@buygit/mcp-server

The only MCP that returns license + supply-chain risk + popularity + price in a single call. 78,094 curated Git assets. Zero config. MIT. Free forever.

MCP server for the BuyGit Open Index — 78,094 curated, deduplicated, license-tagged Git assets from GitHub, Codeberg, npm, crates.io, WordPress, HuggingFace, and 17 other sources — to Claude Desktop, Cursor, Cline, Continue, ChatGPT Apps SDK, and any MCP 2025-11-25 client.

Companion: @buygit/cli — same answers from your shell. npx @buygit/cli search "react form" --license MIT.

Companion: buygit-vscode extension — license-compat + audit from the VS Code command palette + explorer right-click. See packages/vscode-extension.

Works in Antigravity, Claude Desktop, Claude Code, Cursor, Cline, Codex CLI, Continue, Gemini CLI, OpenCode, Roo Code, Windsurf, Zed, and any MCP 2025-11-25 client. Full install matrix in CLIENTS.md.

Cursor one-click install: cursor://anysphere.cursor-deeplink/mcp/install?name=buygit&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBidXlnaXQvbWNwLXNlcnZlckBsYXRlc3QiXX0=

What is BuyGit?

BuyGit is an open marketplace and discovery platform for Git-based digital products — source code, templates, SaaS starters, boilerplates, plugins, AI agents, ML models, and developer tools.

Unlike raw GitHub search, BuyGit curates, deduplicates, and enriches every listing with structured metadata:

• License classification — SPDX identifier + category (permissive / weak-copyleft / strong-copyleft / proprietary) + plain-English compatibility warnings

• Supply-chain risk scoring — 0-100 composite score based on dependency hygiene, secret scan status, malware flags, and maintenance signals

• Popularity scoring — log-scaled 0-100 star score normalized across sources (GitHub, npm, crates.io, etc.)

• Pricing tier — free vs. paid, with USD price for premium listings

• Repository health — stars, forks, language, last commit date, archived/disabled status, upstream health

The catalog currently indexes 78,094 crawler-imported listings from 17+ sources, with continuous crawling adding new assets daily. BuyGit also supports seller-curated premium listings (marketplace), but the MCP server exposes only the public crawler-imported catalog — no auth required.

Key URLs:

• 🌐 Main site: buygit.com

• 📖 MCP landing page: buygit.com/mcp

• 📋 API spec: buygit.com/api/v1/crawler/openapi.json

Why BuyGit over raw GitHub search?

Every tool returns a 4-axis signals block — the differentiator. No other MCP gives you this in one call.

{
  "license_category": "permissive",
  "license_warning": null,
  "popularity": 75,
  "risk": 0,
  "price_usd": 0,
  "pricing_tier": "free"
}

We also tell you when NOT to use us — see WHEN_NOT_TO_USE.md.

What you get

14 tools, 7 resource templates, 4 prompts — all backed by the public, read-only, free-forever BuyGit Open Index API. Full client install matrix in CLIENTS.md (13 clients).

Resources let you @-mention a listing, category, comparison, or any cacheable static asset and have it attached as conversation context — no tools/call required:

• buygit://listing/{slug} — full listing detail with 4-axis signals

• buygit://category/{slug} — category top 20

• buygit://compare/{slug-a}+{slug-b}+{slug-c} — single-fetch 2-5 way compare

• buygit://trending/{period} — day/week/month trending, pin once and re-reference

• buygit://stats — catalog meta + data_freshness, pin to know catalog scale

• buygit://category-tree — full taxonomy lookup table

• buygit://license/{spdx} — compatibility matrix row for any SPDX id

Prompts (slash-menu in Claude Desktop):

• starter_for_stack — "Find me a starter kit for {stack}"

• alternative_to — "Alternatives to {repo}"

• audit_my_dependency — "Is {slug} safe to ship?"

• explore_category — "What's hot in {category}?"

Install

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json on macOS or %APPDATA%\Claude\claude_desktop_config.json on Windows:

{
  "mcpServers": {
    "buygit": {
      "command": "npx",
      "args": ["-y", "@buygit/mcp-server@latest"]
    }
  }
}

Restart Claude Desktop. The first tool call may take a few seconds while npx resolves the package.

Cursor

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "buygit": {
      "command": "npx",
      "args": ["-y", "@buygit/mcp-server@latest"]
    }
  }
}

Cline (VS Code extension)

Open the Cline MCP settings (Cline: Open MCP Servers from the command palette) and add:

{
  "buygit": {
    "command": "npx",
    "args": ["-y", "@buygit/mcp-server@latest"]
  }
}

Continue

Continue picks up MCP servers from ~/.continue/config.json:

{
  "mcpServers": {
    "buygit": {
      "command": "npx",
      "args": ["-y", "@buygit/mcp-server@latest"]
    }
  }
}

Self-hosted via Docker

docker run -i --rm ghcr.io/buygit/mcp-server:latest

The container runs stdio MCP. Pipe stdin/stdout from your client.

Try it

After you've added the config and restarted your client, ask:

• "Find me a Next.js SaaS starter under MIT with more than 500 stars."

• "What's trending in AI agents this week on BuyGit?"

• "Tell me about next-saas-starter-pro — is the secret scan clean?"

• "Compare react-saas-template and nextjs-stripe-starter."

• "Explain the license risk of some-gpl-library for my MIT project."

• "Run a deep audit on github.com/some-org/some-repo."

The model will call the right tools, attach the canonical BuyGit links, and let you click through.

Configuration

Architecture

┌─────────────────────────────────────────────┐
│  AI Agent (Claude, GPT, Gemini, …)          │
│  ↕ MCP JSON-RPC (stdio or Streamable HTTP)  │
├─────────────────────────────────────────────┤
│  @buygit/mcp-server                         │
│  14 tools · 7 resources · 4 prompts         │
│  Zod input validation · structuredContent   │
│  Retry w/ exponential backoff (429/503)     │
├─────────────────────────────────────────────┤
│  undici Pool → buygit.com REST API          │
│  Public · Read-only · No auth · Free        │
└─────────────────────────────────────────────┘

Privacy & licensing

The BuyGit Open Index API is public, read-only, no auth. There is no key to install. Requests are not personally identifiable (the server doesn't log the queries you make).

The catalog excludes seller-curated listings — only crawler-imported public-repo metadata is exposed. Each result includes a url field linking back to the canonical BuyGit page; please surface that link when redistributing.

This package is MIT licensed. The API responses are licensed for indexing + attribution per the BuyGit API terms.

Links

• BuyGit main site: https://buygit.com

• BuyGit MCP landing page: https://buygit.com/mcp

• OpenAPI 3.1 spec: https://buygit.com/api/v1/crawler/openapi.json

• Source: https://github.com/genoxdeveloper/buygit-mcp-server

• Issues: https://github.com/genoxdeveloper/buygit-mcp-server/issues

• npm: https://www.npmjs.com/package/@buygit/mcp-server

Develop

cd packages/mcp-server
pnpm install
pnpm build
node dist/index.js   # connects on stdio — feed it MCP JSON-RPC over stdin

Or run the watch build while developing:

pnpm dev

Run tests:

pnpm test           # 57 tests (handler + server + federation)

To smoke-test against the live API:

BUYGIT_API_BASE=https://buygit.com node dist/index.js
# then in another process, send a `tools/list` JSON-RPC frame