The production service at https://api.npmplus.dev/mcp is protected infrastructure:
- Only maintainers can deploy to production
- Automatic deployments are disabled for security
- Contributors cannot trigger production builds
- Manual deployment verification ensures stability
When contributing to this project:
- β Your changes will be reviewed before any production deployment
- β You can test locally using the self-deployment guide
- β CI/CD tests ensure code quality without production access
- β Your contributions are valued and will be properly credited
For production enterprise deployments:
- Deploy your own instance using the deployment guide
- Control your own infrastructure and security policies
- Customize as needed for your environment
- Full ownership of your deployment and data
If you discover a security vulnerability:
- Do NOT open a public issue
- Email directly to: [email protected]
- Include details about the vulnerability
- We will respond within 24 hours
When self-deploying:
- β Use environment variables for sensitive configuration
- β Enable HTTPS for all endpoints
- β Set up rate limiting for production use
- β Monitor access logs and usage patterns
- β Keep dependencies updated regularly
| Version | Supported |
|---|---|
| 1.0.x | β Yes |
| < 1.0 | β No |
Only the latest version receives security updates.