# apitap > CLI, MCP server, and npm library that turns any website into an API — no docs, no SDK, no browser. - **URL**: https://www.freshcrate.ai/projects/apitap - **Author**: n1byn1kt - **Category**: MCP Servers - **Latest version**: `v1.12.1` (2026-05-29) - **License**: NOASSERTION - **Source**: https://github.com/n1byn1kt/apitap - **Homepage**: https://www.apitap.io - **Language**: TypeScript - **GitHub**: 81 stars, 8 forks - **Registry**: github - **Tags**: `ai-agent`, `api`, `browser-automation`, `mcp`, `mcp-server`, `playwright`, `skill-file`, `typescript`, `web-scraping` ## Description CLI, MCP server, and npm library that turns any website into an API — no docs, no SDK, no browser. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v1.12.1` | 2026-05-29 | High | ## Fixed - **Capture no longer overwrites existing skill files** (#55, PR #56): `apitap capture` / `apitap_capture` / `apitap_capture_finish` previously rewrote a domain's skill file with only the current session's endpoints, silently dropping endpoints captured earlier. `finish()` now merges the fresh capture with the existing on-disk skill — union by `METHOD + normalized path`, fresh capture wins on re-seen endpoints, prior endpoints carried over — so re-capturing a domain accretes coverage in | | `v1.11.0` | 2026-04-08 | High | ## Trap-Aware Mode (new in v1.11.0) ApiTap now inspects the web content it consumes on your agent's behalf: - **`apitap read`** scans raw HTML for hidden content containing explicit prompt-injection markers before extraction. Results are annotated on the response via a `findings[]` field; content is never modified. Enabled by default — opt out with `--no-scan`. - **`apitap replay`** optionally scans outbound request bodies and query strings for secret patterns (SSH keys, cloud credentials, API | | `v1.10.2` | 2026-04-03 | Medium | ## What's Changed * fix: legacy canonicalization fallback for pre-March-5 skill files by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/48 * docs: document apitap mcp subcommand, fix #46 by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/47 * fix: add fallback for pre-Feb-22 fixed-salt signature verification by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/49 **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.10.1...v1.10.2 | | `v1.10.1` | 2026-04-02 | Medium | ## Security - Updated `path-to-regexp` to 8.4.2 to fix ReDoS vulnerabilities (CVE-2026-4926, CVE-2026-4923) - Affected versions: 8.0.0 - 8.3.0 (transitive via `express → router → path-to-regexp`) - Attack surface: low (local CLI/MCP tool, not public-facing server) - All 1422 tests passing No breaking changes. Recommended upgrade for all users. | | `v1.10.0` | 2026-03-29 | Medium | ## What's Changed * feat: add known-specs.json and --from known import source (#43) by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/44 **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.9.4...v1.10.0 | | `v1.9.4` | 2026-03-22 | Low | **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.9.3...v1.9.4 | | `v1.9.3` | 2026-03-22 | Low | **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.9.2...v1.9.3 | | `v1.9.2` | 2026-03-22 | Low | ## What's Changed * fix(extension): close scrubbing gap and make passive indexing opt-in by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/41 **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.9.1...v1.9.2 | | `v1.9.1` | 2026-03-22 | Low | ## What's Changed * fix(github): hybrid org scan — code search + name-heuristic probe by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/42 **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.9.0...v1.9.1 | | `v1.9.0` | 2026-03-22 | Low | ## What's Changed * feat: GitHub import — discover OpenAPI specs from orgs and topics by @n1byn1kt in https://github.com/n1byn1kt/apitap/pull/40 **Full Changelog**: https://github.com/n1byn1kt/apitap/compare/v1.8.2...v1.9.0 | ## Dependency audit - **Score**: 98/100 - **Total deps**: 8 - **Resolved**: 8 - **Unresolved**: 0 - **License conflicts**: 0 - **Warnings**: 1 - **Scanned**: 2026-05-18 ## Citation - HTML: https://www.freshcrate.ai/projects/apitap - Markdown: https://www.freshcrate.ai/projects/apitap.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/apitap/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._