home / mcp / npm sentinel mcp server
Provides AI-assisted analysis of NPM packages, including security, dependencies, metrics, and trends via MCP tools.
Configuration
View docs{
"mcpServers": {
"nekzus-npm-sentinel-mcp": {
"url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp",
"headers": {
"NPM_REGISTRY_URL": "https://registry.npmjs.org"
}
}
}
}You run a powerful MCP server for analyzing NPM packages with AI-assisted insights. This server provides real-time security, dependency, and performance analysis, helping you make safer, faster package-management decisions within modern development workflows.
You will connect your MCP client to the NPM Sentinel MCP server to access a suite of tools for package analysis. The server exposes tooling for version history, dependency trees, security advisories, size and maintenance metrics, and more. Use these tools to compare packages, inspect transitive dependencies, verify TypeScript support, monitor download trends, and check license compatibility. The server supports both HTTP streamable transport (remote) and STDIO (local) modes, so you can choose the deployment that fits your environment. When you issue a request, you will receive a standardized response containing content items with text and optional error indicators.
Prerequisites you need before starting include Node.js and npm for building and running the server. Docker is optional if you plan to run the server inside a container. You should also have a compatible MCP client to send requests to the server.
Step 1: Install dependencies locally. Run:
npm installStep 2: Build for STDIO (traditional) mode if you want a local runtime. Run:
npm run build:stdioStep 3: Start a development server (with a local playground) if you are developing or testing. Run:
npm run devStep 4: Alternatively, you can run the MCP server directly via NPX without building. This is convenient for quick experiments or integration into workflows that pull the latest release on demand. Run:
npx -y @nekzus/mcp-server@latestHTTP Streamable deployment via Smithery.ai provides a remote MCP endpoint you can connect to from your MCP client. This method scales and streams responses in real time while still preserving STDIO compatibility for local development.
Configure the remote HTTP endpoint as follows in your MCP client or deployment config.
# Smithery.ai HTTP deployment configuration (example)
{
"mcpServers": {
"npm-sentinel": {
"type": "http",
"url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp"
}
}
}For local development using STDIO, you can also start the MCP server via Docker with a mounted work directory. Use the following runtime configuration as a guide.
{
"mcpServers": {
"npm_sentinel": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-w", "/projects",
"--mount", "type=bind,src=${PWD},dst=/projects",
"nekzus/npm-sentinel-mcp",
"node",
"dist/index.js"
]
}
}
}The server supports automatic cache invalidation when dependency lock files in your workspace change (pnpm-lock.yaml, package-lock.json, or yarn.lock). You can also bypass the cache by passing ignoreCache: true in tool arguments to force a fresh lookup from the registry.
Get all versions of a package and their release dates
Get latest version information including changelog for one or more packages
Analyze package dependencies, producing a complete dependency tree including direct and transitive graphs
Check TypeScript support for packages
Analyze package bundle size and import cost
Scan for security vulnerabilities with transitive scanning and OSV.dev reports
Get download trends over a specified period
Compare multiple packages with detailed metrics
Get package maintainers and activity
Get package quality score with comprehensive metrics
Get formatted package README content
Search for packages with metadata by query and limit
Check license compatibility across packages
Get repository statistics for packages
Check for deprecation status and alternatives
Analyze package changelogs for impact
Find package alternatives and comparisons
Assess overall package quality
Check maintenance status and activity