@upstash/context7-mcp

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    375:     }
    376:     else {
>>> 377:         stdioApiKey = cliOptions.apiKey || process.env.CONTEXT7_API_KEY;
    378:         const transport = new StdioServerTransport();
    379:         await server.connect(transport);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    2: import { SERVER_VERSION } from "./constants.js";
    3: const DEFAULT_ENCRYPTION_KEY = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f";
>>> 4: const ENCRYPTION_KEY = process.env.CLIENT_IP_ENCRYPTION_KEY || DEFAULT_ENCRYPTION_KEY;
    5: const ALGORITHM = "aes-256-cbc";
    6: function validateEncryptionKey(key) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    10: export const CONTEXT7_API_BASE_URL = process.env.CONTEXT7_API_URL || `${CONTEXT7_BASE_URL}/api`;
    11: export const RESOURCE_URL = process.env.RESOURCE_URL || MCP_RESOURCE_URL;
>>> 12: export const AUTH_SERVER_URL = process.env.AUTH_SERVER_URL || CONTEXT7_BASE_URL;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    9: export const CLERK_DOMAIN = "clerk.context7.com";
    10: export const CONTEXT7_API_BASE_URL = process.env.CONTEXT7_API_URL || `${CONTEXT7_BASE_URL}/api`;
>>> 11: export const RESOURCE_URL = process.env.RESOURCE_URL || MCP_RESOURCE_URL;
    12: export const AUTH_SERVER_URL = process.env.AUTH_SERVER_URL || CONTEXT7_BASE_URL;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    8: const MCP_RESOURCE_URL = "https://mcp.context7.com";
    9: export const CLERK_DOMAIN = "clerk.context7.com";
>>> 10: export const CONTEXT7_API_BASE_URL = process.env.CONTEXT7_API_URL || `${CONTEXT7_BASE_URL}/api`;
    11: export const RESOURCE_URL = process.env.RESOURCE_URL || MCP_RESOURCE_URL;
    12: export const AUTH_SERVER_URL = process.env.AUTH_SERVER_URL || CONTEXT7_BASE_URL;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    36:     process.env.https_proxy ??
    37:     process.env.HTTP_PROXY ??
>>> 38:     process.env.http_proxy ??
    39:     null;
    40: if (PROXY_URL && !PROXY_URL.startsWith("$") && /^(http|https):\/\//i.test(PROXY_URL)) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1386: You can use the `CONTEXT7_API_KEY` environment variable instead of passing the `--api-key` flag. This is useful for:
    1387: 
>>> 1388: - Storing API keys securely in `.env` files
    1389: - Integration with MCP server setups that use dotenv
    1390: - Tools that prefer environment variable configuration

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1392: **Note:** The `--api-key` CLI flag takes precedence over the environment variable when both are provided.
    1393: 
>>> 1394: **Example with .env file:**
    1395: 
    1396: ```bash

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1395: 
    1396: ```bash
>>> 1397: # .env
    1398: CONTEXT7_API_KEY=your_api_key_here
    1399: ```

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    35: const PROXY_URL = process.env.HTTPS_PROXY ??
    36:     process.env.https_proxy ??
>>> 37:     process.env.HTTP_PROXY ??
    38:     process.env.http_proxy ??
    39:     null;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    34: }
    35: const PROXY_URL = process.env.HTTPS_PROXY ??
>>> 36:     process.env.https_proxy ??
    37:     process.env.HTTP_PROXY ??
    38:     process.env.http_proxy ??

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    33:     return `Request failed with status ${status}. Please try again later.`;
    34: }
>>> 35: const PROXY_URL = process.env.HTTPS_PROXY ??
    36:     process.env.https_proxy ??
    37:     process.env.HTTP_PROXY ??

Decoded base64 content: �M5�m7Ӎ9ӭ;��=ѭ�����Mu�mw׍y׭{��}խ[��]��_

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {"command":"npx -y @upstash/context7-mcp"}

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���)ݲ���Ƭq�^�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����-j�r��{{

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���+.j[-�ب�'^�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���+.j[-�ب�'^�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���+.j[-�ب�'^�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��v�,��n�)��g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: j/ܖ/ܢw��ڶ*'�g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����ޭ�Zrب���u�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r����ޭ�Zrب���u�!

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �������-����*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �������-����*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �������-����*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �������-����*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    330:             const authServerUrl = AUTH_SERVER_URL;
    331:             try {
>>> 332:                 const response = await fetch(`${authServerUrl}/.well-known/oauth-authorization-server`);
    333:                 if (!response.ok) {
    334:                     console.error("[OAuth] Upstream error:", response.status);

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    117: #### Cursor Local Server Connection
    118: 
>>> 119: [![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en/install-mcp?name=context7&config=eyJjb21tYW5kIjoibnB4IC15IEB1cHN0YXNoL2NvbnRleHQ3LW1jcCJ9)
    120: 
    121: ```json

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    100: #### Cursor Remote Server Connection
    101: 
>>> 102: [![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en/install-mcp?name=context7&config=eyJ1cmwiOiJodHRwczovL21jcC5jb250ZXh0Ny5jb20vbWNwIn0%3D)
    103: 
    104: ```json

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    1: ![Cover](https://github.com/upstash/context7/blob/master/public/cover.png?raw=true)
    2: 
>>> 3: [![Install MCP Server](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en/install-mcp?name=context7&config=eyJ1cmwiOiJodHRwczovL21jcC5jb250ZXh0Ny5jb20vbWNwIn0%3D) [<img alt="Install in VS Code (npx)" src="https://img.shields.io/badge/Install%20in%20VS%20Code-0098FF?style=for-the-badge&logo=visualstudiocode&logoColor=white">](https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%7B%22name%22%3A%22context7%22%2C%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22%40upstash%2Fcontext7-mcp%40latest%22%5D%7D)
    4: 
    5: # Context7 MCP - Up-to-date Code Docs For Any Prompt

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    1: import { createCipheriv, randomBytes } from "crypto";
    2: import { SERVER_VERSION } from "./constants.js";
>>> 3: const DEFAULT_ENCRYPTION_KEY = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f";
    4: const ENCRYPTION_KEY = process.env.CLIENT_IP_ENCRYPTION_KEY || DEFAULT_ENCRYPTION_KEY;
    5: const ALGORITHM = "aes-256-cbc";

High-entropy string (5.4 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    1018: #### One-click install:
    1019: 
>>> 1020: [![Add MCP Server context7 to LM Studio](https://files.lmstudio.ai/deeplink/mcp-install-light.svg)](https://lmstudio.ai/install-mcp?name=context7&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkB1cHN0YXNoL2NvbnRleHQ3LW1jcCJdfQ%3D%3D)
    1021: 
    1022: #### Manual set-up:

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    59:         url.searchParams.set("libraryName", libraryName);
    60:         const headers = generateHeaders(context);
>>> 61:         const response = await fetch(url, { headers });
    62:         if (!response.ok) {
    63:             const errorMessage = await parseErrorResponse(response, context.apiKey);

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    86:         url.searchParams.set("libraryId", request.libraryId);
    87:         const headers = generateHeaders(context);
>>> 88:         const response = await fetch(url, { headers });
    89:         if (!response.ok) {
    90:             const errorMessage = await parseErrorResponse(response, context.apiKey);

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.