npm-sentinel-mcp

Nekzus/npm-sentinel-mcp

3.4
ai_chatbotsecuritydeveloper_tools

If you are the rightful owner of npm-sentinel-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

NPM Sentinel MCP is a powerful Model Context Protocol server designed to enhance NPM package analysis using AI. It integrates with Claude and Anthropic AI to provide real-time insights on package security, dependencies, and performance.

NPM Sentinel MCP

smithery badge Github Workflow npm version npm-month npm-total Docker Hub Ask DeepWiki Donate

A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.

Features

  • Version analysis and tracking
  • Dependency analysis and mapping
  • Advanced Security Scanning: Recursive dependency checks, ecosystem awareness (e.g., React), and accurate version resolution.
  • Strict Input Validation: Protection against Path Traversal, SSRF, and Command Injection via rigorous input sanitization.
  • Package quality metrics
  • Download trends and statistics
  • TypeScript support verification
  • Package size analysis
  • Maintenance metrics
  • Real-time package comparisons
  • Standardized error handling and MCP response formats
  • Efficient caching for improved performance and API rate limit management
  • Rigorous schema validation and type safety using Zod

Note: The server provides AI-assisted analysis through MCP integration.

Caching and Invalidation

To ensure data accuracy while maintaining performance, the server implements robust caching strategies:

  • Automatic Invalidation: The cache is automatically invalidated whenever pnpm-lock.yaml, package-lock.json, or yarn.lock changes in your workspace. This ensures you always get fresh data after installing or updating dependencies.
  • Force Refresh: All tools accept an optional ignoreCache: true parameter to bypass the cache and force a fresh lookup from the registry.

Example Usage (JSON-RPC)

When calling a tool, simply include ignoreCache: true in the arguments:

{
  "name": "npmVersions",
  "arguments": {
    "packages": ["react"],
    "ignoreCache": true
  }
}

Installation

Migration to HTTP Streamable

This MCP server now supports both STDIO and HTTP streamable transport. Your existing STDIO configuration will continue to work without changes.

New capabilities:

  • HTTP streamable transport via Smithery.ai
  • Enhanced scalability and performance
  • Interactive testing playground

Development commands:

# Development server with playground
npm run dev

# Build for HTTP
npm run build:http

# Start HTTP server
npm run start:http

Install in VS Code

Add this to your VS Code MCP config file. See VS Code MCP docs for more info.

{
  "servers": {
    "npm-sentinel": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@nekzus/mcp-server@latest"]
    }
  }
}

Smithery.ai Deployment (HTTP Streamable)

This MCP server now supports HTTP streamable transport through Smithery.ai for enhanced scalability and performance. You can deploy it directly on Smithery.ai: Benefits of HTTP deployment:

  • Scalable: Handles multiple concurrent connections
  • Streamable: Real-time streaming responses
  • Managed: Automatic deployment and monitoring
  • Backward Compatible: Still supports STDIO for local development
  • Interactive Testing: Built-in playground for testing tools

Configuration for Smithery.ai:

{
  "mcpServers": {
    "npm-sentinel": {
      "type": "http",
      "url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp"
    }
  }
}

Configuration

The server supports the following configuration options:

Environment VariableCLI ArgumentDefaultDescription
NPM_REGISTRY_URLconfig.NPM_REGISTRY_URLhttps://registry.npmjs.orgURL of the NPM registry to use for all requests
HTTP Deployment (Smithery/Docker)

When deploying via Smithery or Docker, you can configure these options in your configuration file:

{
  "mcpServers": {
    "npm-sentinel": {
      "type": "http",
      "url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp",
      "config": {
        "NPM_REGISTRY_URL": "https://registry.npmjs.org"
      }
    }
  }
}

Docker

Build
# Build the Docker image
docker build -t nekzus/npm-sentinel-mcp .
Usage

You can run the MCP server using Docker with directory mounting to /projects:

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-w", "/projects",
        "--mount", "type=bind,src=${PWD},dst=/projects",
        "nekzus/npm-sentinel-mcp",
        "node",
        "dist/index.js"
      ]
    }
  }
}

For multiple directories:

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-w", "/projects",
        "--mount", "type=bind,src=/path/to/workspace,dst=/projects/workspace",
        "--mount", "type=bind,src=/path/to/other/dir,dst=/projects/other/dir,ro",
        "nekzus/npm-sentinel-mcp",
        "node",
        "dist/index.js"
      ]
    }
  }
}

Note: All mounted directories must be under /projects for proper access.

