Is io.github.Nekzus/npm-sentinel-mcp safe to use?

io.github.Nekzus/npm-sentinel-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.Nekzus/npm-sentinel-mcp?

io.github.Nekzus/npm-sentinel-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.Nekzus/npm-sentinel-mcp?

io.github.Nekzus/npm-sentinel-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is io.github.Nekzus/npm-sentinel-mcp actively maintained?

io.github.Nekzus/npm-sentinel-mcp is recently maintained — last commit was 46 days ago. It has 18 GitHub stars.

NPM Sentinel MCP

A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.

Features

Version analysis and tracking
Dependency analysis and mapping
Advanced Security Scanning: Recursive dependency checks, ecosystem awareness (e.g., React), and accurate version resolution.
Strict Input Validation: Protection against Path Traversal, SSRF, and Command Injection via rigorous input sanitization.
Package quality metrics
Download trends and statistics
TypeScript support verification
Package size analysis
Maintenance metrics
Real-time package comparisons
Standardized error handling and MCP response formats
Efficient caching for improved performance and API rate limit management
Rigorous schema validation and type safety using Zod

Note: The server provides AI-assisted analysis through MCP integration.

Caching and Invalidation

To ensure data accuracy while maintaining performance, the server implements robust caching strategies:

Automatic Invalidation: The cache is automatically invalidated whenever pnpm-lock.yaml, package-lock.json, or yarn.lock changes in your workspace. This ensures you always get fresh data after installing or updating dependencies.
Force Refresh: All tools accept an optional ignoreCache: true parameter to bypass the cache and force a fresh lookup from the registry.

Example Usage (JSON-RPC)

When calling a tool, simply include ignoreCache: true in the arguments:

{
  "name": "npmVersions",
  "arguments": {
    "packages": ["react"],
    "ignoreCache": true
  }
}

Installation

Migration to HTTP Streamable

This MCP server now supports both STDIO and HTTP streamable transport. Your existing STDIO configuration will continue to work without changes.

New capabilities:

HTTP streamable transport via Smithery.ai
Enhanced scalability and performance
Interactive testing playground

Development commands:

# Development server with playground
npm run dev

# Build for HTTP
npm run build:http

# Start HTTP server
npm run start:http

Install in VS Code

[](https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522npm-sentinel%2522%252C%2522config%2522%253A%257B%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522-y%2522%252C%2522%2540nekzus%252Fmcp-server%25

... View full README on GitHub

io.github.Nekzus/npm-sentinel-mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Observability Mcp

MCPpedia

io.github.xkumakichi/xaip-mcp-server

Llmkit MCP Server

Discussion