"PyPI" matching MCP tools:

• pypi-lookup

  The Stall

  Python package metadata from PyPI. Returns latest version, summary, author, license, Python version requirement, install dependencies, release date, and download URLs. Also supports fetching a specific version. Use before integrating a Python library: check if it's actively maintained, what license it uses, and whether it's compatible with your Python version. Free upstream: PyPI JSON API (no key, no rate limit for normal use).

  Connector

• security_fetch_package_licenceA

  DataNexus MCP

  Retrieve the SPDX licence identifier for an open source package by specifying its name, version, and ecosystem. Use this to verify licence compatibility before including the dependency.

  MIT

• frontend_security_detect_typosquattingA

  DataNexus MCP

  Detects typosquatting in frontend packages (npm/pypi) by comparing package name against a curated corpus of the top 500 frontend packages. Returns risk level and closest match.

  MIT

• security_fetch_package_maintainer_historyA

  DataNexus MCP

  Audit npm or PyPI package maintainer history to detect supply-chain risks. Analyzes account ages, ownership transfers, and recent changes to compute an anomaly score and maintainer health status.

  MIT

• security_fetch_package_risk_briefA

  DataNexus MCP

  Assess a package's security risk with a single verdict combining CVEs, license issues, maintainer health, and transitive dependencies.

  MIT

• security_detect_typosquattingA

  DataNexus MCP

  Detect typosquatting attacks on package names by comparing against top 10,000 packages using Damerau-Levenshtein distance. Returns similar packages with anomaly scores and a CLEAN or SUSPICIOUS verdict.

  MIT

• searchA

  kitsune-mcp

  Find MCP servers across registries by describing capabilities or keywords. Returns ranked candidates with details and optional token-cost comparison.

  MIT

• check_python_package_on_dev_machinesA

  stepsecurity-mcp

  Check developer laptops for any installs of a PyPI package to identify potential exposure. Searches all enrolled dev machines, returning all installs or filter by versions. Complements CI checks for comprehensive malicious package incident response.

  Apache 2.0

• check_pypi_package_exposureA

  stepsecurity-mcp

  Checks monitored GitHub repositories within an organization for usage of a specified PyPI package at given versions, identifying affected CI pipelines. Use with developer machine checks for full coverage.

  Apache 2.0

• lookup_package_docsA

  python-docs-mcp-server

  Retrieve official PyPI metadata and package-declared project URLs (docs, homepage, source) by querying the PyPI JSON API.

  MIT

• get_threat_incidentA

  stepsecurity-mcp

  Retrieve full details of a security threat incident, including compromised package names, versions, and C2 domains/IPs. After listing incidents, use this to extract concrete IOCs and determine which exposure checks to run based on the ecosystem (npm or pypi).

  Apache 2.0

• check_updateA

  fcop-mcp

  Check if your installed MCP server version is up to date by comparing it with the latest PyPI release. Displays local and latest versions and a verdict. Does not perform upgrades.

  MIT

• get_packageA

  Ecosyste.ms Package Data

  Retrieve package metadata including license, latest version, description, downloads, and dependencies count from 40+ package registries. Use to get information about specific packages in ecosystems like npm, PyPI, RubyGems, or Cargo.

  MIT

• jfrog_get_package_infoB

  JFrog MCP Server

  Retrieve public details about a software package, including its description, latest version, license, repository links, homepage, and malicious status. Supported types: PyPI, npm, Maven, Golang, NuGet, Huggingface, RubyGems.

  Apache 2.0

• get_version_infoA

  lotw-mcp

  Check the PyPI version of lotw-mcp and the ARRL LoTW schema version to detect version drift across MCP deployments.

  GPL 3.0

• scout_reportA

  scout-mcp

  Run a multi-source intelligence report by searching up to 18 platforms (HN, GitHub, npm, PyPI, X, Reddit, YouTube, and more) in parallel. Choose a focus preset—balanced (14 free APIs), trending, or comprehensive—or specify exact sources. Requires a query; returns structured JSON results.

  MIT

• get_version_infoA

  qrz-mcp

  Retrieve the running version of qrz-mcp and the QRZ API contract to detect drift across MCP deployments.

  GPL 3.0

• idea_checkA

  idea-reality-mcp

  Check if a product idea already exists by scanning GitHub, Hacker News, npm, PyPI and Product Hunt to identify competition and market saturation before building.

  MIT

• packageSearchA

  Octocode MCP

  Search for NPM or Python packages by name to get repository URLs, check deprecation status, and compare alternatives. Returns direct links to source code for further exploration.

  TypeScript

  MIT

• estimate_marketA

  ground-truth-mcp

  Search npm or PyPI to estimate market crowdedness for a package category, validating claims about market emptiness or competitiveness.

  MIT