MCP.so
Sign In

NPM Sentinel MCP

@Nekzus

About NPM Sentinel MCP

A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI.

Basic information

Category

Other

License

MIT

Runtime

node

Transports

stdio

Publisher

Nekzus

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "docker",
      "args": [
        "build",
        "-t",
        "nekzus/npm-sentinel-mcp",
        "."
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is NPM Sentinel MCP?

NPM Sentinel MCP is a Model Context Protocol (MCP) server that integrates NPM package analysis with AI assistants like Claude and Anthropic AI. It provides real‑time intelligence on package security, dependencies, and performance to help developers make faster and safer package management decisions.

How to use NPM Sentinel MCP?

Install the server via NPX (npx -y @nekzus/mcp-server@latest), Docker, or deploy it on Smithery.ai. Configure it in your AI client (e.g., VS Code, Claude Desktop) by adding a server entry with the command above. The server supports both STDIO and HTTP streamable transports and exposes tools through the MCP protocol.

Key features of NPM Sentinel MCP

  • Version analysis and tracking
  • Dependency analysis and mapping
  • Advanced security scanning with recursive dependency checks
  • Strict input validation against Path Traversal, SSRF, Command Injection
  • Package quality metrics and score assessment
  • Download trends and statistics
  • TypeScript support verification
  • Package size analysis and maintenance metrics
  • Efficient caching with automatic invalidation on lockfile changes
  • Real‑time package comparisons

Use cases of NPM Sentinel MCP

  • Scan a package for known vulnerabilities before adding it to a project
  • Analyze and visualize the full transitive dependency tree of a package
  • Compare multiple packages on quality, downloads, and maintenance activity
  • Check TypeScript compatibility and bundle size impact of dependencies
  • Find alternative packages with better security or maintenance records

FAQ from NPM Sentinel MCP

How does the caching work?

The server automatically invalidates its cache when pnpm-lock.yaml, package-lock.json, or yarn.lock changes in your workspace. You can also force a fresh lookup by passing ignoreCache: true in the tool arguments.

What transport protocols are supported?

NPM Sentinel MCP supports both STDIO (local development) and HTTP streamable transport (via Smithery.ai). Your existing STDIO configuration continues to work without changes.

How do I configure a custom npm registry?

Set the NPM_REGISTRY_URL environment variable (default is https://registry.npmjs.org). In Smithery or Docker configurations, you can set it under the config object within the server definition.

Where do I find the Claude Desktop configuration file?

On Windows it is at %APPDATA%\Claude\claude_desktop_config.json, on macOS at ~/Library/Application Support/Claude/claude_desktop_config.json. Linux is not officially supported for Claude Desktop.

What security protections does the server include?

The server enforces strict input validation guarding against Path Traversal, SSRF, and Command Injection attacks. It also runs rigorous schema validation with Zod and uses standardized error handling.

Comments

More Other MCP servers