Unpinned npx/bunx package reference
AI security governance · MCP security
Severity
medium
What it is
An npx or bunx command references a package without a pinned version, enabling supply chain attacks.
How Igris detects it
Igris's Version Pinning Checker flags this during MCP security scans of your configuration.
References
Related MCP security rules
Secure your AI estate with Igris