Tadas Antanavicius
Tadas Antanavicius
@alexhancock brought this up https://github.com/modelcontextprotocol/registry/pull/33#issuecomment-2876633662: > what validations would we imagine for template strings? Both for validity but also command injection. For example, what would we do if someone submitted...
@sandy081 [asked](https://github.com/modelcontextprotocol/registry/pull/3#issuecomment-2862435420): > May I know if the server definition supports a required publisher property? I remember @sridharavinash mentioning that this can be derived from the repository owner or org....
We originally planned to rate limit authenticated users to one new server per user/org per day. @SecretiveShell flagged: _"please hold off on this for the initial week, as I and...
I originally introduced `package_canonical` into the API schema because, at the time, we were thinking to "pin" the version of the MCP server to _one_ of the referenced source code...
I realized a handful of our examples were still using the old syntax that we are no longer using, which could cause confusion for folks who don't have the context...
We want to avoid the following situations: - Someone submitting a server.json that has a reference to a `package` on npm which they do not have access to - Someone...
Similar to the [api_examples doc](https://github.com/modelcontextprotocol/registry/blob/4f89a896ec37a9234792c3f2df5005e568fc0eee/docs/api_examples.md), we should embed in code the validation that our shapes support a variety of installation formats end to end. We should think through the various...
For the purpose of quickly deleting accidentally-published data. I _think_ we could probably just allow this functionality indefinitely? But I know some registries have a limit (e.g. RubyGems only allows...
Seeing as we aren't serving the use case of direct downloading of packages (like some `npm install ` flow), typosquatting is not a particularly notable risk. However, we should consider...