Nekzus Utility Server
Provides comprehensive NPM package analysis including security vulnerabilities, dependencies, download trends, and quality metrics. Integrates with AI assistants to help developers make informed package selection decisions.
Utility server implementation providing dynamically registered tools for datetime handling, card operations, and schema conversion through a modular TypeScript architecture with stdio transport compatibility.
What it does
- Check NPM package vulnerabilities and security issues
- Analyze package dependencies and devDependencies
- Get download trends and popularity metrics
- Compare multiple packages across various metrics
- Check TypeScript support and package sizes
- Retrieve version history and changelogs
Best for
About Nekzus Utility Server
Nekzus Utility Server is a community-built MCP server published by nekzus that provides AI assistants with tools and capabilities via the Model Context Protocol. Nekzus Utility Server offers modular TypeScript tools for datetime, cards, and schema conversion with stdio transport co It is categorized under analytics data, developer tools. This server exposes 19 tools that AI clients can invoke during conversations and coding sessions.
How to install
You can install Nekzus Utility Server in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport. This server supports remote connections over HTTP, so no local installation is required.
License
Nekzus Utility Server is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
Tools (19)
Get all available versions of an NPM package
Get the latest version and changelog of an NPM package
Analyze dependencies and devDependencies of an NPM package
Check TypeScript types availability and version for a package
Get package size information including dependencies and bundle size
NPM Sentinel MCP
A powerful Model Context Protocol (MCP) server that revolutionizes NPM package analysis through AI. Built to integrate with Claude and Anthropic AI, it provides real-time intelligence on package security, dependencies, and performance. This MCP server delivers instant insights and smart analysis to safeguard and optimize your npm ecosystem, making package management decisions faster and safer for modern development workflows.
Features
- Version analysis and tracking
- Dependency analysis and mapping
- Advanced Security Scanning: Recursive dependency checks, ecosystem awareness (e.g., React), and accurate version resolution.
- Strict Input Validation: Protection against Path Traversal, SSRF, and Command Injection via rigorous input sanitization.
- Package quality metrics
- Download trends and statistics
- TypeScript support verification
- Package size analysis
- Maintenance metrics
- Real-time package comparisons
- Standardized error handling and MCP response formats
- Efficient caching for improved performance and API rate limit management
- Rigorous schema validation and type safety using Zod
Note: The server provides AI-assisted analysis through MCP integration.
Caching and Invalidation
To ensure data accuracy while maintaining performance, the server implements robust caching strategies:
- Automatic Invalidation: The cache is automatically invalidated whenever
pnpm-lock.yaml,package-lock.json, oryarn.lockchanges in your workspace. This ensures you always get fresh data after installing or updating dependencies. - Force Refresh: All tools accept an optional
ignoreCache: trueparameter to bypass the cache and force a fresh lookup from the registry.
Example Usage (JSON-RPC)
When calling a tool, simply include ignoreCache: true in the arguments:
{
"name": "npmVersions",
"arguments": {
"packages": ["react"],
"ignoreCache": true
}
}
Installation
Migration to HTTP Streamable
This MCP server now supports both STDIO and HTTP streamable transport. Your existing STDIO configuration will continue to work without changes.
New capabilities:
- HTTP streamable transport via Smithery.ai
- Enhanced scalability and performance
- Interactive testing playground
Development commands:
# Development server with playground
npm run dev
# Build for HTTP
npm run build:http
# Start HTTP server
npm run start:http
Install in VS Code
Add this to your VS Code MCP config file. See VS Code MCP docs for more info.
{
"servers": {
"npm-sentinel": {
"type": "stdio",
"command": "npx",
"args": ["-y", "@nekzus/mcp-server@latest"]
}
}
}
Smithery.ai Deployment (HTTP Streamable)
This MCP server now supports HTTP streamable transport through Smithery.ai for enhanced scalability and performance. You can deploy it directly on Smithery.ai: Benefits of HTTP deployment:
- Scalable: Handles multiple concurrent connections
- Streamable: Real-time streaming responses
- Managed: Automatic deployment and monitoring
- Backward Compatible: Still supports STDIO for local development
- Interactive Testing: Built-in playground for testing tools
Configuration for Smithery.ai:
{
"mcpServers": {
"npm-sentinel": {
"type": "http",
"url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp"
}
}
}
Configuration
The server supports the following configuration options:
| Environment Variable | CLI Argument | Default | Description |
|---|---|---|---|
NPM_REGISTRY_URL | config.NPM_REGISTRY_URL | https://registry.npmjs.org | URL of the NPM registry to use for all requests |
HTTP Deployment (Smithery/Docker)
When deploying via Smithery or Docker, you can configure these options in your configuration file:
{
"mcpServers": {
"npm-sentinel": {
"type": "http",
"url": "https://smithery.ai/server/@Nekzus/npm-sentinel-mcp",
"config": {
"NPM_REGISTRY_URL": "https://registry.npmjs.org"
}
}
}
}
Docker
Build
# Build the Docker image
docker build -t nekzus/npm-sentinel-mcp .
