home / mcp / npm sentinel mcp server

NPM Sentinel MCP Server

Provides AI-assisted analysis of NPM packages, including security, dependencies, metrics, and trends via MCP tools.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "nekzus-npm-sentinel-mcp": {
      "url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp",
      "headers": {
        "NPM_REGISTRY_URL": "https://registry.npmjs.org"
      }
    }
  }
}

You run a powerful MCP server for analyzing NPM packages with AI-assisted insights. This server provides real-time security, dependency, and performance analysis, helping you make safer, faster package-management decisions within modern development workflows.

How to use

You will connect your MCP client to the NPM Sentinel MCP server to access a suite of tools for package analysis. The server exposes tooling for version history, dependency trees, security advisories, size and maintenance metrics, and more. Use these tools to compare packages, inspect transitive dependencies, verify TypeScript support, monitor download trends, and check license compatibility. The server supports both HTTP streamable transport (remote) and STDIO (local) modes, so you can choose the deployment that fits your environment. When you issue a request, you will receive a standardized response containing content items with text and optional error indicators.

How to install

Prerequisites you need before starting include Node.js and npm for building and running the server. Docker is optional if you plan to run the server inside a container. You should also have a compatible MCP client to send requests to the server.

Step 1: Install dependencies locally. Run:

npm install

Step 2: Build for STDIO (traditional) mode if you want a local runtime. Run:

npm run build:stdio

Step 3: Start a development server (with a local playground) if you are developing or testing. Run:

npm run dev

Step 4: Alternatively, you can run the MCP server directly via NPX without building. This is convenient for quick experiments or integration into workflows that pull the latest release on demand. Run:

npx -y @nekzus/mcp-server@latest

Additional configuration and deployment options

HTTP Streamable deployment via Smithery.ai provides a remote MCP endpoint you can connect to from your MCP client. This method scales and streams responses in real time while still preserving STDIO compatibility for local development.

Configure the remote HTTP endpoint as follows in your MCP client or deployment config.

Usage examples and deployment snippets

# Smithery.ai HTTP deployment configuration (example)
{
  "mcpServers": {
    "npm-sentinel": {
      "type": "http",
      "url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp"
    }
  }
}

For local development using STDIO, you can also start the MCP server via Docker with a mounted work directory. Use the following runtime configuration as a guide.

{
  "mcpServers": {
    "npm_sentinel": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-w", "/projects",
        "--mount", "type=bind,src=${PWD},dst=/projects",
        "nekzus/npm-sentinel-mcp",
        "node",
        "dist/index.js"
      ]
    }
  }
}

Notes

The server supports automatic cache invalidation when dependency lock files in your workspace change (pnpm-lock.yaml, package-lock.json, or yarn.lock). You can also bypass the cache by passing ignoreCache: true in tool arguments to force a fresh lookup from the registry.

Available tools

npmVersions

Get all versions of a package and their release dates

npmLatest

Get latest version information including changelog for one or more packages

npmDeps

Analyze package dependencies, producing a complete dependency tree including direct and transitive graphs

npmTypes

Check TypeScript support for packages

npmSize

Analyze package bundle size and import cost

npmVulnerabilities

Scan for security vulnerabilities with transitive scanning and OSV.dev reports

npmTrends

Get download trends over a specified period

npmCompare

Compare multiple packages with detailed metrics

npmMaintainers

Get package maintainers and activity

npmScore

Get package quality score with comprehensive metrics

npmPackageReadme

Get formatted package README content

npmSearch

Search for packages with metadata by query and limit

npmLicenseCompatibility

Check license compatibility across packages

npmRepoStats

Get repository statistics for packages

npmDeprecated

Check for deprecation status and alternatives

npmChangelogAnalysis

Analyze package changelogs for impact

npmAlternatives

Find package alternatives and comparisons

npmQuality

Assess overall package quality

npmMaintenance

Check maintenance status and activity