npm-mcp

MCP server that lets AI assistants manage npm packages. Publish, version, search, audit, install, and more -- all through Claude Code or any MCP client.

When to Use

Task	Tool
"Publish this package to npm"	`publish`
"Check for outdated dependencies"	`outdated`
"Run a security audit on my packages"	`audit`
"Search npm for authentication libraries"	`search`
"Bump the version and publish"	`version` then `publish`
"Check who owns this npm package"	`owner`
"View download stats for my package"	`view`

For AI agents: See llms.txt for a machine-readable summary. Copy templates/CLAUDE.md or templates/AGENTS.md into your project to teach your agent about this MCP.

Why

You're in Claude Code building a library. You finish the code, and now you need to publish it. Instead of switching to a terminal:

hljs language-kotlin

You: publish this package to npm with public access
Claude: [calls publish tool] Published @yourorg/lib@1.0.0 successfully

That's it. No context switching.

Setup

1. Install

hljs language-bash

git clone https://github.com/mikusnuz/npm-mcp.git
cd npm-mcp
npm install
npm run build

2. Get npm token

Go to npmjs.com > Account > Access Tokens > Generate New Token (Automation type recommended).

3. Add to Claude Code

Edit ~/.claude/settings.json:

hljs language-json

{
  "mcpServers": {
    "npm-mcp": {
      "command": "node",
      "args": ["/path/to/npm-mcp/dist/index.js"],
      "env": {
        "NPM_TOKEN": "npm_xxxxxxxxxxxx"
      }
    }
  }
}

Or if you've already run npm login locally, skip NPM_TOKEN -- it uses your ~/.npmrc automatically.

Tools

Publishing & Versioning

Tool	Description
`publish`	Publish a package to npm registry
`version`	Bump package version (patch/minor/major/pre*)
`unpublish`	Remove a package version
`deprecate`	Deprecate a version (or undeprecate with empty message)
`pack`	Preview what would be published

Package Info

Tool	Description
`view`	View package info from registry
`search`	Search npm registry
`bugs`	Get bug tracker URL for a package
`repo`	Get repository URL for a package
`docs`	Get documentation URL for a package
`diff`	Show diff between package versions

Dependency Management

Tool	Description
`install`	Install packages
`uninstall`	Remove packages
`update`	Update packages to latest semver-compatible version
`outdated`	Check for outdated packages
`ls`	List installed packages
`explain`	Explain why a package is installed
`dedupe`	Reduce duplication in dependency tree
`prune`	Remove extraneous packages
`fund`	Show funding info for dependencies
`query`	Query packages using CSS-like selectors

Security & Diagnostics

Tool	Description
`audit`	Run security audit (with optional auto-fix)
`sbom`	Generate Software Bill of Materials (CycloneDX/SPDX)
`doctor`	Check npm environment health
`ping`	Check registry connectivity

Configuration & Auth

Tool	Description
`whoami`	Check current authenticated user
`token`	Manage access tokens (list/revoke)
`access`	Set or view access level on packages
`owner`	Manage package owners (ls/add/rm)
`dist-tag`	Manage distribution tags (ls/add/rm)
`profile`	View or modify npm profile settings
`config`	View npm configuration (read-only)

Project Setup

Tool	Description
`init`	Initialize a new package.json
`pkg`	Manage package.json fields programmatically
`ci`	Clean install from lockfile (for CI)
`run-script`	Run scripts defined in package.json
`link`	Symlink a local package for development
`cache`	Manage the npm cache

Examples

Publish a scoped package:

hljs language-css

publish({ path: "/home/user/my-lib", access: "public" })

Bump version and publish:

hljs language-css

version({ path: "/home/user/my-lib", bump: "patch" })
publish({ path: "/home/user/my-lib" })

Check what's inside before publishing:

hljs language-php

pack({ path: "/home/user/my-lib", dryRun: true })

Search for existing packages:

hljs language-php

search({ query: "react state management", limit: 5 })

View package details:

hljs language-perl

view({ package: "@yourorg/lib", field: "versions" })

Install packages:

hljs language-php

install({ path: "/home/user/my-app", packages: ["express", "cors"], saveDev: false })

Check outdated dependencies:

hljs language-css

outdated({ path: "/home/user/my-app" })

Compare versions:

hljs language-perl

diff({ specs: ["lodash@4.17.20", "lodash@4.17.21"] })

Generate SBOM:

hljs language-php

sbom({ path: "/home/user/my-app", format: "spdx", production: true })

Query dependencies:

hljs language-css

query({ path: "/home/user/my-app", selector: ":root > .prod" })

Auth

Method	How
NPM_TOKEN (recommended)	Set `NPM_TOKEN` env var in MCP config. Get token from npmjs.com > Access Tokens
npm login	Run `npm login` in terminal first. Token saved in `~/.npmrc` is used automatically

For 2FA-enabled accounts, pass otp parameter to publish/unpublish/deprecate/owner/access/token tools.

Environment Variables

Variable	Default	Description
`NPM_TOKEN`	--	npm authentication token
`NPM_PATH`	`npm`	Path to npm binary (if not in PATH)

License

MIT

npm-mcp

npm-mcp

When to Use

Why

Setup

1. Install

2. Get npm token

3. Add to Claude Code

Tools

Publishing & Versioning

Package Info

Dependency Management

Security & Diagnostics

Configuration & Auth

Project Setup

Examples

Auth

Environment Variables

License

Similar Packages

Security

Tags

Original Author

Publisher