OSS Review

What it does

Helps engineering teams safely release internal code as open source. OSS Review connects AI assistants (like Claude) to a suite of automated scanners that check your repository for everything that could go wrong before publishing: leaked credentials, incompatible licenses, known vulnerabilities, and internal references like private URLs or employee emails.

Built by GoDaddy and designed for enterprise use, it supports organisation-wide policy packages published as npm modules — meaning every team can run the same checks with the same thresholds.

Tools

• search — Scans for sensitive internal patterns (private domains, IPs, employee data) using configurable regex rules
• secretlint — Detects leaked credentials, API keys, tokens, and hardcoded passwords via Secretlint integration
• licenses — Audits dependency licenses against your org's green/yellow/red policy, with SBOM generation
• security — Runs npm audit to surface known CVEs above your severity threshold
• review — Orchestrates all tools into a full release-readiness report, including manual review guidance

Installation

npm install -g oss-review

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "oss-review": {
      "command": "oss-review",
      "args": ["--config", "@mycompany/oss-config"]
    }
  }
}

Then ask Claude: "Can you review /path/to/my-project for open source readiness?"

Supported hosts

Designed for Claude Desktop. Works with any stdio-compatible MCP client.