What are the requirements for NPM Registry?

NPM Registry requires the following environment variables: GITHUB_TOKEN (optional). You'll also need a compatible MCP client like Claude Desktop or Claude Code.

Is NPM Registry free to use?

Yes, NPM Registry is open source and free to use. You can find the source code on GitHub.

What MCP clients support NPM Registry?

NPM Registry works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure NPM Registry?

Configure NPM Registry by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

NPM Registry MCP Server

Q: What are the key features of NPM Registry?

Health scoring based on maintenance, popularity, security, and dependencies. License risk assessment using SPDX identifiers. GitHub integration for commit activity and repository health. In-memory caching with 5-minute TTL for API responses. CLI interface for direct terminal usage.

Q: What can I use NPM Registry for?

Evaluating the safety and maintenance status of a new dependency before adding it to a project. Checking for license compliance risks in third-party packages. Comparing multiple packages to determine which is more actively maintained. Quickly searching for NPM packages directly from the Claude interface.

Q: What tools does NPM Registry provide?

search-npm-packages: Search the NPM registry for packages.. get-npm-package: Get detailed information about an NPM package.. should-i-install: Comprehensive health check for evaluating whether to install a package..

Q: How do I install NPM Registry?

Install NPM Registry by running: go install github.com/howmanysmall/npm-registry-mcp/src@latest

Local setup required. This server has to be cloned and prepared on your machine before you register it in Claude Code.

Set the server up locally

Run this once to clone and prepare the server before adding it to Claude Code.

Run in terminal

git clone https://github.com/howmanysmall/npm-registry-mcp.git
cd npm-registry-mcp
go build -o npm-registry-mcp ./src

Register it in Claude Code

After the local setup is done, run this command to point Claude Code at the built server.

Run in terminal

claude mcp add npm-registry -- node "<FULL_PATH_TO_NPM_REGISTRY_MCP>/dist/index.js"

Replace <FULL_PATH_TO_NPM_REGISTRY_MCP>/dist/index.js with the actual folder you prepared in step 1.

README.md

NPM package analysis with health scoring and license risk assessment

npm-registry-mcp

A Model Context Protocol (MCP) server for NPM package analysis with health scoring, license risk assessment, and comprehensive package evaluation.

Features

4 MCP Tools for searching, inspecting, and evaluating NPM packages
CLI Interface for direct usage from the terminal
Health Scoring with weighted factors (maintenance, popularity, security, dependencies)
License Risk Assessment using SPDX identifiers (Low/Medium/High/Critical)
GitHub Integration for commit activity and repository health
In-Memory Caching with 5-minute TTL for API responses

Installation

From Source

go install github.com/howmanysmall/npm-registry-mcp/src@latest

From Releases

Download the latest binary from GitHub Releases.

Build Locally

git clone https://github.com/howmanysmall/npm-registry-mcp.git
cd npm-registry-mcp
go build -o npm-registry-mcp ./src

Configuration

Environment Variables

Variable	Required	Description
`GITHUB_TOKEN`	No	GitHub Personal Access Token for higher API rate limits (60/hr without, 5000/hr with)

.env File Support

Create a .env file in the working directory:

GITHUB_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxx

Usage with Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "npm-registry": {
      "command": "/path/to/npm-registry-mcp",
      "env": {
        "GITHUB_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}

CLI Usage

The binary can be used directly as a CLI tool. If no subcommands are provided, it defaults to starting the MCP server.

Search for packages

./npm-registry-mcp search react --limit 5

Get package details

./npm-registry-mcp info lodash

List package versions

./npm-registry-mcp versions express --limit 20

Evaluate package health

./npm-registry-mcp health react

JSON Output

All commands support the --json flag for machine-readable output.

./npm-registry-mcp health react --json

Tools

search-npm-packages

Search the NPM registry for packages.

Input:

Parameter	Type	Required	Description
`query`	string	Yes	Search query
`limit`	integer	No	Max results (1-100, default: 10)

Example:

{
  "query": "react",
  "limit": 5
}

get-npm-package

Get detailed information about an NPM package.

