npm-package-tracker-mcp
Fetches live npm package data including health metrics, download counts, and security advisories through MCP. Developers query package status to evaluate dependencies before use in projects. Package maintainers track their packages' performance and issues.
Overview
The npm-package-tracker-mcp server provides programmatic access to real-time intelligence on npm packages, focusing on health scores, download statistics, and security advisories. It enables developers to retrieve this data via MCP calls, supporting dependency analysis without manual checks on the npm registry.
Key Capabilities
- Package health queries: Retrieves maintenance status, quality scores, and activity levels for any npm package.
- Download statistics: Fetches weekly or daily download counts and trends over time.
- Advisory listings: Lists known vulnerabilities, security issues, and CVE details associated with packages.
These capabilities allow integration into CI/CD pipelines or custom dashboards for ongoing monitoring.
Use Cases
- Dependency scanning in CI/CD: Before merging code, run get_package_health and list_advisories on dependencies to block vulnerable or unmaintained packages.
- Trend analysis for maintainers: Use get_downloads to monitor a package's adoption and correlate with releases or marketing efforts.
- Security audits: Query advisories across a project's dependency tree to generate compliance reports.
- Market research: Track download trends for competitor packages to inform development priorities.
Who This Is For
Node.js developers integrating third-party packages, open-source maintainers monitoring metrics, security engineers auditing supply chain risks, and data analysts studying the npm ecosystem. It suits teams needing automated, API-driven insights into package reliability.