I dunno, I’m still pretty surprised the MCP server auth process could pop a calculator on widely adopted clients. The protocol isn’t perfect but that’s totally unnecessary unsafe. Glad it’s fixed!

▲ orphea 4 days ago | parent [-]

  > Glad it’s fixed!

...and they used some random package with version 0.0.1 instead of writing 20 lines of code themselves.

It's astonishing how allergic some people are to writing their own code, even the simplest shit has to be a dependency. Let's increase the attack surface, that's fine, what can go wrong, right?

https://github.com/modelcontextprotocol/use-mcp/commit/96063...

	▲	chrisweekly 4 days ago \| parent [-]
		You have a valid point about dependency management in general, but in this case, the v0.0.1 package was created by the same author "geelen" as the commit you linked. So, they're not allergic to writing the code, and it's not "some random package".