@registry/mcp
Unified MCP server for searching, analyzing, and managing packages across npm, JSR, Deno, and multiple CDN providers with auto-detection.
README
@registry/mcp - Multi-Registry Package Search
A unified tool to search across multiple JavaScript/TypeScript package registries including npm, JSR, Deno, and more. Auto-detects the appropriate registry and provides comprehensive library information.
@registry/mcp is a powerful Model Context Protocol (MCP) server that provides AI assistants with comprehensive package registry tools. It enables searching, analyzing, and managing packages across npm, JSR, Deno, and multiple CDN providers.
Features
- š Search packages across multiple registries
- š¦ Get CDN import URLs for packages
- š Check package vulnerabilities
- š Analyze bundle sizes and dependencies
- āļø Generate install/update/remove commands
- š Access CDN providers (unpkg, jsdelivr, skypack, esm.sh, etc.)
Installation & Setup
Add this MCP server to your MCP-compatible client (like Cursor, Claude Desktop, etc.):
For Cursor (.cursor/mcp.json):
{
"mcpServers": {
"@registry/mcp": {
"command": "deno",
"args": ["run", "--allow-net", "--allow-env", "jsr:@registry/mcp/mcp"]
}
}
}
Optional: Set default registry provider
{
"mcpServers": {
"@registry/mcp": {
"command": "deno",
"args": ["run", "--allow-net", "--allow-env", "jsr:@registry/mcp/mcp"],
"env": {
"REGISTRY_MCP_PROVIDER": "npm"
}
}
}
}
Valid values: npm, jsr, deno (or omit for auto-detection)
Available MCP Tools
š Search Tools
search_packages
When to use: Search for packages with automatic registry detection.
Input:
{
"query": "lodash",
"limit": 20
}
Returns:
- Formatted text with emoji-enhanced results
- JSON with package details (name, version, description, downloads, etc.)
Example:
š¦ NPM Results
Query: "lodash"
Total: 1 packages
1. lodash @4.17.21
A modern JavaScript utility library delivering modularity, performance, & extras.
š https://www.npmjs.com/package/lodash
š„ 50,000,000 downloads
search_all_registries
When to use: Search across all registries (npm, JSR, Deno) simultaneously to find packages.
Input:
{
"query": "express",
"limit": 10
}
Returns:
- Results from npm, JSR, and Deno in formatted text
- JSON array with results from each registry
search_npm / search_jsr / search_deno
When to use: Search a specific registry when you know which one to target.
Input:
{
"query": "react",
"limit": 20
}
Returns: Formatted search results from the specified registry
š CDN Tools
get_cdn_imports
When to use: Get CDN import URLs for a package to use in browsers or Deno without bundlers.
Input:
{
"packageName": "lodash",
"version": "4.17.21",
"registry": "npm"
}
Returns:
š CDN Imports for lodash
Version: 4.17.21
Registry: npm
ā Recommended:
š skypack
URL: `https://cdn.skypack.dev/lodash@4.17.21`
Type: ESM (minified)
Optimized ESM packages with automatic bundling
š All Available CDN Imports:
1. š¦ unpkg - https://unpkg.com/lodash@4.17.21
2. ā” jsdelivr - https://cdn.jsdelivr.net/npm/lodash@4.17.21
3. š skypack - https://cdn.skypack.dev/lodash@4.17.21
4. āØ esm.sh - https://esm.sh/lodash@4.17.21
...
Supported CDNs:
- š¦ unpkg - Fast, global CDN
- ā” jsdelivr - Fast, reliable CDN
- āļø cdnjs - Cloudflare CDN
- š skypack - Optimized ESM with bundling
- āØ esm.sh - Fast ESM with TypeScript support
- š jsr.io - Direct JSR imports
- š¦ deno.land - Direct Deno imports
search_cdn
When to use: Search for packages available on CDN providers.
Input:
{
"query": "react",
"provider": "all",
"limit": 20
}
Provider options: cdnjs, unpkg, jsdelivr, skypack, esm.sh, or all
Returns: Search results with CDN URLs for each package
š Security & Analysis Tools
check_vuln
When to use: Check if a package has known security vulnerabilities before installing.
Input:
{
"packageName": "express",
"registry": "npm"
}
Returns:
š Security Check for express
Registry: npm
ā ļø Found 2 vulnerability/vulnerabilities:
š“ Critical: 0
š High: 1
š” Moderate: 1
š¢ Low: 0
Details:
1. š CVE-2022-24999 - Express vulnerability
Package: express
Affected: <4.18.0
Patched: >=4.18.0
š https://nvd.nist.gov/vuln/detail/CVE-2022-24999
Note: Full vulnerability checking requires running npm audit locally after installation.
check_bundle_size
When to use: Check the bundle size of a package to understand its impact on your application.
Input:
{
"packageName": "lodash",
"version": "4.17.21"
}
Returns:
š¦ Bundle Size for lodash
Version: 4.17.21
Minified: 71.23 KB
Gzipped: 24.56 KB
Brotli: 22.10 KB
š Dependency Analysis Tools
analyze_dependency
When to use: Get a comprehensive analysis of a package's dependencies (counts, types, etc.).
Input:
{
"packageName": "express",
"registry": "npm"
}
Returns:
{
"package": "express",
"registry": "npm",
"totalDependencies": 45,
"directDependencies": 30,
"devDependencies": 15,
"peerDependencies": 0,
"optionalDependencies": 0,
"hasVulnerabilities": false
}
dependency_tree
When to use: Get the full dependency tree of a package to understand what it depends on.
