A
security-
licenseA
qualityA Model Context Protocol server that allows AI models to fetch detailed information about npm packages and discover popular packages in the npm ecosystem.
Last updated -
1
01
The NPM Sentinel MCP server provides AI-driven NPM package analysis and insights, allowing you to:
Version Analysis: Retrieve all versions and track release history
Latest Version Information: Get current version details and changelog
Dependency Analysis: Analyze dependencies and devDependencies
TypeScript Support: Check compatibility and type availability
Package Size: Analyze bundle size and import cost
Security Vulnerabilities: Scan for vulnerabilities with severity ratings
Download Trends: Get statistics over various time periods
Package Comparison: Compare multiple packages based on metrics
Maintainer Information: Access details and activity metrics
Package Quality Scores: Assess quality, maintenance, and popularity
README Retrieval: Get formatted package documentation
Package Search: Find packages with customizable limits
License Compatibility: Check compatibility between licenses
Repository Statistics: Access GitHub and repository metrics
Deprecation Status: Identify deprecated packages and alternatives
Changelog Analysis: Summarize changes and release impacts
Alternative Packages: Discover similar packages with comparisons
Quality & Maintenance Metrics: Assess code quality and activity status
Server Documentation: Access MCP specification resources
Provides integration with GitHub workflows for continuous integration and deployment of the MCP server
Enables distribution and installation of the MCP server as an npm package, with tracking of downloads and usage
Offers donation capabilities through PayPal for supporting the development of the MCP server
Incorporates dynamic badges from Shields.io to display package statistics and build status
Utilizes TypeScript for type safety and developer experience, with strict typing throughout the codebase
Implements schema validation using Zod to validate input parameters for the utility tools provided by the server
NPM Sentinel MCP
A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.
Features
Version analysis and tracking
Dependency analysis and mapping
Security vulnerability scanning
Package quality metrics
Download trends and statistics
TypeScript support verification
Package size analysis
Maintenance metrics
Real-time package comparisons
Standardized error handling and MCP response formats
Efficient caching for improved performance and API rate limit management
Rigorous schema validation and type safety using Zod
Note: The server provides AI-assisted analysis through MCP integration.
Installation
Install in VS Code
Add this to your VS Code MCP config file. See VS Code MCP docs for more info.
{
"servers": {
"npm-sentinel": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@nekzus/mcp-server@latest"]
}
}
}
Docker
Build
# Build the Docker image
docker build -t nekzus/npm-sentinel-mcp .
Usage
You can run the MCP server using Docker with directory mounting to /projects:
{
"mcpServers": {
"npm-sentinel-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-w", "/projects",
"--mount", "type=bind,src=${PWD},dst=/projects",
"nekzus/npm-sentinel-mcp",
"node",
"dist/index.js"
]
}
}
}
For multiple directories:
{
"mcpServers": {
"npm-sentinel-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-w", "/projects",
"--mount", "type=bind,src=/path/to/workspace,dst=/projects/workspace",
"--mount", "type=bind,src=/path/to/other/dir,dst=/projects/other/dir,ro",
"nekzus/npm-sentinel-mcp",
"node",
"dist/index.js"
]
}
}
}
Note: All mounted directories must be under /projects for proper access.
Usage with Claude Desktop
Add this to your claude_desktop_config.json:
{
"mcpServers": {
"npmsentinel": {
"command": "npx",
"args": ["-y", "@nekzus/mcp-server@latest"]
}
}
}
Configuration file locations:
Windows:
%APPDATA%\Claude\claude_desktop_config.jsonmacOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonLinux: (Claude for Desktop does not officially support Linux at this time)
NPX
{
"mcpServers": {
"npm-sentinel-mcp": {
"command": "npx",
"args": [
"-y",
"@nekzus/mcp-server@latest"
]
}
}
}
API
The server exposes its tools via the Model Context Protocol. All tools adhere to a standardized response format:
{
"content": [
{
"type": "text",
"text": "string",
"isError": boolean // Optional
}
// ... more content items if necessary
]
}
Resources
npm://registry: NPM Registry interfacenpm://security: Security analysis interfacenpm://metrics: Package metrics interface
Server Resources
The server also provides the following informational resources accessible via MCP GetResource requests:
doc://server/readme:Description: Retrieves the main
README.mdfile content for this NPM Sentinel MCP server.MIME Type:
text/markdown
doc://mcp/specification:Description: Retrieves the
llms-full.txtcontent, providing the comprehensive Model Context Protocol specification.MIME Type:
text/plain
Tools
npmVersions
Get all versions of a package
Input:
packages(string[])Returns: Version history with release dates
npmLatest
Get latest version information
Input:
packages(string[])Returns: Latest version details and changelog
npmDeps
Analyze package dependencies
Input:
packages(string[])Returns: Complete dependency tree analysis
npmTypes
Check TypeScript support
Input:
packages(string[])Returns: TypeScript compatibility status
npmSize
Analyze package size
Input:
packages(string[])Returns: Bundle size and import cost analysis
npmVulnerabilities
Scan for security vulnerabilities
Input:
packages(string[])Returns: Security advisories and severity ratings
npmTrends
Get download trends
Input:
packages(string[])period("last-week" | "last-month" | "last-year")
Returns: Download statistics over time
npmCompare
Compare multiple packages
Input:
packages(string[])Returns: Detailed comparison metrics
npmMaintainers
Get package maintainers
Input:
packages(string[])Returns: Maintainer information and activity
npmScore
Get package quality score
Input:
packages(string[])Returns: Comprehensive quality metrics
npmPackageReadme
Get package README
Input:
packages(string[])Returns: Formatted README content
npmSearch
Search for packages
Input:
query(string)limit(number, optional)
Returns: Matching packages with metadata
npmLicenseCompatibility
Check license compatibility
Input:
packages(string[])Returns: License analysis and compatibility info
npmRepoStats
Get repository statistics
Input:
packages(string[])Returns: GitHub/repository metrics
npmDeprecated
Check for deprecation
Input:
packages(string[])Returns: Deprecation status and alternatives
npmChangelogAnalysis
Analyze package changelogs
Input:
packages(string[])Returns: Changelog summaries and impact analysis
npmAlternatives
Find package alternatives
Input:
packages(string[])Returns: Similar packages with comparisons
npmQuality
Assess package quality
Input:
packages(string[])Returns: Quality metrics and scores
npmMaintenance
Check maintenance status
Input:
packages(string[])Returns: Maintenance activity metrics
Build
# Build with npm
npm install
npm run build
License
This MCP server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.
MIT © nekzus
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Tools
A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.
Related MCP Servers
- Asecurity-licenseAqualityA Model Context Protocol server that enables AI-powered analysis of NPM packages through multiple tools for security vulnerability scanning, dependency analysis, package comparison, and quality assessment.Last updated -191838TypeScriptMIT License
- -security-license-qualityA Model Context Protocol server that provides tools for NPM package management, including dependency searching, updates, conflict resolution, and version management to help AI assistants safely upgrade project dependencies.Last updated -227MIT License
- Asecurity-licenseAqualityAn all-in-one Model Context Protocol (MCP) server that connects your coding AI to numerous databases, data warehouses, data pipelines, and cloud services, streamlining development workflow through seamless integrations.Last updated -3