packagerating MCP Server
OfficialClick on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@packagerating MCP ServerIs express safe to use?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
packagerating MCP Server
Give Claude (or any MCP-compatible client) live, on-demand access to packagerating.com package health/risk scores — right inside your coding session, not just in CI.
Three tools, each a thin mirror of the public REST API:
Tool | What it does |
| List scored packages, sorted by composite score by default |
| Full score + dimension breakdown for one package by name. Transparently waits for a first-ever crawl to finish. |
| Pre-warm one or more packages for crawling without waiting on the result |
A never-before-scored package can take up to ~60 seconds to return on first lookup via
get_package(the server waits for the crawl to finish); every subsequent lookup is fast.
Setup
Get a free API key at packagerating.com.
Add this server to your MCP client config. For Claude Code, add to your MCP settings:
{
"mcpServers": {
"packagerating": {
"command": "npx",
"args": ["-y", "@packagerating/mcp-server"],
"env": {
"PACKAGERATING_API_KEY": "your-api-key-here"
}
}
}
}That's it — no local install, no build step. npx fetches the latest published version each time.
Related MCP server: PatternStack
Example
"Is
left-padsafe to add as a dependency? What aboutlodash?"
Claude calls get_package for each name and can compare the results directly in conversation —
liveness, community, security, dependency posture, versioning, and dependency-tree risk, plus the
three composite scores (General, Automation, Risk).
Development
npm install
npm test # unit tests, mocked HTTP — no live API calls
npm run typecheck
npm run build # bundles to dist/index.js via @vercel/ncc
npm run smoke-test # exercises the real production API — requires a real PACKAGERATING_API_KEYRelated
packagerating/audit-dependencies— GitHub Action, npm dependenciespackagerating/audit-dependencies-python— GitHub Action, Python dependenciespackagerating.com — sign up for an API key and learn about the product
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/packagerating/mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server