npm-helper-mcp
Verified Safeby Sametcanj
Overview
Facilitates NPM package management and dependency updates for large language models (LLMs) via the Model Context Protocol.
Installation
npx -y @pinkpixel/npm-helper-mcpEnvironment Variables
- HARDWARE_ACCELERATION
Security Notes
The server uses Zod for input validation and implements rate limiting for external API calls to the npm registry. It adheres to MCP protocol best practices by logging all server-side messages exclusively to stderr. No direct use of 'eval' or obvious code obfuscation is present, and no hardcoded secrets are identified. However, its 'run_doctor' tool can execute arbitrary 'doctorInstall' and 'doctorTest' scripts, and other tools can modify 'package.json' files based on the 'packagePath' argument. This powerful functionality, while intended for dependency management, necessitates deployment in trusted environments and careful consideration of inputs provided by the calling LLM or framework to prevent unintended script execution or file modifications.
Similar Servers
cli
The Smithery CLI is a developer tool for installing, managing, building, running, and deploying Model Context Protocol (MCP) servers and integrating them with various AI clients.
claude-prompts-mcp
Enhances AI assistant behavior through structured prompt management, multi-step chains, quality gates, and autonomous verification loops, primarily for development tasks.
typingmind-mcp
A server for managing and integrating Model Context Protocol (MCP) servers with TypingMind, enabling custom AI model connections.
package-registry-mcp
Enables AI assistants and agents to search various package registries (NPM, Cargo, NuGet, PyPI, Go) and retrieve up-to-date package information.