MCP.so
ログイン

NPM Sentinel MCP

@Nekzus

NPM Sentinel MCP について

A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI.

基本情報

カテゴリ

その他

ライセンス

MIT

ランタイム

node

トランスポート

stdio

公開者

Nekzus

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "docker",
      "args": [
        "build",
        "-t",
        "nekzus/npm-sentinel-mcp",
        "."
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is NPM Sentinel MCP?

NPM Sentinel MCP is a Model Context Protocol (MCP) server that integrates NPM package analysis with AI assistants like Claude and Anthropic AI. It provides real‑time intelligence on package security, dependencies, and performance to help developers make faster and safer package management decisions.

How to use NPM Sentinel MCP?

Install the server via NPX (npx -y @nekzus/mcp-server@latest), Docker, or deploy it on Smithery.ai. Configure it in your AI client (e.g., VS Code, Claude Desktop) by adding a server entry with the command above. The server supports both STDIO and HTTP streamable transports and exposes tools through the MCP protocol.

Key features of NPM Sentinel MCP

  • Version analysis and tracking
  • Dependency analysis and mapping
  • Advanced security scanning with recursive dependency checks
  • Strict input validation against Path Traversal, SSRF, Command Injection
  • Package quality metrics and score assessment
  • Download trends and statistics
  • TypeScript support verification
  • Package size analysis and maintenance metrics
  • Efficient caching with automatic invalidation on lockfile changes
  • Real‑time package comparisons

Use cases of NPM Sentinel MCP

  • Scan a package for known vulnerabilities before adding it to a project
  • Analyze and visualize the full transitive dependency tree of a package
  • Compare multiple packages on quality, downloads, and maintenance activity
  • Check TypeScript compatibility and bundle size impact of dependencies
  • Find alternative packages with better security or maintenance records

FAQ from NPM Sentinel MCP

How does the caching work?

The server automatically invalidates its cache when pnpm-lock.yaml, package-lock.json, or yarn.lock changes in your workspace. You can also force a fresh lookup by passing ignoreCache: true in the tool arguments.

What transport protocols are supported?

NPM Sentinel MCP supports both STDIO (local development) and HTTP streamable transport (via Smithery.ai). Your existing STDIO configuration continues to work without changes.

How do I configure a custom npm registry?

Set the NPM_REGISTRY_URL environment variable (default is https://registry.npmjs.org). In Smithery or Docker configurations, you can set it under the config object within the server definition.

Where do I find the Claude Desktop configuration file?

On Windows it is at %APPDATA%\Claude\claude_desktop_config.json, on macOS at ~/Library/Application Support/Claude/claude_desktop_config.json. Linux is not officially supported for Claude Desktop.

What security protections does the server include?

The server enforces strict input validation guarding against Path Traversal, SSRF, and Command Injection attacks. It also runs rigorous schema validation with Zod and uses standardized error handling.

コメント

「その他」の他のコンテンツ