Nextscan
@berkayderin
About Nextscan
MCP server that scans Next.js projects and returns a compact summary of routes, API endpoints, database schema, and security issues.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"nextscan": {
"command": "npx",
"args": [
"-y",
"@berkayderin/nextscan"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Nextscan?
Nextscan is an MCP server that scans a Next.js project directory and returns a compact, structured summary of its routes, API endpoints, database schema, and security posture. It is designed for Next.js developers who want a single‑tool overview instead of manual file‑by‑file exploration.
How to use Nextscan?
Clone the repository, run npm install && npm build, then add the server to an MCP‑compatible client (e.g., Claude Code) with claude mcp add nextscan -- node /path/to/nextscan/dist/index.js. Inside the client, call the scan tool with the required path argument (absolute path to the Next.js project root) and an optional focus parameter (routes, api, schema, or security).
Key features of Nextscan
- Single
scancall returns a full project overview. - Compact route tree with dynamic/static and client/server flags.
- Hardcoded secrets and environment variable leak detection.
- Auth and validation status per API endpoint.
- Prisma/Drizzle relation mapping including orphan models.
Use cases of Nextscan
- Quickly understand the route structure of an unfamiliar Next.js codebase.
- Audit API endpoints for missing authentication or validation.
- Check a project’s database schema and model relations.
- Scan a Next.js app for common security issues before deployment.
FAQ from Nextscan
What does Nextscan analyze that manual exploration might miss?
It automatically detects unprotected API routes, missing rate limiting, hardcoded secrets, and schema orphans (models without relations), which are easy to overlook when reading files individually.
What are the runtime requirements for Nextscan?
Node.js 18 or later and an MCP‑compatible client such as Claude Code or Claude Desktop.
Which Next.js features does Nextscan cover?
It analyzes the App Router (pages, layouts, dynamic routes, route groups), API endpoints (methods, auth, validation), middleware and matchers, and database schemas for Prisma and Drizzle.
How does Nextscan detect security issues?
It inspects middleware configuration, header settings, API route auth guards, and scans source files for potential hardcoded secrets or environment variable leaks.
Does Nextscan transmit my project data anywhere?
No. Nextscan runs locally and only reads files from the specified absolute path; no data is sent over the network. Communication stays within the MCP client–server process.
More Developer Tools MCP servers
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents
Test
x1xhlolFULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia & v0. (And other Open Sou
Unity MCP (Server + Plugin)
IvanMurzakAI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for fr
Comments