dependency-audit-mcp
Provides tools to audit a project's npm dependencies against the live npm registry, reporting outdated, deprecated, and license information.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@dependency-audit-mcpAudit this repo's dependencies"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
dependency-audit-mcp
Give your coding agent real eyes on how stale and risky your dependencies are.
An MCP server that audits a project's npm dependencies against the live registry. Feed it a package.json and the agent gets a per-dependency report: how far behind latest each package is (patch / minor / major), how many versions behind, whether it's deprecated, and its license — real facts, not a guess from training data.
Why this exists
Ask an agent "what's outdated here?" and it will happily hallucinate version numbers. The npm registry knows the truth. This server hands the agent that truth in one call, and pairs naturally with breaking-changes-mcp — audit to find what's behind, then check the breaking changes before you bump.
Related MCP server: npm-registry-mcp
Tools
Tool | What it does |
| Full report from a |
| One-off lookup for a single package — latest version, how far behind your range is, deprecation, license. |
No API key required.
Quick start
npx dependency-audit-mcpClaude Code
claude mcp add dependency-audit -- npx -y dependency-audit-mcpClaude Desktop / Cursor / Windsurf / any MCP client
{
"mcpServers": {
"dependency-audit": {
"command": "npx",
"args": ["-y", "dependency-audit-mcp"]
}
}
}Example prompts
"Audit this repo's dependencies — what's outdated or deprecated?" (agent reads
package.json, callsaudit_dependencies)"Is
requestdeprecated? What should I use instead?""How far behind is my
^4.17.0of lodash?"
Output at a glance
✓ up-to-date · patch △ minor ⚠ major behind
package range → latest gap behind license
⚠ react ^17.0.2 → 19.1.0 major 210 MIT
△ zod ^3.20.0 → 3.23.8 minor 28 MIT
⚠ request ^2.88.0 → 2.88.2 patch Apache-2.0 DEPRECATEDConfig
Env var | Default | Purpose |
|
| Override for private/mirror registries. |
How it works
package.json text
│
├─ parse dependencies / devDependencies (+ optional peer)
├─ for each dep → npm registry metadata (bounded concurrency)
├─ semver-diff installed lower-bound vs dist-tags.latest
└─ collect deprecation + license ──► sorted, worst-first reportNon-registry ranges (workspace:, file:, git+…, *) are listed as skipped rather than guessed at.
Develop
npm install
npm run build
node dist/index.jsLicense
MIT © Anicodeth
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Anicodeth/dependency-audit-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server