π Production-ready MCP server for intelligent JavaScript package management
Works seamlessly with Claude, Windsurf, Cursor, VS Code, and any MCP-compatible AI editor.
β ALL TOOLS NOW FULLY OPERATIONAL
- Enhanced Install Tools: Robust package installation with intelligent retry logic
- Fixed Directory Resolution: No more "Invalid project directory: /" errors
- Enhanced Vulnerability Checking: Now works reliably with graceful error handling
- Improved Package Installation: Better npm idealTree error handling with automatic retries
- Debug Tools: New debug_version tool for troubleshooting
- 100% Compatibility: All operations now work with both relative (
.) and absolute paths
π Current Status: 16/16 tools fully functional with comprehensive error handling
| Tool | Status | Description | Works with . |
|---|---|---|---|
| search_packages | β | Search npm registry with intelligent scoring | N/A |
| package_info | β | Get detailed package metadata and info | N/A |
| check_bundle_size | β | Analyze bundle size before installation | N/A |
| download_stats | β | View download statistics and trends | N/A |
| check_license | β | Check package license information | N/A |
| dependency_tree | β | Visualize dependency relationships | β |
| list_licenses | β | List all project licenses | β |
| audit_dependencies | β | Security vulnerability scanning | β |
| analyze_dependencies | β | Detect circular deps & issues | β |
| check_outdated | β | Find outdated packages | β |
| clean_cache | β | Clean package manager cache | β |
| check_vulnerability | β | Check specific package vulnerabilities | N/A |
| install_packages | β | Install packages with intelligent retry logic | β |
| update_packages | β | Update packages to latest versions | β |
| remove_packages | β | Remove packages from project | β |
| debug_version | β | Debug server version and status | N/A |
β
All 16 Tools Fully Operational: Complete functionality across all package management operations
β
Robust Installation: Intelligent retry logic with automatic recovery from npm errors
β
Fixed Directory Resolution: All tools now properly handle relative paths (.)
β
Enhanced Error Handling: Clear, actionable error messages with recovery suggestions
β
Automatic Retries: Intelligent retry logic for npm idealTree and other transient errors
β
Graceful Degradation: Tools continue to work even when external APIs are unavailable
- Search npm registry with intelligent relevance scoring
- View detailed package metadata, keywords, and maintainers
- Pagination support for comprehensive results
- Install, update, and remove packages across NPM, Yarn, and pnpm
- Support for dev dependencies, global packages, and version constraints
- Automatic package manager detection with retry logic
- Real-time vulnerability scanning with fallback mechanisms
- Automated security fix suggestions and implementation
- License compliance tracking and analysis
- Bundle size analysis before installation
- Dependency tree visualization with circular dependency detection
- Download statistics and popularity metrics
- Orphaned file detection
The easiest way to get started:
{
"mcpServers": {
"npmplus-mcp": {
"transport": "http",
"url": "https://api.npmplus.dev/mcp"
}
}
}For customization or private deployment:
git clone https://github.com/shacharsol/js-package-manager-mcp.git
cd js-package-manager-mcp
npm install
npm run build
npm startFor web deployment (Netlify, Vercel, etc.):
# Run the automated setup script
./deployment/setup-deployment.sh
# Customize the deployment URLs
nano scripts/test-deployment.sh
# Deploy to your own infrastructure
npm run deploy:netlifyπ Security Note: The production service at
api.npmplus.devhas automatic deployments disabled. Only the maintainer can deploy to production usingnpm run deploy:production.
See deployment/README.md for detailed deployment instructions.
π€ Claude Desktop
Configuration File Location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Add this configuration:
{
"mcpServers": {
"npmplus-mcp": {
"transport": "http",
"url": "https://api.npmplus.dev/mcp"
}
}
}How to use:
- Just ask naturally: "Search for React testing libraries"
- Claude automatically detects and uses MCP tools
- Look for tool use blocks in responses
Test: "What's the current version of React?"