Usage with Claude Desktop

Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "npmsentinel": {
      "command": "npx",
      "args": ["-y", "@nekzus/mcp-server@latest"]
    }
  }
}

Configuration file locations:

  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Linux: (Claude for Desktop does not officially support Linux at this time)

NPX

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@nekzus/mcp-server@latest"
      ]
    }
  }
}

API

The server exposes its tools via the Model Context Protocol. All tools adhere to a standardized response format:

{
  "content": [
    {
      "type": "text",
      "text": "string",
      "isError": boolean // Optional
    }
    // ... more content items if necessary
  ]
}

Resources

  • npm://registry: NPM Registry interface
  • npm://security: Security analysis interface
  • npm://metrics: Package metrics interface

Server Resources

The server also provides the following informational resources accessible via MCP GetResource requests:

  • doc://server/readme:
    • Description: Retrieves the main README.md file content for this NPM Sentinel MCP server.
    • MIME Type: text/markdown
  • doc://mcp/specification:
    • Description: Retrieves the llms-full.txt content, providing the comprehensive Model Context Protocol specification.
    • MIME Type: text/plain

Tools

npmVersions
  • Get all versions of a package
  • Input: packages (string[])
  • Returns: Version history with release dates
npmLatest
  • Get latest version information
  • Input: packages (string[])
  • Returns: Latest version details and changelog
npmDeps
  • Analyze package dependencies
  • Input: packages (string[])
  • Returns: Complete dependency tree analysis
npmTypes
  • Check TypeScript support
  • Input: packages (string[])
  • Returns: TypeScript compatibility status
npmSize
  • Analyze package size
  • Input: packages (string[])
  • Returns: Bundle size and import cost analysis
npmVulnerabilities
  • Scan for security vulnerabilities
  • Features:
    • Transitive Scanning: Checks dependencies up to depth 2.
    • Ecosystem Awareness: Automatically scans related packages (e.g., React Server Components).
    • Rich Reports: Includes CVE IDs and full summaries.
  • Input: packages (string[])
  • Returns: Detailed security advisories, CVEs, and severity ratings
npmTrends
  • Get download trends
  • Input:
    • packages (string[])
    • period ("last-week" | "last-month" | "last-year")
  • Returns: Download statistics over time
npmCompare
  • Compare multiple packages
  • Input: packages (string[])
  • Returns: Detailed comparison metrics
npmMaintainers
  • Get package maintainers
  • Input: packages (string[])
  • Returns: Maintainer information and activity
npmScore
  • Get package quality score
  • Input: packages (string[])
  • Returns: Comprehensive quality metrics
npmPackageReadme
  • Get package README
  • Input: packages (string[])
  • Returns: Formatted README content
npmSearch
  • Search for packages
  • Input:
    • query (string)
    • limit (number, optional)
  • Returns: Matching packages with metadata
npmLicenseCompatibility
  • Check license compatibility
  • Input: packages (string[])
  • Returns: License analysis and compatibility info
npmRepoStats
  • Get repository statistics
  • Input: packages (string[])
  • Returns: GitHub/repository metrics
npmDeprecated
  • Check for deprecation
  • Input: packages (string[])
  • Returns: Deprecation status and alternatives
npmChangelogAnalysis
  • Analyze package changelogs
  • Input: packages (string[])
  • Returns: Changelog summaries and impact analysis
npmAlternatives
  • Find package alternatives
  • Input: packages (string[])
  • Returns: Similar packages with comparisons
npmQuality
  • Assess package quality
  • Input: packages (string[])
  • Returns: Quality metrics and scores
npmMaintenance
  • Check maintenance status
  • Input: packages (string[])
  • Returns: Maintenance activity metrics

Build

# Install dependencies
npm install

# Build for STDIO (traditional)
npm run build:stdio

# Build for HTTP (Smithery)
npm run build:http

# Development server
npm run dev

License

This MCP server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.

MIT © nekzus

Related MCP Servers

View all ai_chatbot servers →
google-docs-mcp

google-docs-mcp

4.8

by a-bonus

The Ultimate Google Docs MCP Server connects Claude Desktop or other MCP clients to Google Docs, enabling advanced document manipulation through the Model Context Protocol (MCP) and the fastmcp library.

ai_chatbot
paelladoc

paelladoc

4.5

by jlcases

PAELLADOC is an AI-First Development framework implementing the Model Context Protocol (MCP) to enhance LLM interactions with external tools and context.

ai_chatbot
mcp-hfspace

mcp-hfspace

4.5

by evalstate

mcp-hfspace MCP Server connects to Hugging Face Spaces with minimal setup, providing Image Generation capabilities to Claude Desktop.

ai_chatbot
exa-mcp-server

exa-mcp-server

4.5

by exa-labs

A Model Context Protocol (MCP) server allows AI assistants to use the Exa AI Search API for real-time web searches in a secure manner.

