Fetch npm package details to support TypeScript development and dependency decisions.
The provided materials are sparse, but the tool is described as only providing npm package information and does not declare any required secrets or specific remote endpoints. The main concerns are its local code-execution nature as an MCP server and its low-trust supply profile: third-party registry source, zero stars, and unknown maintenance status, so the overall posture is caution.
The materials explicitly state that no keys or environment variables are required, and there is no request for tokens, API keys, or account credentials, so credential exposure appears limited.
Although no remote endpoint is declared in the metadata, the stated function—providing npm package information—typically implies access to the npm registry or related public sources for package metadata. The materials do not specify actual destinations or transmitted content, so network egress lacks transparency and warrants caution.
The system checks indicate that this tool executes code; as an MCP server, it typically runs as a local process and handles requests. This is an inherent property of this class of tool, and while no extra privilege requests or obvious overreach are shown in the materials, it still merits caution.
The description does not specify what local files or data it may read or write; based on its MCP server nature, it will at least receive query inputs from the host/agent. No explicit overbroad authorization is stated, but the data-access boundary is unclear from the materials.
A positive factor is that there is a public open-source repository, which provides some auditability. However, it comes from a third-party registry, has no declared license, zero GitHub stars, unknown maintenance status, and no README, which limits confidence in maturity and auditability. There is no direct malicious red flag, but supply-chain trust is only moderate.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "@kongyo2/npm-info-mcp-server" yet — see the docs or source repo.
Please look up the npm package axios and return its latest version, description, license, repository URL, and publish time for quick evaluation in a TypeScript project.
A concise summary of the package’s key metadata to help decide whether to use it.
Compare the npm packages zod and yup, covering version activity, TypeScript support, common use cases, and selection advice for a TypeScript backend project.
A structured comparison that helps a developer choose between the two packages.
Check the version information and release history of react-router-dom to help determine whether my project error is related to upgrading to the latest major version.
Version history and key change clues to help identify compatibility issues caused by dependency upgrades.
Search npm packages, audit dependencies, and compare package details and size.
Access live NPM package data for version checks and dependency risk reviews.
Inspect npm packages, run security audits, and analyze dependencies and risks.
Search npm packages, metadata, and READMEs to evaluate dependencies quickly.
Search, analyze, and manage packages across npm, JSR, Deno, and CDNs.
Build TypeScript MCP servers quickly with starter tools and resource examples.