Is Npm Sentinel free?

Yes, Npm Sentinel is free to use.

How do I install Npm Sentinel?

Npm Sentinel supports both local and remote installation. For local use, install it via the provided package manager and add the configuration to your AI app. For remote access, add the server URL to your MCP configuration.

What AI apps work with Npm Sentinel?

Npm Sentinel uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Npm Sentinel MCP Server

by Nekzus

SecurityLow Risk10.0MCP RegistryLocalRemote

Free

Server data from the Official MCP Registry

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

About

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

Remote endpoints: streamable-http: https://server.smithery.ai/@Nekzus/npm-sentinel-mcp/mcp

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (2 strong, 2 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry. Trust signals: trusted author (3/3 approved).

1 tool verified · Open access · No issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

How to Install & Connect

Available as Local & Remote

This plugin can run on your machine or connect to a hosted endpoint. during install.

Documentation

View on GitHub

From the project's GitHub README.

NPM Sentinel MCP

A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.

Features

Version analysis and tracking
Dependency analysis and mapping
Advanced Security Scanning: Recursive dependency checks, ecosystem awareness (e.g., React), and accurate version resolution.
Strict Input Validation: Protection against Path Traversal, SSRF, and Command Injection via rigorous input sanitization.
Package quality metrics
Download trends and statistics
TypeScript support verification
Package size analysis
Maintenance metrics
Real-time package comparisons
Standardized error handling and MCP response formats
Efficient caching for improved performance and API rate limit management
Rigorous schema validation and type safety using Zod

Note: The server provides AI-assisted analysis through MCP integration.

Caching and Invalidation

To ensure data accuracy while maintaining performance, the server implements robust caching strategies:

Automatic Invalidation: The cache is automatically invalidated whenever pnpm-lock.yaml, package-lock.json, or yarn.lock changes in your workspace. This ensures you always get fresh data after installing or updating dependencies.
Force Refresh: All tools accept an optional ignoreCache: true parameter to bypass the cache and force a fresh lookup from the registry.

Example Usage (JSON-RPC)

When calling a tool, simply include ignoreCache: true in the arguments:

{
  "name": "npmVersions",
  "arguments": {
    "packages": ["react"],
    "ignoreCache": true
  }
}

Installation

Migration to HTTP Streamable

This MCP server now supports both STDIO and HTTP streamable transport. Your existing STDIO configuration will continue to work without changes.

New capabilities:

HTTP streamable transport via Smithery.ai
Enhanced scalability and performance
Interactive testing playground

Development commands:

# Development server with playground
npm run dev

# Build for HTTP
npm run build:http

# Start HTTP server
npm run start:http

Install in VS Code

Add this to your VS Code MCP config file. See VS Code MCP docs for more info.

{
  "servers": {
    "npm-sentinel": {
      "type": "stdio",
      "command": "npx",
      "args": ["-y", "@nekzus/mcp-server@latest"]
    }
  }
}

Smithery.ai Deployment (HTTP Streamable)

This MCP server now supports HTTP streamable transport through Smithery.ai for enhanced scalability and performance. You can deploy it directly on Smithery.ai: Benefits of HTTP deployment:

Scalable: Handles multiple concurrent connections
Streamable: Real-time streaming responses
Managed: Automatic deployment and monitoring
Backward Compatible: Still supports STDIO for local development
Interactive Testing: Built-in playground for testing tools

Configuration for Smithery.ai:

{
  "mcpServers": {
    "npm-sentinel": {
      "type": "http",
      "url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp"
    }
  }
}

Configuration

The server supports the following configuration options:

Environment Variable	CLI Argument	Default	Description
`NPM_REGISTRY_URL`	`config.NPM_REGISTRY_URL`	`https://registry.npmjs.org`	URL of the NPM registry to use for all requests

HTTP Deployment (Smithery/Docker)

When deploying via Smithery or Docker, you can configure these options in your configuration file:

{
  "mcpServers": {
    "npm-sentinel": {
      "type": "http",
      "url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp",
      "config": {
        "NPM_REGISTRY_URL": "https://registry.npmjs.org"
      }
    }
  }
}

Docker

Build

# Build the Docker image
docker build -t nekzus/npm-sentinel-mcp .

Usage

You can run the MCP server using Docker with directory mounting to /projects:

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-w", "/projects",
        "--mount", "type=bind,src=${PWD},dst=/projects",
        "nekzus/npm-sentinel-mcp",
        "node",
        "dist/index.js"
      ]
    }
  }
}

For multiple directories:

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-w", "/projects",
        "--mount", "type=bind,src=/path/to/workspace,dst=/projects/workspace",
        "--mount", "type=bind,src=/path/to/other/dir,dst=/projects/other/dir,ro",
        "nekzus/npm-sentinel-mcp",
        "node",
        "dist/index.js"
      ]
    }
  }
}

Note: All mounted directories must be under /projects for proper access.

