Back to Browse
Free
Server data from the Official MCP Registry
MCP server for npm package management — publish, version, search, audit, and more
About
MCP server for npm package management — publish, version, search, audit, and more
Security Report
7.2
Moderate7.2Low RiskValid MCP server (2 strong, 4 medium validity signals). 1 code issue detected. 3 known CVEs in dependencies (0 critical, 3 high severity) Package registry verified. Imported from the Official MCP Registry. Trust signals: trusted author (17/17 approved). 1 finding(s) downgraded by scanner intelligence.
3 files analyzed · 5 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
npm authentication tokenRequired
Environment variable: NPM_TOKEN
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-mikusnuz-npm": {
"env": {
"NPM_TOKEN": "your-npm-token-here"
},
"args": [
"-y",
"@mikusnuz/npm-mcp"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
npm-mcp
MCP server that lets AI assistants manage npm packages. Publish, version, search, audit, install, and more -- all through Claude Code or any MCP client.
When to Use
| Task | Tool |
|---|---|
| "Publish this package to npm" | publish |
| "Check for outdated dependencies" | outdated |
| "Run a security audit on my packages" | audit |
| "Search npm for authentication libraries" | search |
| "Bump the version and publish" | version then publish |
| "Check who owns this npm package" | owner |
| "View download stats for my package" | view |
For AI agents: See
llms.txtfor a machine-readable summary. Copytemplates/CLAUDE.mdortemplates/AGENTS.mdinto your project to teach your agent about this MCP.
Why
You're in Claude Code building a library. You finish the code, and now you need to publish it. Instead of switching to a terminal:
You: publish this package to npm with public access
Claude: [calls publish tool] Published @yourorg/lib@1.0.0 successfully
That's it. No context switching.
Setup
1. Install
git clone https://github.com/mikusnuz/npm-mcp.git
cd npm-mcp
npm install
npm run build
2. Get npm token
Go to npmjs.com > Account > Access Tokens > Generate New Token (Automation type recommended).
3. Add to Claude Code
Edit ~/.claude/settings.json:
{
"mcpServers": {
"npm-mcp": {
"command": "node",
"args": ["/path/to/npm-mcp/dist/index.js"],
"env": {
"NPM_TOKEN": "npm_xxxxxxxxxxxx"
}
}
}
}
Or if you've already run npm login locally, skip NPM_TOKEN -- it uses your ~/.npmrc automatically.
Tools
Publishing & Versioning
| Tool | Description |
|---|---|
publish | Publish a package to npm registry |
version | Bump package version (patch/minor/major/pre*) |
unpublish | Remove a package version |
deprecate | Deprecate a version (or undeprecate with empty message) |
pack | Preview what would be published |
Package Info
| Tool | Description |
|---|---|
view | View package info from registry |
search | Search npm registry |
bugs | Get bug tracker URL for a package |
repo | Get repository URL for a package |
docs | Get documentation URL for a package |
diff | Show diff between package versions |
Dependency Management
| Tool | Description |
|---|---|
install | Install packages |
uninstall | Remove packages |
update | Update packages to latest semver-compatible version |
outdated | Check for outdated packages |
ls | List installed packages |
explain | Explain why a package is installed |
dedupe | Reduce duplication in dependency tree |
prune | Remove extraneous packages |
fund | Show funding info for dependencies |
query | Query packages using CSS-like selectors |
Security & Diagnostics
| Tool | Description |
|---|---|
audit | Run security audit (with optional auto-fix) |
sbom | Generate Software Bill of Materials (CycloneDX/SPDX) |
doctor | Check npm environment health |
ping | Check registry connectivity |
Configuration & Auth
| Tool | Description |
|---|---|
whoami | Check current authenticated user |
token | Manage access tokens (list/revoke) |
access | Set or view access level on packages |
owner | Manage package owners (ls/add/rm) |
dist-tag | Manage distribution tags (ls/add/rm) |
profile | View or modify npm profile settings |
config | View npm configuration (read-only) |
Project Setup
| Tool | Description |
|---|---|
init | Initialize a new package.json |
pkg | Manage package.json fields programmatically |
ci | Clean install from lockfile (for CI) |
run-script | Run scripts defined in package.json |
link | Symlink a local package for development |
cache | Manage the npm cache |
Examples
Publish a scoped package:
publish({ path: "/home/user/my-lib", access: "public" })
Bump version and publish:
version({ path: "/home/user/my-lib", bump: "patch" })
publish({ path: "/home/user/my-lib" })
Check what's inside before publishing:
pack({ path: "/home/user/my-lib", dryRun: true })
Search for existing packages:
search({ query: "react state management", limit: 5 })
View package details:
view({ package: "@yourorg/lib", field: "versions" })
Install packages:
install({ path: "/home/user/my-app", packages: ["express", "cors"], saveDev: false })
Check outdated dependencies:
outdated({ path: "/home/user/my-app" })
Compare versions:
diff({ specs: ["lodash@4.17.20", "lodash@4.17.21"] })
Generate SBOM:
sbom({ path: "/home/user/my-app", format: "spdx", production: true })
Query dependencies:
query({ path: "/home/user/my-app", selector: ":root > .prod" })
Auth
| Method | How |
|---|---|
| NPM_TOKEN (recommended) | Set NPM_TOKEN env var in MCP config. Get token from npmjs.com > Access Tokens |
| npm login | Run npm login in terminal first. Token saved in ~/.npmrc is used automatically |
For 2FA-enabled accounts, pass otp parameter to publish/unpublish/deprecate/owner/access/token tools.
Environment Variables
| Variable | Default | Description |
|---|---|---|
NPM_TOKEN | -- | npm authentication token |
NPM_PATH | npm | Path to npm binary (if not in PATH) |
License
MIT
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
114
Stars
409
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
56
Installs
10.0
Security
5.0
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
116.1K
Stars
15
Installs
6.0
Security
5.0
Local
mcp-creator-typescript
Freeby mcp-marketplace · Developer Tools
Scaffold, build, and publish TypeScript MCP servers to npm — conversationally
-
Stars
14
Installs
10.0
Security
5.0
Local
FinAgent
Freeby mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.
-
Stars
13
Installs
10.0
Security
No ratings yet
Local