Input:

Parameter	Type	Required	Description
`name`	string	Yes	Package name

Example:

{
  "name": "lodash"
}

Returns: Name, version, description, license, homepage, repository, maintainers, keywords, dependencies, and recent versions.

should-i-install

Comprehensive health check for evaluating whether to install a package.

Input:

Parameter	Type	Required	Description
`package`	string	Yes	Package name to evaluate

Example:

{
  "package": "lodash"
}

Returns:

verdict: "yes" | "caution" | "no"
score: 0-100 health score
maintenance: Last publish date and status
dependencies: Direct, transitive, and outdated counts
security: Vulnerability count
popularity: Weekly downloads and trend
license: SPDX identifier and risk level
warnings: Array of concern messages

Verdict Criteria:

Verdict	Criteria
`yes`	Score >= 70, no warnings, no vulnerabilities
`caution`	Score 40-69, or warnings present
`no`	Score < 40, or vulnerabilities present

Health Scoring Algorithm

Factor	Weight	Description
Last Publish	25%	Time since last release (100 pts if <=30 days)
Download Trend	20%	Growth/decline in weekly downloads
Dependencies	20%	Percentage of outdated dependencies
Commit Activity	15%	Commits in last 90 days (requires GitHub token)
Maintainers	10%	Number of active maintainers
Vulnerabilities	10%	Known security vulnerabilities

License Risk Levels

Risk	Examples	Description
Low	MIT, Apache-2.0, BSD-3-Clause, ISC	Permissive, safe for any use
Medium	LGPL-3.0, MPL-2.0, EPL-2.0	Weak copyleft, some restrictions
High	GPL-3.0, AGPL-3.0	Strong copyleft, derivative works must share
Critical	SSPL-1.0, BUSL-1.1, UNLICENSED	Problematic, review with legal

Development

# Build
go build -o npm-registry-mcp ./src

# Test
go test -v -race ./...

# Lint
golangci-lint run ./...

# Integration tests (requires network)
go test -tags=integration -v ./src

Building & Releasing

Local Build

go build -o npm-registry-mcp ./src
``

Tools (3)

search-npm-packagesSearch the NPM registry for packages.

get-npm-packageGet detailed information about an NPM package.

should-i-installComprehensive health check for evaluating whether to install a package.

Environment Variables

GITHUB_TOKENGitHub Personal Access Token for higher API rate limits

Configuration

claude_desktop_config.json

{"mcpServers": {"npm-registry": {"command": "/path/to/npm-registry-mcp", "env": {"GITHUB_TOKEN": "ghp_xxxxxxxxxxxxxxxxxxxx"}}}}

Try it

→Search for popular react state management libraries.

→Get detailed information about the lodash package.

→Should I install the express package? Please perform a health check.

→Evaluate the health and security risks of the axios package.

Frequently Asked Questions

What are the key features of NPM Registry?

Health scoring based on maintenance, popularity, security, and dependencies. License risk assessment using SPDX identifiers. GitHub integration for commit activity and repository health. In-memory caching with 5-minute TTL for API responses. CLI interface for direct terminal usage.

What can I use NPM Registry for?

Evaluating the safety and maintenance status of a new dependency before adding it to a project. Checking for license compliance risks in third-party packages. Comparing multiple packages to determine which is more actively maintained. Quickly searching for NPM packages directly from the Claude interface.

How do I install NPM Registry?

Install NPM Registry by running: go install github.com/howmanysmall/npm-registry-mcp/src@latest

What MCP clients work with NPM Registry?

NPM Registry works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep NPM Registry docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all other servers →

NPM Registry MCP Server

Set the server up locally

Register it in Claude Code

npm-registry-mcp

Features

Installation

From Source

From Releases

Build Locally

Configuration

Environment Variables

.env File Support

Usage with Claude Desktop

CLI Usage

Search for packages

Get package details

List package versions

Evaluate package health

JSON Output

Tools

search-npm-packages

get-npm-package

should-i-install

Health Scoring Algorithm

License Risk Levels

Development

Building & Releasing

Local Build

Tools (3)

Environment Variables

Configuration

Try it

Frequently Asked Questions

Turn this server into reusable context

Related MCP Servers