Usage with Claude Desktop

Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "npmsentinel": {
      "command": "npx",
      "args": ["-y", "@nekzus/mcp-server@latest"]
    }
  }
}

Configuration file locations:

Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Linux: (Claude for Desktop does not officially support Linux at this time)

NPX

{
  "mcpServers": {
    "npm-sentinel-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@nekzus/mcp-server@latest"
      ]
    }
  }
}

API

The server exposes its tools via the Model Context Protocol. All tools adhere to a standardized response format:

{
  "content": [
    {
      "type": "text",
      "text": "string",
      "isError": boolean // Optional
    }
    // ... more content items if necessary
  ]
}

Resources

npm://registry: NPM Registry interface
npm://security: Security analysis interface
npm://metrics: Package metrics interface

Server Resources

The server also provides the following informational resources accessible via MCP GetResource requests:

doc://server/readme:
- Description: Retrieves the main README.md file content for this NPM Sentinel MCP server.
- MIME Type: text/markdown
doc://mcp/specification:
- Description: Retrieves the llms-full.txt content, providing the comprehensive Model Context Protocol specification.
- MIME Type: text/plain

Tools

npmVersions

Get all versions of a package
Input: packages (string[])
Returns: Version history with release dates

npmLatest

Get latest version information
Input: packages (string[])
Returns: Latest version details and changelog

npmDeps

Analyze package dependencies
Input: packages (string[])
Returns: Complete dependency tree analysis including direct dependencies and full transitive graph (count and explicit flatten list) mapping through deps.dev.

npmTypes

Check TypeScript support
Input: packages (string[])
Returns: TypeScript compatibility status

npmSize

Analyze package size
Input: packages (string[])
Returns: Bundle size and import cost analysis

npmVulnerabilities

Scan for security vulnerabilities
Features:
- Instant Transitive Scanning: Powered by Google's deps.dev API to resolve massive dependency trees (e.g. Next.js, Astro) in a single request, bypassing deep recursion limitations.
- Ecosystem Awareness: Automatically scans related packages efficiently.
- Rich Reports: Includes CVE IDs and full summaries from OSV.dev.
Input: packages (string[])
Returns: Detailed security advisories, CVEs, and severity ratings

npmTrends

Get download trends
Input:
- packages (string[])
- period ("last-week" | "last-month" | "last-year")
Returns: Download statistics over time

npmCompare

Compare multiple packages
Input: packages (string[])
Returns: Detailed comparison metrics

npmMaintainers

Get package maintainers
Input: packages (string[])
Returns: Maintainer information and activity

npmScore

Get package quality score
Input: packages (string[])
Returns: Comprehensive quality metrics

npmPackageReadme

Get package README
Input: packages (string[])
Returns: Formatted README content

npmSearch

Search for packages
Input:
- query (string)
- limit (number, optional)
Returns: Matching packages with metadata

npmLicenseCompatibility

Check license compatibility
Input: packages (string[])
Returns: License analysis and compatibility info

npmRepoStats

Get repository statistics
Input: packages (string[])
Returns: GitHub/repository metrics

npmDeprecated

Check for deprecation
Input: packages (string[])
Returns: Deprecation status and alternatives

npmChangelogAnalysis

Analyze package changelogs
Input: packages (string[])
Returns: Changelog summaries and impact analysis

npmAlternatives

Find package alternatives
Input: packages (string[])
Returns: Similar packages with comparisons

npmQuality

Assess package quality
Input: packages (string[])
Returns: Quality metrics and scores

npmMaintenance

Check maintenance status
Input: packages (string[])
Returns: Maintenance activity metrics

Build

# Install dependencies
npm install

# Build for STDIO (traditional)
npm run build:stdio

# Build for HTTP (Smithery)
npm run build:http

# Development server
npm run dev

License

This MCP server is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.

MIT © nekzus

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Google Workspace MCP

Free

by Taylorwilsdon · Productivity

Control Gmail, Calendar, Docs, Sheets, Drive, and more from your AI