π Windsurf
For hosted version, create mcp_config.json in your project root:
{
"mcpServers": {
"npmplus-mcp": {
"serverUrl": "https://api.npmplus.dev/mcp"
}
}
}For npx installation (Recommended for local):
{
"mcp": {
"servers": {
"npmplus-mcp": {
"command": "npx",
"args": [
"-y",
"npmplus-mcp-server"
],
"disabled": false
}
}
}
}For local development:
{
"mcp": {
"servers": {
"npmplus-mcp": {
"command": "node",
"args": [
"./dist/index.js"
],
"cwd": "./",
"disabled": false
}
}
}
}How to use:
- Natural language: "Install express and cors packages"
- Cascade mode: "Update all packages and fix breaking changes"
- Look for "π§ Using npmplus-mcp" in activity bar
Test: "Show me popular authentication libraries"
π― Cursor
NPX Installation (Recommended for Cursor) Add to your Cursor MCP configuration:
{
"mcpServers": {
"npmplus-mcp": {
"command": "npx",
"args": ["-y", "npmplus-mcp-server"]
}
}
}- Use NPX installation only - HTTP transport not supported reliably
- Requires explicit prompts in non-agent mode: "Use npmplus-mcp to..."
- Agent mode increases auto-detection of MCP usage
- HTTP transport: Currently experimental and may cause "Loading tools" issues
Method 3: .cursorrules File
# NPM Plus MCP Integration
This project uses NPM Plus (https://api.npmplus.dev/mcp) for AI-powered package management.
Available features:
- Package search and installation
- Security vulnerability scanning
- Bundle size analysis
- Dependency management
How to use:
- Chat: "Search for testing frameworks"
- Composer (Cmd+K): "Find React animation libraries"
- Explicit: "Use npmplus-mcp to check bundle sizes"
- Look for tool usage in sidebar
Test: "What's the bundle size of lodash?"
π VS Code + 𧬠Cline
Prerequisites:
- VS Code (version 1.102 or later for full MCP support)
- Node.js installed
- Cline extension by saoudrizwan
Setup Steps:
-
Install Cline Extension
- Open VS Code Extensions (Ctrl+Shift+X)
- Search for "Cline" by saoudrizwan
- Install and reload VS Code
-
Configure AI Model
- Click Cline icon in Activity Bar
- Sign in at app.cline.bot
- Configure your AI model (Anthropic, OpenAI, etc.)
-
Add NPM Plus MCP Server
Method 1: Automatic Setup (Recommended)
In Cline chat: "add a tool for JavaScript package management using npmplus-mcp-server"
Cline will automatically configure the MCP server for you.
Method 2: Manual Cline Configuration
Click "MCP Servers" β "Configure MCP Servers" β Add to cline_mcp_settings.json:
{
"mcpServers": {
"npmplus-mcp": {
"command": "npx",
"args": ["-y", "npmplus-mcp-server"]
}
}
}Method 3: VS Code Native MCP
Create .vscode/mcp.json or use Command Palette: "MCP: Add Server":
{
"mcpServers": {
"npmplus-mcp": {
"command": "npx",
"args": ["-y", "npmplus-mcp-server"]
}
}
}Usage:
- Tools appear automatically in Cline's agent mode
- Use explicit prompts: "Use npmplus-mcp to search for react packages"
- Example: "Use the package manager tool to find Express middleware"
Troubleshooting:
- Check server status in Cline's "Installed" servers tab
- Use restart button next to MCP server if needed
- Click "Show Output" to view server logs
- Adjust timeout settings (30 seconds to 1 hour) if connection issues occur
Security Notes:
- MCP servers run with your local permissions
- Only install servers from trusted sources
- Review configuration before enabling servers
| Tool | Description | Use Case |
|---|---|---|
search_packages |
Search npm registry with advanced filtering | Find packages by functionality |
package_info |
Get comprehensive package metadata | Research before installation |
install_packages |
Install with dev/global options | Add dependencies |
update_packages |
Update to latest versions | Maintenance |
remove_packages |
Clean removal of packages | Cleanup |
audit_dependencies |
Security vulnerability scanning | Security |
check_bundle_size |
Analyze package size impact | Performance |
dependency_tree |
Visualize dependency relationships | Architecture |
list_licenses |
License compliance analysis | Legal |
analyze_dependencies |
Detect circular deps and orphans | Code quality |
Security-focused:
"Check if lodash has any security vulnerabilities"
"Audit all dependencies and suggest fixes"
"Find packages with MIT licenses only"
Performance-focused:
"What's the bundle size impact of adding moment.js?"
