Best Packagist MCP Servers
Packagist is the main Composer repository for PHP packages, allowing developers to discover, share and manage dependencies for PHP projects
Why this server?
Offers package vulnerability details, dependency trees, and licensing checks for PHP packages from Packagist.
AlicenseAqualityAmaintenanceProvides AI-ready access to US/UK nonprofit data and OSS vulnerability intelligence via MCP, with 10 tools and no API key required.Last updated12552932SleepycatWhy this server?
Enables looking up PHP package data, dependencies, and repository information from the Packagist registry.
AlicenseAqualityBmaintenanceEnables querying package ecosystem data from ecosyste.ms, including package metadata, versions, security advisories, dependencies, and repository information across 40+ package registries with fast local SQLite lookups and API fallback.Last updated101377MITWhy this server?
Fetches latest versions of PHP packages from Packagist (the package repository for Composer).
AlicenseAqualityBmaintenanceEnables AI coding agents to retrieve the latest stable versions of packages and tools across multiple ecosystems, preventing outdated dependency versions in generated code.Last updated47Apache 2.0Why this server?
Provides dependency auditing for PHP projects using Packagist by analyzing composer.lock files to identify known vulnerabilities.
AlicenseAqualityBmaintenanceProvides verified dependency-audit verdicts for AI agents, checking installed versions against OSV advisories and splitting direct vs transitive dependencies.Last updated3MITWhy this server?
Looks up package versions from Packagist (PHP Composer).
Why this server?
Provides tools for querying Packagist package metadata and security information.
AlicenseBqualityAmaintenanceUnifies 21 supply chain security data sources into a single MCP server, enabling AI agents to perform comprehensive package audits, vulnerability checks, provenance verification, and risk assessment across multiple ecosystems.Last updated903112MITWhy this server?
Provides tools for searching Packagist for installable Flarum extensions, checking compatibility, installing, updating, removing, and managing extensions via Composer.
FlicenseAqualityAmaintenanceProvides MCP-compatible AI clients with full access to a Flarum forum's API, enabling reading, searching, creating discussions, replying, moderation, and management of users, tags, and groups.Last updated152Why this server?
Allows checking Packagist/Composer packages for known vulnerabilities, with recommendations and risk scores.
Alicense-qualityBmaintenancedeptrust is a CLI that checks package versions for known vulnerabilities across npm, PyPI, crates.io, Go modules, RubyGems, NuGet, Maven, Packagist, pub.dev, CocoaPods, Hex.pm, Hackage, GitHub Actions, and more. It runs locally as a CLI and as an MCP server. It calls public package registry and OSV APIs directly; there is no hosted deptrust service to trust or configure.Last updated40248MITWhy this server?
Queries Packagist for the latest version of PHP packages.
Alicense-qualityCmaintenanceAn MCP server that queries 19 package registries (npm, PyPI, crates.io, etc.) to retrieve the latest version of packages and their metadata.Last updatedMIT