Usage
You can run the MCP server using Docker with directory mounting to /projects:
{
"mcpServers": {
"npm-sentinel-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-w", "/projects",
"--mount", "type=bind,src=${PWD},dst=/projects",
"nekzus/npm-sentinel-mcp",
"node",
"dist/index.js"
]
}
}
}
For multiple directories:
{
"mcpServers": {
"npm-sentinel-mcp": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-w", "/projects",
"--mount", "type=bind,src=/path/to/workspace,dst=/projects/workspace",
"--mount", "type=bind,src=/path/to/other/dir,dst=/projects/other/dir,ro",
"nekzus/npm-sentinel-mcp",
"node",
"dist/index.js"
]
}
}
}
Note: All mounted directories must be under /projects for proper access.
Usage with Claude Desktop
Add this to your claude_desktop_config.json:
{
"mcpServers": {
"npmsentinel": {
"command": "npx",
"args": ["-y", "@nekzus/mcp-server@latest"]
}
}
}
Configuration file locations:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json - macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Linux: (Claude for Desktop does not officially support Linux at this time)
NPX
{
"mcpServers": {
"npm-sentinel-mcp": {
"command": "npx",
"args": [
"-y",
"@nekzus/mcp-server@latest"
]
}
}
}
API
The server exposes its tools via the Model Context Protocol. All tools adhere to a standardized response format:
{
"content": [
{
"type": "text",
"text": "string",
"isError": boolean // Optional
}
// ... more content items if necessary
]
}
Resources
npm://registry: NPM Registry interfacenpm://security: Security analysis interfacenpm://metrics: Package metrics interface
Server Resources
The server also provides the following informational resources accessible via MCP GetResource requests:
doc://server/readme:- Description: Retrieves the main
README.mdfile content for this NPM Sentinel MCP server. - MIME Type:
text/markdown
- Description: Retrieves the main
doc://mcp/specification:- Description: Retrieves the
llms-full.txtcontent, providing the comprehensive Model Context Protocol specification. - MIME Type:
text/plain
- Description: Retrieves the
Tools
npmVersions
- Get all versions of a package
- Input:
packages(string[]) - Returns: Version history with release dates
npmLatest
- Get latest version information
- Input:
packages(string[]) - Returns: Latest version details and changelog
npmDeps
- Analyze package dependencies
- Input:
packages(string[]) - Returns: Complete dependency tree analysis including direct dependencies and full transitive graph (count and explicit flatten list) mapping through deps.dev.
npmTypes
- Check TypeScript support
- Input:
packages(string[]) - Returns: TypeScript compatibility status
npmSize
- Analyze package size
- Input:
packages(string[]) - Returns: Bundle size and import cost analysis
npmVulnerabilities
- Scan for security vulnerabilities
- Features:
- Instant Transitive Scanning: Powered by Google's
deps.devAPI to resolv
- Instant Transitive Scanning: Powered by Google's
README truncated. View full README on GitHub.
Alternatives
Related Skills
Browse all skillsUse when building MCP servers or clients that connect AI systems with external tools and data sources. Invoke for MCP protocol compliance, TypeScript/Python SDKs, resource providers, tool functions.
CCXT cryptocurrency exchange library for TypeScript and JavaScript developers (Node.js and browser). Covers both REST API (standard) and WebSocket API (real-time). Helps install CCXT, connect to exchanges, fetch market data, place orders, stream live tickers/orderbooks, handle authentication, and manage errors. Use when working with crypto exchanges in TypeScript/JavaScript projects, trading bots, arbitrage systems, or portfolio management tools. Includes both REST and WebSocket examples.
.NET/C# backend developer for ASP.NET Core APIs with Entity Framework Core. Builds REST APIs, minimal APIs, gRPC services, authentication with Identity/JWT, authorization, database operations, background services, SignalR real-time features. Activates for: .NET, C#, ASP.NET Core, Entity Framework Core, EF Core, .NET Core, minimal API, Web API, gRPC, authentication .NET, Identity, JWT .NET, authorization, LINQ, async/await C#, background service, IHostedService, SignalR, SQL Server, PostgreSQL .NET, dependency injection, middleware .NET.
Build full-stack applications with Supabase (PostgreSQL, Auth, Storage, Real-time, Edge Functions). Use when implementing authentication, database design with RLS, file storage, real-time features, or serverless functions.
Transform data into compelling narratives using visualization, context, and persuasive structure. Use when presenting analytics to stakeholders, creating data reports, or building executive presentations.
Senior Python developer expertise for writing clean, efficient, and well-documented code. Use when: writing Python code, optimizing Python scripts, reviewing Python code for best practices, debugging Python issues, implementing type hints, or when user mentions Python, PEP 8, or needs help with Python data structures and algorithms.