mcp-typescript-sdk
Verified Safeby emqx
Overview
The TypeScript SDK facilitates the implementation of Model Context Protocol (MCP) over MQTT for creating AI-integrable servers and clients, enabling LLMs to discover and interact with external services and tools.
Installation
npm run start:serverSecurity Notes
The source code appears to follow good security practices. It extensively uses Zod schemas for input validation, which helps prevent malformed requests and potential injection vulnerabilities. Message parsing uses `JSON.parse`, which is safe for valid JSON. There are no explicit uses of `eval`, `child_process.exec`, or other dynamic code execution mechanisms. Sensitive information like MQTT credentials (username, password) are expected to be provided by the user during configuration and are not hardcoded. The SDK uses `nanoid` for generating unique IDs, which is cryptographically strong. MQTT 5.0 features are leveraged to enhance connection robustness. The error handling mechanism also appears to prevent excessive internal detail leakage. The `RELEASING.md` indicates secure npm publishing via OIDC, reflecting a general security awareness.
Similar Servers
mcp-use
A comprehensive framework for building full-stack Model Context Protocol (MCP) applications, including AI agents, MCP servers with UI widgets, and integrated debugging tools in both Python and TypeScript.
boilerplate-mcp-server
Provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation tool.
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
leanmcp-sdk
Building production-ready Model Context Protocol (MCP) servers with TypeScript, supporting features like authentication, elicitation, and UI integration for AI agents.