npm · mcp-gitlab2.1.11

RemediationAI

The exact problem is that OAuth tokens and PATs are loaded once at module initialization from environment variables and cached globally, causing all MCP tool invocations to authenticate as the same identity regardless of which caller initiated the request. The concrete fix is to refactor the authentication layer to accept caller identity as a parameter to each tool function and retrieve or validate credentials per-request rather than using module-level cached tokens—specifically, modify the tool handler functions to accept a `callerContext` or `requestAuth` parameter and call a new `getAuthTokenForCaller(callerContext)` function instead of referencing the global cached token. This fix eliminates the vulnerability by ensuring each API call authenticates with the correct caller's credentials, preventing privilege escalation or cross-caller data access. To verify, add a test that calls the same tool twice with different caller identities and confirm that each request uses the corresponding caller's token by inspecting the Authorization header or mocking the GitLab API client.

Evidence

},

  "scripts": {

    "build": "tsc && node -e \"require('fs').chmodSync('build/index.js', '755')\"",

    "prepare": "npm run build",

    "dev": "npm run build && node build/index.js",

    "watch": "tsc --watch",

    "deploy": "npm publish --access public",

RemediationAI

The exact problem is that the `prepare` npm script runs `npm run build` automatically whenever the package is installed, executing arbitrary TypeScript compilation and file permission changes on any developer's or CI system's machine during installation. The concrete fix is to remove the `"prepare": "npm run build"` line from the `scripts` section in package.json and instead ship pre-built artifacts (the compiled `build/index.js`) in the published npm package, or document that consumers must run `npm run build` manually after installation. This fix eliminates the vulnerability by ensuring that installation of the package does not trigger code execution, reducing supply-chain attack surface and giving users explicit control over when compilation occurs. To verify, run `npm install` in a clean directory and confirm that no TypeScript compilation or file modifications occur; then document the build step as a separate manual or CI-only operation.