The NPM Sentinel MCP server provides AI-driven NPM package analysis and insights, allowing you to:
- Version Analysis: Retrieve all versions and track release history
- Latest Version Information: Get current version details and changelog
- Dependency Analysis: Analyze dependencies and devDependencies
- TypeScript Support: Check compatibility and type availability
- Package Size: Analyze bundle size and import cost
- Security Vulnerabilities: Scan for vulnerabilities with severity ratings
- Download Trends: Get statistics over various time periods
- Package Comparison: Compare multiple packages based on metrics
- Maintainer Information: Access details and activity metrics
- Package Quality Scores: Assess quality, maintenance, and popularity
- README Retrieval: Get formatted package documentation
- Package Search: Find packages with customizable limits
- License Compatibility: Check compatibility between licenses
- Repository Statistics: Access GitHub and repository metrics
- Deprecation Status: Identify deprecated packages and alternatives
- Changelog Analysis: Summarize changes and release impacts
- Alternative Packages: Discover similar packages with comparisons
- Quality & Maintenance Metrics: Assess code quality and activity status
- Server Documentation: Access MCP specification resources
Provides integration with GitHub workflows for continuous integration and deployment of the MCP server
Enables distribution and installation of the MCP server as an npm package, with tracking of downloads and usage
Offers donation capabilities through PayPal for supporting the development of the MCP server
Incorporates dynamic badges from Shields.io to display package statistics and build status
Utilizes TypeScript for type safety and developer experience, with strict typing throughout the codebase
Implements schema validation using Zod to validate input parameters for the utility tools provided by the server
NPM Sentinel MCP
A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.
Features
- Version analysis and tracking
- Dependency analysis and mapping
- Security vulnerability scanning
- Package quality metrics
- Download trends and statistics
- TypeScript support verification
- Package size analysis
- Maintenance metrics
- Real-time package comparisons
- Standardized error handling and MCP response formats
- Efficient caching for improved performance and API rate limit management
- Rigorous schema validation and type safety using Zod
Note: The server provides AI-assisted analysis through MCP integration.
Installation
Install in VS Code
Add this to your VS Code MCP config file. See VS Code MCP docs for more info.
Docker
Build
Usage
You can run the MCP server using Docker with directory mounting to /projects
:
For multiple directories:
Note: All mounted directories must be under /projects
for proper access.
Usage with Claude Desktop
Add this to your claude_desktop_config.json
:
Configuration file locations:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
- Linux: (Claude for Desktop does not officially support Linux at this time)
NPX
API
The server exposes its tools via the Model Context Protocol. All tools adhere to a standardized response format:
Resources
npm://registry
: NPM Registry interfacenpm://security
: Security analysis interfacenpm://metrics
: Package metrics interface
Server Resources
The server also provides the following informational resources accessible via MCP GetResource
requests:
doc://server/readme
:- Description: Retrieves the main
README.md
file content for this NPM Sentinel MCP server. - MIME Type:
text/markdown
- Description: Retrieves the main
doc://mcp/specification
:- Description: Retrieves the
llms-full.txt
content, providing the comprehensive Model Context Protocol specification. - MIME Type:
text/plain
- Description: Retrieves the
Tools
npmVersions
- Get all versions of a package
- Input:
packages
(string[]) - Returns: Version history with release dates
npmLatest
- Get latest version information
- Input:
packages
(string[]) - Returns: Latest version details and changelog
npmDeps
- Analyze package dependencies
- Input:
packages
(string[]) - Returns: Complete dependency tree analysis
npmTypes
- Check TypeScript support
- Input:
packages
(string[]) - Returns: TypeScript compatibility status
npmSize
- Analyze package size
- Input:
packages
(string[]) - Returns: Bundle size and import cost analysis
npmVulnerabilities
- Scan for security vulnerabilities
- Input:
packages
(string[]) - Returns: Security advisories and severity ratings
npmTrends
- Get download trends
- Input:
packages
(string[])period
("last-week" | "last-month" | "last-year")
- Returns: Download statistics over time
npmCompare
- Compare multiple packages
- Input:
packages
(string[]) - Returns: Detailed comparison metrics
npmMaintainers
- Get package maintainers
- Input:
packages
(string[]) - Returns: Maintainer information and activity
npmScore
- Get package quality score
- Input:
packages
(string[]) - Returns: Comprehensive quality metrics
npmPackageReadme
- Get package README
- Input:
packages
(string[]) - Returns: Formatted README content
npmSearch
- Search for packages
- Input:
query
(string)limit
(number, optional)
- Returns: Matching packages with metadata
npmLicenseCompatibility
- Check license compatibility
- Input:
packages
(string[]) - Returns: License analysis and compatibility info
npmRepoStats
- Get repository statistics
- Input:
packages
(string[]) - Returns: GitHub/repository metrics
npmDeprecated
- Check for deprecation
- Input:
packages
(string[]) - Returns: Deprecation status and alternatives
npmChangelogAnalysis
- Analyze package changelogs
- Input:
packages
(string[]) - Returns: Changelog summaries and impact analysis
npmAlternatives
- Find package alternatives
- Input:
packages
(string[]) - Returns: Similar packages with comparisons
npmQuality
- Assess package quality
- Input:
packages
(string[]) - Returns: Quality metrics and scores
npmMaintenance
- Check maintenance status
- Input:
packages
(string[]) - Returns: Maintenance activity metrics
Build
License
This MCP server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.
MIT © nekzus
You must be authenticated.
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol server that provides tools for code modification and generation via Large Language Models, allowing users to create, modify, rewrite, and delete files using structured XML instructions.Last updated -12PythonMIT License
- AsecurityAlicenseAqualityA Model Context Protocol server that provides tools for interacting with Gmail and Calendar APIs, enabling programmatic management of emails and calendar events.Last updated -87JavaScriptMIT License
- -securityAlicense-qualityA demonstration server that implements the Model Context Protocol (MCP) SDK, providing tools and endpoints for server-sent events and message handling.Last updated -27TypeScriptMIT License
- -security-license-qualityA simple implementation of a Model Context Protocol server that demonstrates core functionality including mathematical tools (add, subtract) and personalized greeting resources.Last updated -3PythonGPL 3.0