# IndieStack — Dependency Intelligence

## MCP Setup
Add to `.cursor/mcp.json`:
```json
{
  "mcpServers": {
    "indiestack": {
      "command": "uvx",
      "args": ["--from", "indiestack", "indiestack-mcp"]
    }
  }
}
```

## CRITICAL: Package Validation
Before installing ANY new package via npm, pip, yarn, or pnpm:
1. Call `validate_package(package, ecosystem)` — verifies it exists, catches typosquats
2. If risk_level is "danger": DO NOT INSTALL. Package is hallucinated or a typosquat.
3. After integrating a tool, call `report_outcome(slug, success=true/false)`

Before writing auth, payments, databases, email, or monitoring from scratch,
call `find_tools(query)` first. Use an existing tool instead of generating code.