npx/bunx pulls latest on every run
AI security governance · MCP security
Severity
high
What it is
Command fetches latest version on each invocation — code can change between runs.
How Igris detects it
Igris's Rug Pull Detector flags this during MCP security scans of your configuration.
References
Related MCP security rules
Secure your AI estate with Igris