Provenance Monitor FAQs

Question 1

Which package managers are supported?

Accepted Answer

Currently, Provenance Monitor supports MCP servers published on npm and PyPI.

Question 2

How can I add provenance to my MCP server packages?

Accepted Answer

For NPM packages, see GitHub's documentation on generating provenance statements. For PyPI packages, refer to PyPI's documentation on producing attestations. Links are available in the tool's documentation.

Question 3

What does Provenance Monitor do?

Accepted Answer

Provenance Monitor is a web-based dashboard that tracks the software supply chain provenance of local MCP (Model Context Protocol) server packages. It helps you understand where your software comes from and verify its integrity.

Question 4

How often is the data updated?

Accepted Answer

The server data is refreshed daily, so please allow up to 24 hours for new packages or provenance information to appear.

Question 5

Why is my newly released package missing provenance?

Accepted Answer

The data is refreshed daily. If you've just released a new version with provenance, please allow up to one day for the update to appear in the dashboard.

Provenance Monitor

주요 기능

사용 사례

Provenance Monitor

주요 기능

사용 사례