forked from ArtyMcLabin/Gmail-MCP-Server
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsocket.yml
More file actions
38 lines (33 loc) · 1.25 KB
/
Copy pathsocket.yml
File metadata and controls
38 lines (33 loc) · 1.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Socket.dev configuration for @klodr/gmail-mcp
# https://docs.socket.dev/docs/socket-yml-reference
#
# Each rule below is intentionally configured. The "false" entries silence
# alerts that are intrinsic to what this MCP does and are documented.
# High-value supply-chain alerts (unstableOwnership, unmaintained,
# manifestConfusion) are NOT suppressed globally — suppress those
# per-package with `@SocketSecurity ignore <name>@<version>` comments
# on the relevant PR if a specific transitive dep generates a false
# positive.
version: 2
projectIgnorePaths:
- "test/**"
- "scripts/**"
- "examples/**"
- "dist/**"
githubApp:
enabled: true
pullRequestAlertsEnabled: true
secretAlertsEnabled: true
issueRules:
# Silence the alerts that are intrinsic to what this MCP does (read env,
# read local files, call Gmail API, hardcode a small list of Google
# endpoint URLs). Each is intentional and documented in README.md
# (Configuration / Security sections) and .github/SECURITY.md.
envVars: false
filesystemAccess: false
networkAccess: false
urlStrings: false
hasIPProxy: false
# gptDidYouMean fires on fuzzy package-name matches and is noisy on MCP
# naming (e.g. "@modelcontextprotocol" near other SDK names).
gptDidYouMean: false