Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| NPM_PATH | No | Path to the npm binary. Use this if npm is not in your system PATH. | npm |
| NPM_TOKEN | No | npm authentication token. Can be generated from npmjs.com > Account > Access Tokens. If omitted, the server will use credentials from your ~/.npmrc (from running npm login). |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| publish | Publish a package to the npm registry |
| version | Bump the package version |
| view | View package information from the registry |
| search | Search npm registry for packages |
| unpublish | Remove a package version from the registry |
| deprecate | Deprecate a version of a package |
| owner | Manage package owners |
| dist-tag | Manage distribution tags |
| pack | Create a tarball from a package (preview what would be published) |
| whoami | Check which npm user is currently authenticated. If not logged in, set NPM_TOKEN env var in MCP config. |
| init | Initialize a new package.json |
| audit | Run a security audit on the package |
| outdated | Check for outdated packages in a project |
| ls | List installed packages in a project |
| install | Install packages in a project |
| uninstall | Remove packages from a project |
| update | Update packages in a project to their latest semver-compatible version |
| access | Set or view access level on published packages |
| token | Manage npm access tokens (list or revoke) |
| ping | Check connectivity to the npm registry |
| bugs | Get the bug tracker URL for a package |
| repo | Get the repository URL for a package |
| docs | Get the documentation URL for a package |
| diff | Show diff between package versions or between local and registry |
| pkg | Manage package.json fields programmatically |
| fund | Show funding information for installed packages |
| dedupe | Reduce duplication in the dependency tree |
| explain | Explain why a package is installed (show dependency chain) |
| sbom | Generate a Software Bill of Materials (SBOM) for a project |
| profile | View or modify npm user profile settings |
| ci | Clean install dependencies from lockfile (for CI environments) |
| run-script | Run a script defined in package.json |
| doctor | Run diagnostics to check npm environment health |
| cache | Manage the npm cache |
| config | View npm configuration (read-only for safety) |
| prune | Remove extraneous packages not listed in package.json |
| link | Symlink a local package for development |
| query | Query installed packages using CSS-like selectors |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| publish_package | Guide through publishing a new npm package version: version bump, build, pack preview, publish, and git tag |
| audit_package | Audit a package: check vulnerabilities, outdated dependencies, and download stats |
| dependency_health | Comprehensive dependency health check: outdated, audit, explain, and cleanup recommendations |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| npm-whoami | Current authenticated npm user |