Skip to main content
Glama
deenesjakoruzh
jfrog

JFrog MCP Server

Official
by jfrog
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Remote

jfrog_get_package_versions

Retrieve versions of a package with publication dates and filter by vulnerability status. Supports Python, Node, Java, Go, .NET, Hugging Face, and Ruby packages.

Instructions

Useful for when you need to get a list of versions of a publicly available package. it can tell you each version's publication date. Can also filter based on version vulnerability status.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
nameYesThe name of the package, as it appears in the package repository.
typeYesThe type of package.

Implementation Reference

  • tools/catalog.ts:137-192 (handler)
    The core handler function that constructs a GraphQL query to fetch the latest 10 versions of a package from JFrog Catalog, processes the response, and returns validated version information including version, published date, and license.
    export async function getPackageVersions(options: JFrogCatalogPackageSchema) { const query = `query GetCatalogPackageVersions($type: String!, $name: String!, $first: Int) { package(type: $type, name: $name) { name description vcsUrl homepage versions(first: $first, orderBy: {field: PUBLISHED, direction: DESC}) { edges { node { version published licenseInfo { expression } } } } } }`; const variables = { type: options.type, name: options.name, first: 10 }; function processResponse(response: unknown): JFrogCatalogPackageVersionResponseSchema[] { const validatedResponse = JFrogCatalogGraphQLResponseSchema.parse(response); if (!validatedResponse.data?.package?.versions?.edges) { throw new Error("Invalid response format from JFrog API: Missing required data"); } return validatedResponse.data.package.versions.edges.map(edge => ({ version: edge.node.version, published: edge.node.published, licenseInfo: edge.node.licenseInfo })); } const processedData = await jfrogRequest( "xray/catalog/graphql", { method: "POST", body: JSON.stringify({ query, variables }) }, (response) => processResponse(response) ); if (!Array.isArray(processedData)) { throw new Error("Invalid processed data format. Expected an array."); } return JFrogCatalogPackageVersionResponseSchema.array().parse(processedData); }
  • tools/catalog.ts:363-373 (registration)
    Tool registration object defining the name, description, input schema, and a thin wrapper handler that parses arguments and delegates to the core getPackageVersions function. This object is included in the CatalogTools export array used by the main tools index.
    const getCatalogPackageVersionsTool = { name: "jfrog_get_package_versions", description: "Useful for when you need to get a list of versions of a publicly available package. " + "it can tell you each version's publication date. Can also filter based on version vulnerability status.", inputSchema: zodToJsonSchema(JFrogCatalogPackageSchema), //outputSchema: zodToJsonSchema(JFrogCatalogPackageVersionResponseSchema), handler: async (args: any) => { const parsedArgs = JFrogCatalogPackageSchema.parse(args); return await getPackageVersions(parsedArgs); } };
  • schemas/catalog.ts:14-17 (schema)
    Input schema using Zod for validating the tool's parameters: package type (e.g., npm, maven) and package name.
    export const JFrogCatalogPackageSchema = z.object({ type: z.enum(JFrogCatalogSupportedPackageTypes).describe("The type of package."), name: z.string().describe("The name of the package, as it appears in the package repository.") });
  • schemas/catalog.ts:28-32 (schema)
    Output schema element for each package version returned by the tool, including version, published date, and optional license info.
    export const JFrogCatalogPackageVersionResponseSchema = z.object({ version: z.string().describe("The version of the package, as it appears in the package repository."), published: z.string().describe("A timestamp of when this version was published."), licenseInfo: JFrogCatalogLicenseInfoResponseSchema.optional().describe("License information about this package.") });
  • common/utils.ts:55-92 (helper)
    Reusable helper function called by the handler to perform the actual HTTP POST request to the JFrog Catalog GraphQL endpoint, handling authentication via env vars, headers, and post-processing.
    export async function jfrogRequest( urlPath: string, options: RequestOptions = {}, postProcess: (data: unknown) => unknown = (x) => x ): Promise<unknown> { const headers: Record<string, string> = { "Content-Type": "application/json", "User-Agent": USER_AGENT, ...options.headers, }; if (process.env.JFROG_ACCESS_TOKEN) { headers["Authorization"] = `Bearer ${process.env.JFROG_ACCESS_TOKEN}`; } const baseUrl = normalizeJFrogBaseUrl(process.env.JFROG_URL || ""); const path = urlPath.startsWith("/") ? urlPath.substring(1) : urlPath; const url = baseUrl ? `${baseUrl}${path}` : urlPath; try { const axiosConfig: AxiosRequestConfig = { method: options.method || "GET", url, headers, data: options.body, }; const response = await axios(axiosConfig); return postProcess(response.data); return response.data; } catch (error) { if (axios.isAxiosError(error) && error.response) { throw createJFrogError(error.response.status, error.response.data); } throw error; } }

This server cannot be installed

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jfrog/mcp-jfrog'

If you have feedback or need assistance with the MCP directory API, please join our Discord server