How do you monitize the hosted version?

I don't, I just wanted to give back to the FOSS community.

If someone finds it useful and want to collaborate with the project they can tip me on ko-fi.

Dont think so. Or it is only a matter of time.

For me it is nextcloud + wireguard

How do you test your projects if there are any infected/affected dependencies used? As i understand it could also be a dependency of a dependency ... that could be affected?

   npm audit

and

   npm audit --fix

Or if you want to know the version of a package you have installed:

   npm ls some-pkg

Or bun

Or hold [Shift] while right clicking

Microsoft's own "you're holding it wrong moment": "You're right clicking wrong"

I recently learned about https://garagehq.deuxfleurs.fr/ but i have no expirience using it

Watching Mr. Robot and seeing the burned batteries the same time...

I understand the problem mentioned with mcp servers but this kind of attack could happen to any external dependency (like a smtp package) i guess

The difference is if you went looking for a smtp package you’d land on an established library with a track record and probably years worth of trust behind it. The Mcp stuff is so new all of that is missing, people are just using stuff that appeared yesterday. It’s the Wild West, you need to have your six shooter ready.

The "postmark-mcp" from the article seems like some random guy's package though, postmark has its own official mcp server as well: https://postmarkapp.com/lp/mcp. It's like installing ublock extension but published by a 'coder3012' account

bun is also working on it: https://github.com/oven-sh/bun/issues/22679