research_and_data
mcp-server-calculator

mcp-server-calculator

4.4

by githejie

A Model Context Protocol server for calculating. This server enables LLMs to use calculator for precise numerical calculations.

developer_tools
pg-mcp-server

pg-mcp-server

4.4

by stuzero

unknown

databases
MiniMax-MCP

MiniMax-MCP

4.3

by MiniMax-AI

Official MiniMax Model Context Protocol (MCP) server for interaction with Text to Speech and video/image generation APIs.

ai_chatbot
osp_marketing_tools

osp_marketing_tools

4.3

by open-strategy-partners

A comprehensive suite of tools for technical marketing content creation, optimization, and product positioning based on Open Strategy Partners' proven methodologies.

communication
runno MCP

runno MCP

4.3

by taybenlor

`@runno/mcp` is a Model Context Protocol server that provides a secure code execution environment for AI assistants.

ai_chatbot
just-prompt

just-prompt

4.2

by disler

Just Prompt is a lightweight MCP server providing a unified interface to various LLM providers.

ai_chatbot
jinni

jinni

4.2

by smat-dev

Jinni is a tool designed to efficiently provide Large Language Models (LLMs) with the context of your projects by consolidating relevant project files.

developer_tools
perplexity-mcp

perplexity-mcp

4.2

by jsonallen

A Model Context Protocol (MCP) server that provides web search functionality using Perplexity AI's API, compatible with the Anthropic Claude desktop client.

research_and_data
mcp-server-gemini

mcp-server-gemini

4.2

by aliargun

Gemini MCP Server is a Model Context Protocol server implementation that allows Claude Desktop to interact with Google's Gemini AI models.

ai_chatbot
mcp-server-example

mcp-server-example

4.2

by alejandro-ao

This repository contains an implementation of a Model Context Protocol (MCP) server for educational purposes, demonstrating how to build a functional MCP server that can integrate with various LLM clients.

developer_tools
think-mcp-server

think-mcp-server

4.1

by PhillipRt

The Think Tool MCP Server is an official implementation of Anthropic's 'think' tool, designed to enhance Claude's reasoning capabilities by providing a structured space for complex problem-solving.

ai_chatbot
python-mcp-server-client

python-mcp-server-client

4.1

by GobinFan

MCP Server is a server implementing the Model Context Protocol (MCP) to provide a standardized interface for AI models, connecting external data sources and tools like file systems, databases, or APIs.

ai_chatbot
rails-mcp-server

rails-mcp-server

4.1

by maquina-app

A Ruby implementation of a Model Context Protocol (MCP) server for Rails projects, allowing LLMs to interact with Rails projects.

developer_tools
mcp-perplexity

mcp-perplexity

4.1

by daniel-lxs

The Perplexity MCP Server provides a Python-based interface to the Perplexity API, offering tools for querying responses, maintaining chat history, and managing conversations.

communication
square-mcp-server

square-mcp-server

4.1

by square

The Square Model Context Protocol Server (Beta) allows AI assistants to interact with Square's connect API using the Model Context Protocol standard.

cloud_platforms
mcp-server-openai

mcp-server-openai

4.0

by pierrebrunelle

Query OpenAI models directly from Claude using MCP protocol.

ai_chatbot
drawio-mcp-server

drawio-mcp-server

4.0

by lgazo

The Draw.io MCP server is a Model Context Protocol implementation that integrates Draw.io's diagramming capabilities with AI agentic systems.

ai_chatbot
modelcontextprotocol

modelcontextprotocol

4.0

by perplexityai

An MCP server implementation that integrates the Sonar API to provide Claude with unparalleled real-time, web-wide research.

research_and_data
gateway

gateway

4.0

by centralmind

CentralMind Gateway is a tool designed to expose databases to AI agents via MCP or OpenAPI protocols, providing secure, LLM-optimized APIs.

databases
claude-prompts-mcp

claude-prompts-mcp

3.9

by minipuft

Claude Prompts MCP Server is a universal Model Context Protocol server designed to enhance AI workflows with advanced prompt engineering and orchestration capabilities.

ai_chatbot
NASA-MCP-server

NASA-MCP-server

3.9

by ProgramComputer

A Model Context Protocol (MCP) server for NASA APIs, providing a standardized interface for AI models to interact with NASA's vast array of data sources.

research_and_data
hyper-mcp

hyper-mcp

3.9

by tuananh

hyper-mcp is a fast, secure MCP server that extends its capabilities through WebAssembly plugins.

ai_chatbot
tiktok-mcp

tiktok-mcp

3.9

by Seym0n

The TikTok MCP integrates TikTok access into Claude AI and other apps via TikNeuron.

ai_chatbot