MCP Directory

Package Registry MCP Server

Search NPM, crates.io, NuGet, PyPI, Go registries and GitHub Security Advisories for up-to-date package info.

Unverified
stdio (local)
No auth
Stale
TypeScript
View repo 38 npm

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run
npx package-registry-mcp

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "package-registry-mcp-server": {
      "command": "npx",
      "args": [
        "package-registry-mcp"
      ]
    }
  }
}

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

  • Node.js 18+ or Bun runtime
  • Internet connection for package registry access

About Package Registry MCP Server

A Model Context Protocol server that enables AI assistants and agents to search package registries (NPM, crates.io, NuGet, PyPI, Go) and the GitHub Security Advisory Database, returning real-time package metadata, versions, dependencies, download statistics, and vulnerability information.

Tools & capabilities (16)

search-npm-packages

Search the NPM registry for packages matching a query (params: query, optional limit 1-100, default 10).

get-npm-package-details

Get detailed information about a specific NPM package — metadata, dependencies, maintainers, repo/homepage links, and last 50 versions.

list-npm-package-versions

List all versions of a specific NPM package, sorted newest first (params: name, optional limit 1-1000, default 100).

search-cargo-packages

Search crates.io for Rust crates matching a query (params: query, optional limit 1-100, default 10).

get-cargo-package-details

Get detailed information about a specific crate from crates.io — metadata, keywords, categories, download stats, features, links, and last 50 versions.

list-cargo-package-versions

List all versions of a specific crate from crates.io, sorted newest first, with latest and max stable version info.

search-nuget-packages

Search the NuGet registry for .NET packages matching a query (params: query, optional limit 1-100, default 10).

get-nuget-package-details

Get detailed information about a specific NuGet package — metadata, authors, target frameworks, dependencies, download stats, and last 50 versions.

list-nuget-package-versions

List all versions of a specific NuGet package, sorted newest first.

get-pypi-package-details

Get detailed information about a specific PyPI package — metadata, authors, dependencies, Python version requirements, classifiers, download stats, vulnerabilities, and last 50 versions.

list-pypi-package-versions

List all versions of a specific PyPI package, sorted newest first.

get-golang-package-details

Get detailed information about a specific Go module/package — module path, latest version, publication date, repository and VCS details, and last 50 versions (param: module path).

list-golang-package-versions

List all versions of a specific Go module/package, sorted newest first (param: module path).

search-github-advisories

Search the GitHub Security Advisory Database for vulnerabilities, filterable by ecosystem, severity, type, and CVE ID (optional limit 1-100, default 30).

get-github-advisory

Get detailed information about a specific GitHub Security Advisory by GHSA ID — severity, CVSS score, affected/patched versions, CWE classifications, references, and credits.

get-package-advisories

Get all security advisories affecting a specific package (params: ecosystem, packageName, optional severity, optional limit).

When to use it

  • Look up the latest version and dependencies of an NPM, Cargo, PyPI, NuGet, or Go package without leaving your AI assistant.
  • Check whether a package has known security advisories before adding it to a project.
  • Compare package metadata, download statistics, and supported frameworks/Python versions while choosing a dependency.
  • Audit a dependency for vulnerabilities by GHSA or CVE identifier.

Package Registry MCP Server FAQ

Does it support searching PyPI and Go packages?

No. PyPI and pkg.go.dev do not provide a JSON search API, so only package-details and version-listing are supported for those ecosystems. Use the PyPI or pkg.go.dev websites for search.

Does it require an API key?

No. The server fetches data directly from the public package registries and the GitHub Security Advisory Database; no authentication is configured in the docs.

Which registries are covered?

NPM, crates.io (Rust), NuGet (.NET), PyPI (Python), Go modules (pkg.go.dev), plus the GitHub Security Advisory Database.

#npm#cargo#pypi#nuget#go#package-registry#dependencies#security-advisories#vulnerabilities

Alternatives to Package Registry MCP Server

Compare all alternatives →
Playwright MCP Server
Developer Tools
24k

Microsoft's official browser-automation MCP using Playwright's accessibility tree (no vision model).

Featured
Verified
stdio (local)
No auth
TypeScript
12 tools
Updated 21 days agoRepo
Context7 MCP Server
Developer Tools
28k

Up-to-date, version-specific library documentation injected into your coding agent.

Verified
stdio (local)
API key
TypeScript
2 tools
Updated 25 days agoRepo
codebase-memory-mcp
Developer Tools
16k

Code intelligence engine that indexes repos into a persistent knowledge graph for AI coding agents.

Unverified
stdio (local)
No auth
C
14 tools
Updated 11 hours agoRepo

Compare Package Registry MCP Server with:

vs Playwright MCP Servervs Context7 MCP Servervs codebase-memory-mcpvs Serena