Mcp Server Npm Goof

Name: Mcp Server Npm Goof
Author: snyk-labs

Official

by snyk-labs

An MCP server for NPM JavaScript Package Management tools

7 1 tool GitHub

No known CVEs

No license

Maintained

Last commit 71d ago

Works with most clients

Transport: http

1 tool · ~68 tok

Grade A · 0.0% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-server-npm-goof": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-npm-goof)](https://mcppedia.org/s/mcp-server-npm-goof)

Read me

What Mcp Server Npm Goof does

A Model Context Protocol server that provides a tool to fetch npm package information.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

66/100across 5 weighted dimensions

How we score →

0255075100

−34

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (1)

Click any tool to inspect its schema.

~68 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Npm Goof safe to use?: Mcp Server Npm Goof has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp Server Npm Goof?: Mcp Server Npm Goof can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Mcp Server Npm Goof do?: Mcp Server Npm Goof provides 1 tool: getNpmPackageInfo. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Server Npm Goof?: Mcp Server Npm Goof is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is Mcp Server Npm Goof actively maintained?: Mcp Server Npm Goof is recently maintained — last commit was 71 days ago. It has 7 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for Mcp Server Npm Goof and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Usage

Start the server:

npm start

The server will start listening on port 3000 by default. You can customize the port by setting the PORT environment variable:

PORT=3500 npm start

This server is designed to be used with IDE integrations and AI agents that support the Model Context Protocol over HTTP.

Tool: getNpmPackageInfo

Parameters:

packageName (string): The name of the npm package to look up

Returns:

packageInfo (object): JSON object containing all available information about the package

Frequently Asked Questions

Is Mcp Server Npm Goof safe to use?

Mcp Server Npm Goof has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp Server Npm Goof?

Mcp Server Npm Goof can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can Mcp Server Npm Goof do?

Mcp Server Npm Goof provides 1 tool: getNpmPackageInfo. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp Server Npm Goof?

Mcp Server Npm Goof is compatible with claude-desktop, cursor, claude-code. It uses http transport.

Is Mcp Server Npm Goof actively maintained?

Mcp Server Npm Goof is recently maintained — last commit was 71 days ago. It has 7 GitHub stars.

MCP Server for NPM Package Info

A Model Context Protocol server that provides a tool to fetch npm package information.

Security Disclaimer: this repository is intentionally vulnerable, intended to be used as an educational tool for MCP Server security.

How to use the MCP Server

Define the MCP Server in your Agent MCP configuration, as follows:

{
    "servers": {
        "npm-and-node-tools": {
            "type": "http",
            "url": "http://localhost:3500/mcp"
        }
    },
    "inputs": []
}

Features

Exposes a getNpmPackageInfo tool using MCP
Uses HTTP (Streamable HTTP) transport for remote connections
Returns structured package information
Supports session management for stateful connections

Installation

npm install

Usage

Start the server:

npm start

The server will start listening on port 3000 by default. You can customize the port by setting the PORT environment variable:

PORT=3500 npm start

This server is designed to be used with IDE integrations and AI agents that support the Model Context Protocol over HTTP.

Tool: getNpmPackageInfo

Parameters:

packageName (string): The name of the npm package to look up

Returns:

packageInfo (object): JSON object containing all available information about the package