
|
|
"test:url-configuration": "npm run build && ts-node scripts/test-url-configuration.ts",
|
|
"test:search-improvements": "node dist/scripts/test-search-improvements.js",
|
|
"test:fts5-search": "node dist/scripts/test-fts5-search.js",
|
|
"migrate:fts5": "node dist/scripts/migrate-nodes-fts.js",
|
|
"test:mcp:update-partial": "node dist/scripts/test-mcp-n8n-update-partial.js",
|
|
"test:update-partial:debug": "node dist/scripts/test-update-partial-debug.js",
|
|
"test:issue-45-fix": "node dist/scripts/test-issue-45-fix.js",
|
|
"test:auth-logging": "tsx scripts/test-auth-logging.ts",
|
|
"test:docker": "./scripts/test-docker-config.sh all",
|
|
"test:docker:unit": "./scripts/test-docker-config.sh unit",
|
|
"test:docker:integration": "./scripts/test-docker-config.sh integration",
|
|
"test:docker:security": "./scripts/test-docker-config.sh security",
|
|
"sanitize:templates": "node dist/scripts/sanitize-templates.js",
|
|
"db:rebuild": "node dist/scripts/rebuild-database.js",
|
|
"benchmark": "vitest bench --config vitest.config.benchmark.ts",
|
|
"benchmark:watch": "vitest bench --watch --config vitest.config.benchmark.ts",
|
|
"benchmark:ui": "vitest bench --ui --config vitest.config.benchmark.ts",
|
|
"benchmark:ci": "CI=true node scripts/run-benchmarks-ci.js",
|
|
"db:init": "node -e \"new (require('./dist/services/sqlite-storage-service').SQLiteStorageService)(); console.log('Database initialized')\"",
|
|
"docs:rebuild": "ts-node src/scripts/rebuild-database.ts",
|
|
"sync:runtime-version": "node scripts/sync-runtime-version.js",
|
|
"update:readme-version": "node scripts/update-readme-version.js",
|
|
"prepare:publish": "./scripts/publish-npm.sh",
|
|
"update:all": "./scripts/update-and-publish-prep.sh",
|
|
"test:release-automation": "node scripts/test-release-automation.js",
|
|
"prepare:release": "node scripts/prepare-release.js"
|
|
},
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "git+https://github.com/czlonkowski/n8n-mcp.git"
|
|
},
|
|
"keywords": [
|
|
"n8n",
|
|
"mcp",
|
|
"model-context-protocol",
|
|
"ai",
|
|
"workflow",
|
|
"automation"
|
|
],
|
|
"author": "Romuald Czlonkowski @ www.aiadvisors.pl/en",
|
|
"license": "MIT",
|
|
"bugs": {
|
|
"url": "https://github.com/czlonkowski/n8n-mcp/issues"
|
|
},
|
|
"homepage": "https://github.com/czlonkowski/n8n-mcp#readme",
|
|
"files": [
|
|
"dist/**/*",
|
|
"data/nodes.db",
|
|
".env.example",
|
|
"README.md",
|
|
"LICENSE",
|
|
"package.runtime.json"
|
|
],
|
|
"devDependencies": {
|
|
"@faker-js/faker": "^9.9.0",
|
|
"@testing-library/jest-dom": "^6.6.4",
|
|
"@types/better-sqlite3": "^7.6.13",
|
|
"@types/express": "^5.0.3",
|
|
"@types/node": "^22.15.30",
|
|
"@types/ws": "^8.18.1",
|
|
"@typescript-eslint/eslint-plugin": "^8.45.0",
|
|
"@typescript-eslint/parser": "^8.45.0",
|
|
"@vitest/coverage-v8": "^3.2.4",
|
|
"@vitest/runner": "^3.2.4",
|
|
"@vitest/ui": "^3.2.4",
|
|
"axios": "^1.11.0",
|
|
"axios-mock-adapter": "^2.1.0",
|
|
"eslint": "^9.37.0",
|
|
"fishery": "^2.3.1",
|
|
"msw": "^2.10.4",
|
|
"nodemon": "^3.1.10",
|
|
"ts-node": "^10.9.2",
|
|
"typescript": "^5.8.3",
|
|
"vitest": "^3.2.4"
|
|
},
|
|
"dependencies": {
|
|
"@modelcontextprotocol/sdk": "^1.13.2",
|
|
"@n8n/n8n-nodes-langchain": "^1.112.2",
|
|
"@supabase/supabase-js": "^2.57.4",
|
|
"dotenv": "^16.5.0",
|
|
"express": "^5.1.0",
|
|
"express-rate-limit": "^7.1.5",
|
|
"helmet": "^8.1.0",
|
|
"lru-cache": "^11.2.1",
|
|
"n8n": "^1.113.3",
|
|
"n8n-core": "^1.112.1",
|
|
"n8n-workflow": "^1.110.0",
|
|
"openai": "^4.77.0",
|
|
"sql.js": "^1.13.0",
|
|
"uuid": "^10.0.0",
|
|
"zod": "^3.24.1"
|
|
},
|
|
"optionalDependencies": {
|
|
"@rollup/rollup-darwin-arm64": "^4.50.0",
|
|
"@rollup/rollup-linux-x64-gnu": "^4.50.0",
|
|
"better-sqlite3": "^11.10.0"
|
|
},
|
|
"overrides": {
|
|
"pyodide": "0.26.4"
|
|
}
|
|
}
|