npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aiwerk/mcp-server-shopify

v0.1.1

Published

Shopify Admin GraphQL API MCP server by AIWerk - manage products, orders, customers, inventory, and more from your AI agent

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

agbergsmannagbergsmann

Keywords

mcpmcp-servershopifyecommerceadmin-apigraphqlproductsorderscustomersinventory

Readme

@aiwerk/mcp-server-shopify

Shopify Admin GraphQL API MCP server. Lets an AI agent read and write to a Shopify store: products, orders, customers, inventory, draft orders, collections, locations, metafields.

Built and signed by AIWerk. MIT licensed.

Status

v0.1.0 — under active development. Tool surface and credential flow may change before v1.0.

Install

npx -y @aiwerk/mcp-server-shopify

Authentication

This server uses the modern OAuth client_credentials grant (Shopify Dev Dashboard apps). Legacy shpat_* custom-app tokens are not supported.

Three environment variables:

| Env var | What | |---|---| | SHOPIFY_STORE_DOMAIN | Your store domain, e.g. your-store.myshopify.com | | SHOPIFY_CLIENT_ID | Client ID from your Shopify Dev Dashboard app | | SHOPIFY_CLIENT_SECRET | Client Secret from your Shopify Dev Dashboard app |

The server automatically exchanges the client credentials for an Admin API access token and refreshes the token before its 24h expiry. No manual token rotation.

Creating the Dev Dashboard app

  1. Sign in to Shopify Partner Dashboard, then open the Dev Dashboard.
  2. Apps → Create app → Start from Dev Dashboard. Name it (e.g. my-mcp-app).
  3. Versions tab → set the scopes you need (see below) → Release.
  4. Home tab → Install app → choose your store → Install.
  5. Settings tab → copy Client ID and Client Secret.

Scopes

The 12 scopes below cover the full v0.1 tool surface. Trim to a smaller set if you want a more restricted token (e.g. read-only orders).

read_products, write_products,
read_customers, write_customers,
read_orders, write_orders,
read_draft_orders, write_draft_orders,
read_inventory, write_inventory,
read_locations,
read_publications

Tools

v0.1 ships 28 tools across the Shopify Admin GraphQL API. See src/tools/ for the implementation; tool names are shown in tools/list after the server starts.

Protected customer data

Shopify gates access to customer-bearing objects (Customer, DraftOrder, plus customer { ... } selections inside Order) behind a separate approval. Apps not approved for protected customer data will see this error from the affected tools:

GraphQL error: This app is not approved to access the Customer object.
See https://shopify.dev/docs/apps/launch/protected-customer-data

The server returns this error verbatim to the AI client. Apply for protected-data approval at the link above if you need:

  • shopify_list_customers, _get_customer, _search_customers, _create_customer, _update_customer, _add_customer_note
  • shopify_create_draft_order, _complete_draft_order
  • shopify_get_order, _list_orders, _search_orders, _mark_order_paid, _cancel_order, _add_order_note (these may also be affected when the response includes customer fields)

Product, inventory, location, collection, metafield, and shop-info tools are unaffected.

API version

The server pins the Shopify GraphQL Admin API to 2026-04. Bumped quarterly per the Shopify release schedule.

Local development

npm install
npm run build

export SHOPIFY_STORE_DOMAIN=your-store.myshopify.com
export SHOPIFY_CLIENT_ID=YOUR_CLIENT_ID
export SHOPIFY_CLIENT_SECRET=YOUR_CLIENT_SECRET
node dist/src/server.js

Pull the secrets from your preferred secret store however you like. For example, with pass(1):

SHOPIFY_CLIENT_ID=$(pass show aiwerk/shopify-dev-client-id)
SHOPIFY_CLIENT_SECRET=$(pass show aiwerk/shopify-dev-client-secret)
export SHOPIFY_CLIENT_ID SHOPIFY_CLIENT_SECRET

Tests

npm test

Unit tests use mocked GraphQL responses and run with no external dependencies. There is no live integration harness in this repo — for now we smoke-test against an internal AIWerk dev store before publish.

Security

See SECURITY.md for credential handling, scope minimization, and disclosure policy.

License

MIT, see LICENSE.