The MCP SDK Looks Safe. Its Supply Chain Has 11 CRITICAL Single-Maintainer Packages.
📰 Dev.to · Pico
@modelcontextprotocol/sdk scores 75/100. Map the supply chain to depth 2: 21 nodes, 11 CRITICAL. jose (66M/wk), cross-spawn (183M/wk), zod (160M/wk) — all sole maintainer.
DeepCamp AI