Input:
{
"packageName": "express",
"version": "4.18.2"
}
Returns: Complete dependency tree with all nested dependencies
peer_deps
When to use: Check peer dependencies that need to be installed separately.
Input:
{
"packageName": "react-dom",
"registry": "npm"
}
Returns:
{
"package": "react-dom",
"peerDependencies": {
"react": "^18.0.0"
},
"registry": "npm"
}
check_outdated
When to use: Generate a command to check for outdated packages in your project.
Input:
{
"registry": "npm",
"workspace": "./my-project"
}
Returns:
{
"command": "cd ./my-project && npm outdated --json",
"registry": "npm"
}
āļø Package Management Tools
install
When to use: Generate install commands for packages.
Input:
{
"packageName": "lodash",
"version": "4.17.21",
"dev": false,
"registry": "npm",
"workspace": "./my-project"
}
Returns:
{
"success": true,
"message": "Install command generated for npm",
"registry": "npm",
"command": "cd ./my-project && npm install lodash@4.17.21 --save"
}
remove
When to use: Generate remove/uninstall commands.
Input:
{
"packageName": "lodash",
"registry": "npm"
}
Returns: Command to remove the package
update
When to use: Generate update commands for packages.
Input:
{
"packageName": "lodash",
"latest": true,
"registry": "npm"
}
Returns: Command to update the package (or all packages if packageName is omitted)
ci
When to use: Generate CI commands for clean dependency installation.
Input:
{
"registry": "npm",
"workspace": "./my-project"
}
Returns:
{
"command": "cd ./my-project && npm ci",
"registry": "npm"
}
š§ Utility Tools
detect_registry
When to use: Detect which registry a package belongs to.
Input:
{
"packageName": "@std/path"
}
Returns:
{
"packageName": "@std/path",
"registry": "jsr"
}
get_registry_info
When to use: Get metadata about a registry (URLs, endpoints, etc.).
Input:
{
"registry": "npm"
}
Returns:
{
"name": "npm",
"url": "https://www.npmjs.com",
"searchUrl": "https://registry.npmjs.org/-/v1/search",
"packageUrl": "https://www.npmjs.com/package/{name}"
}
Registry Auto-Detection
The MCP server automatically detects the registry based on package name patterns:
- JSR: Packages starting with
@and containing/(e.g.,@std/path) - Deno: URLs containing
deno.landor starting withhttps:// - npm: Default for most other cases
- Explicit: You can override by passing
registryparameter
Registry Provider Selection
You can set a default registry provider via environment variable:
{
"mcpServers": {
"@registry/mcp": {
"command": "deno",
"args": ["run", "--allow-net", "--allow-env", "jsr:@registry/mcp/mcp"],
"env": {
"REGISTRY_MCP_PROVIDER": "npm"
}
}
}
}
Or override per-tool call by passing the registry parameter.
Response Format
All tools return responses in two formats:
- Formatted text - Human-readable with emojis and structure (for AI assistants to read)
- JSON - Structured data for programmatic use
Example:
š¦ NPM Results
Query: "lodash"
...
{
"query": "lodash",
"registry": "npm",
"packages": [...]
}
When to Use Each Tool
| Tool | Use Case |
|---|---|
search_packages |
General package search with auto-detection |
search_all_registries |
Find packages across all registries |
get_cdn_imports |
Get CDN URLs for browser/Deno usage |
check_vuln |
Security audit before installation |
check_bundle_size |
Performance planning |
analyze_dependency |
Understand package complexity |
dependency_tree |
See full dependency graph |
peer_deps |
Check required peer dependencies |
install / remove / update |
Generate package management commands |
ci |
Generate CI/CD commands |
detect_registry |
Identify package source |
search_cdn |
Find packages on CDN providers |
CLI Usage (Optional)
This package is primarily designed as an MCP server for AI assistants. The CLI is provided for convenience but has limited functionality compared to the MCP server.
Why npx doesn't work
npx @registry/mcp doesn't work because:
- This is a Deno package (TypeScript), not a Node.js/npm package
npxrequires packages to be published to npm with Node.js-compatible binaries- The package uses Deno-specific features and APIs
Using the CLI with Deno
Option 1: Direct Deno execution (Recommended)
deno run --allow-net --allow-env jsr:@registry/mcp/cli search lodash
deno run --allow-net --allow-env jsr:@registry/mcp/cli search-all express
deno run --allow-net --allow-env jsr:@registry/mcp/cli search-npm react
deno run --allow-net --allow-env jsr:@registry/mcp/cli search-jsr @std/encoding
deno run --allow-net --allow-env jsr:@registry/mcp/cli search-deno oak
deno run --allow-net --allow-env jsr:@registry/mcp/cli detect @std/path
Option 2: Install globally with Deno (Recommended for frequent use)
# Install once globally
deno install --allow-net --allow-env --name registry-mcp jsr:@registry/mcp/cli
# Then use directly from anywhere
registry-mcp search lodash
registry-mcp search-all express
registry-mcp search-npm react
registry-mcp search-jsr @std/encoding
registry-mcp search-deno oak
registry-mcp detect @std/path
Available CLI Commands:
search <query>- Auto-detect and search registrysearch-all <query>- Search all registriessearch-npm <query>- Search npm onlysearch-jsr <query>- Search JSR onlysearch-deno <query>- Search Deno onlydetect <package>- Detect registry for package
Note: For full functionality (CDN imports, vulnerability checking, bundle size, dependency analysis, etc.), use the MCP server instead of the CLI.
License
MIT
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Links
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.