"Show me lightweight alternatives to lodash"
"Find circular dependencies in my project"
Development workflow:
"Install typescript as a dev dependency"
"Update all outdated packages"
"Search for React form validation libraries"
For enterprise or custom deployments:
git clone https://github.com/shacharsol/js-package-manager-mcp.git
cd js-package-manager-mcp
npm install
npm run build
npm startVia npx (Recommended):
{
"mcpServers": {
"npmplus-mcp": {
"command": "npx",
"args": ["-y", "npmplus-mcp-server"]
}
}
}Local development:
{
"mcpServers": {
"npmplus-mcp": {
"command": "node",
"args": ["./dist/index.js"],
"cwd": "/path/to/js-package-manager-mcp"
}
}
}# Test deployment health
npm run test:deployment
# Run unit tests
npm test
# Development mode
npm run dev# Bump version only (patch/minor/major)
npm run bump
# Full production deployment (maintainer only)
# - Interactive version bumping
# - Automated npm publishing
# - Git tagging and pushing
# - Netlify deployment
# - Endpoint testing
npm run deploy:productionProduction deployment includes:
- β Prerequisites check (npm login, netlify login, clean git)
- π¦ Interactive version bumping (patch/minor/major)
- π§ͺ Automated testing
- π€ NPM package publishing
- π·οΈ Git tagging and pushing
- π Netlify deployment
- π Endpoint health checks
Built with modern tools:
- TypeScript - Type safety and developer experience
- MCP SDK - Official Model Context Protocol implementation
- Zod - Runtime type validation and parsing
- Execa - Secure subprocess execution
- Pacote - Official npm registry client
- Node-cache - Intelligent response caching
Performance optimizations:
- β‘ Intelligent caching with configurable TTLs
- π― Rate limiting to prevent API throttling
- π¦ Parallel operations for batch processing
- πͺΆ Optimized responses for AI context windows
- β Isolated subprocess execution
- β Input validation prevents injection attacks
- β Official vulnerability databases only
- β No credential storage or sensitive data handling
- β CORS-enabled for secure web integration
We welcome contributions! Please see our Contributing Guidelines.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Add tests for new functionality
- Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
NPM Plus includes optional analytics for self-hosted deployments:
- π Basic tracking - Console logging for debugging and monitoring
- π§ Tool usage - Track which MCP tools are being used
- π Performance metrics - Response times and success rates
- π Privacy-first - Minimal data collection, IP hashing
- βοΈ Configurable - Enable via environment variables
For self-hosted deployments, you can enable analytics logging:
# Enable analytics logging
ENABLE_ANALYTICS=true
ANALYTICS_SALT=your-random-saltAnalytics data will be logged to console output for monitoring and debugging.
All major issues have been resolved in the latest version:
| Issue | Status | Solution |
|---|---|---|
| Directory resolution errors | β FIXED | Proper handling of relative paths (.) |
| Vulnerability check failures | β FIXED | Enhanced error handling with fallbacks |
| npm idealTree errors | β FIXED | Automatic retry logic with cleanup |
| Package installation failures | β FIXED | Robust retry mechanism with recovery |
| All tools operational | β COMPLETE | 16/16 tools fully functional |
1. npm idealTree Error
# If you see: "Tracker 'idealTree' already exists"
# Solution 1: Use the clean cache tool
"Clean the npm cache first"
# Solution 2: Manual cleanup (if needed)
npm cache clean --force
# Solution 3: Restart Claude Desktop to reset MCP connection2. Directory Resolution Issues
# Problem: "Invalid project directory: /"
# β
SOLVED - all tools now work with relative paths
"Install lodash in the current directory" # Works correctly now3. Vulnerability Check Not Working
# β
SOLVED - now provides graceful fallback
"Check vulnerabilities for express@4.17.0" # Works with helpful informationUse the debug tool to check server status:
"Run debug_version tool"
This will show:
- Current version running
- Server uptime and status
- Working directory
- Environment details
Verify everything is working:
# Quick production test
npm run test:production
# Comprehensive feature test
npm run test:comprehensive
# Test specific issues that were fixed
npm run test:issuesIf you encounter issues:
- Check Version: Use
debug_versiontool to confirm you're running v12.0.16+ - Restart: Restart Claude Desktop to pick up latest version
- Clear Cache: Try
clean_cachetool first - Check Logs: Look for
[npmplus-mcp]messages in console - Report: Open issue at GitHub Issues
Include in bug reports:
- Version from
debug_versionoutput - Exact error message
- Steps to reproduce
- Operating system
To ensure you're running the latest version:
For Hosted Service Users:
- Updates are automatic
- Restart Claude Desktop to refresh connection
For Self-Hosted Users:
# Update to latest version
npm update npmplus-mcp-server
# Or reinstall
npm uninstall -g npmplus-mcp-server
npm install -g npmplus-mcp-server@latestMIT License - see LICENSE for details.
Created with β€οΈ by Shachar Solomon in 2025.
Star this repo if NPM Plus helps your AI development workflow!
Built with β€οΈ for the open source community