BBonnard CLIUltra-fast to deploy agentic-first mcp-ready semantic layer. Let your data be like water. Bonnard is a CLI for building and deploying semantic layers. Define metrics and dimensions in YAML, deploy a governed MCP server, and serve AI agents and BI tools. Supports Snowflake, BigQuery, Databricks, PostgreSQL, and more. Ships with native integrations for Claude Code, Cursor, and Codex. GitHub: https://github.com/meal-inc/bonnard-cli Docs: https://docs.bonnard.dev/docs/ npm: https://www.npmjs.com/package/@bonnard/cli
mcp-so:bonnard_Bonnard
View sourceFirst Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
2
Score
100/100
Findings (2)
Detects npx executing packages from unverified sources without pinned versions
npx @bonnard/cli Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.
Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.
Detects global installation of packages which affects the host system
npm
install
-g
@Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.
Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.