pypi-query-mcp-server
Verified Safeby loonghao
Overview
A Model Context Protocol (MCP) server for querying PyPI package information, dependencies, and compatibility checking for LLM-based coding agents.
Installation
python -m pypi_query_mcp.serverEnvironment Variables
- PYPI_INDEX_URL
- PYPI_CACHE_TTL
- PYPI_LOG_LEVEL
- PYPI_REQUEST_TIMEOUT
- PYPI_INDEX_URLS
- PYPI_EXTRA_INDEX_URLS
- PYPI_PRIVATE_PYPI_URL
- PYPI_PRIVATE_PYPI_USERNAME
- PYPI_PRIVATE_PYPI_PASSWORD
- PYPI_DEPENDENCY_MAX_DEPTH
- PYPI_DEPENDENCY_MAX_CONCURRENT
- PYPI_ENABLE_SECURITY_ANALYSIS
Security Notes
The server demonstrates good security practices by handling private repository credentials via environment variables and masking them in logs. It performs checksum verification for downloaded packages. External network calls are made to trusted PyPI sources (pypi.org, pypistats.org). No 'eval' or obvious malicious patterns were found. A minor area to note is that a compromised PyPI serving malicious URLs with matching checksums for legitimate-looking packages could still lead to issues, but this is a broader ecosystem risk, not a flaw in the tool's immediate implementation.
Similar Servers
mcp-interviewer
A Python CLI tool designed to evaluate, test, and generate reports on Model Context Protocol (MCP) servers to ensure compatibility and quality for LLM agent use cases.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
mcp-mcp
Facilitates AI assistants in discovering and provisioning other Model Context Protocol (MCP) servers based on natural language descriptions.
uv-mcp
Manages Python environments and dependencies using uv, providing diagnostics, repair, and package management capabilities for AI assistants.