low

@hugeicons/mcp-server

v0.2.1

MCP server for Hugeicons search and usage documentation

npmhugeiconsFirst seen Feb 22, 2026

Total

Critical

High

Medium

Findings

unknown

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    1: // Free package that's always available
    2: const FREE_PACKAGE = '@hugeicons/core-free-icons';
>>> 3: // Pro packages that require authentication via .npmrc or similar package manager config
    4: const PRO_PACKAGES = [
    5:     '@hugeicons-pro/core-stroke-rounded',

Report false positive

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    15: // All available packages - pro packages require authentication
    16: const CORE_PACKAGES = [FREE_PACKAGE, ...PRO_PACKAGES];
>>> 17: // Note: Pro packages (@hugeicons-pro/*) require authentication via .npmrc or similar package manager config files
    18: // with the appropriate registry token. Without authentication, only the free package (@hugeicons/core-free-icons)
    19: // will be accessible.

Report false positive

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    28: // Using free icons (available by default)
    29: import { Notification03Icon } from '@hugeicons/core-free-icons'
>>> 30: // Pro icons require authentication via .npmrc or similar config
    31: // import { Notification03Icon } from '@hugeicons-pro/core-stroke-rounded'
    32:

Report false positive

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    54: // Using free icons (available by default)
    55: import { Notification03Icon } from '@hugeicons/core-free-icons'
>>> 56: // Pro icons require authentication via .npmrc or similar config
    57: // import { Notification03Icon } from '@hugeicons-pro/core-stroke-rounded'
    58: </script>

Report false positive

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    81: // Using free icons (available by default)
    82: import { Notification03Icon } from '@hugeicons/core-free-icons'
>>> 83: // Pro icons require authentication via .npmrc or similar config
    84: // import { Notification03Icon } from '@hugeicons-pro/core-stroke-rounded'
    85:

Report false positive

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    111:   // Using free icons (available by default)
    112:   import { Notification03Icon } from '@hugeicons/core-free-icons'
>>> 113:   // Pro icons require authentication via .npmrc or similar config
    114:   // import { Notification03Icon } from '@hugeicons-pro/core-stroke-rounded'
    115: </script>

Report false positive

highDE-008Data ExfiltrationMedium ConfidenceLine 0

NPM config access (may contain tokens)

Detected by automated pattern matching (rule DE-008) with medium confidence. May be a false positive.

    135: // Using free icons (available by default)
    136: import { Notification03Icon } from '@hugeicons/core-free-icons'
>>> 137: // Pro icons require authentication via .npmrc or similar config
    138: // import { Notification03Icon } from '@hugeicons-pro/core-stroke-rounded'
    139:

Report false positive