npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@artinet/bash-mcp

v0.0.7

Published

A Model Context Protocol (MCP) server for executing bash commands.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

human01human01

Keywords

artinetagent2agentmodelcontextprotocolmcp

Readme

Website npm version npm downloads Apache License Known Vulnerabilities GitHub stars Discord

Bash MCP Server

A lightweight Model Context Protocol (MCP) server for executing bash commands in a persistent shell session. This implementation is based on Anthropic's BashTool20250124 and optimized for use with the InMemoryTransport.

Features

  • Persistent Sessions: Execute commands in a long-running bash session that maintains state
  • Security Controls: Built-in banned command list to prevent dangerous operations
  • Timeout Management: Configurable command timeout (default: 2 minutes)
  • Session Lifecycle: Start, stop, and restart sessions as needed
  • Error Handling: Captures both stdout and stderr with proper error reporting

Installation

npm install @artinet/bash-mcp

Usage

Commandline

npx @artinet/bash-mcp

Running with banned commands:

npx @artinet/bash-mcp git docker rm

As an MCP Server

import { BashServer } from "@artinet/bash-mcp";

const server = new BashServer();
// Server will register the 'bash' tool automatically

Programmatic Usage

import { BashSession } from "@artinet/bash-mcp";

const session = new BashSession();
await session.start();

// Execute commands
const result = await session.run('echo "Hello, World!"');
console.log(result.output); // "Hello, World!"

// Clean up
await session.stop();

Tool Reference

The server exposes a single tool: bash

Parameters

| Parameter | Type | Description | | --------- | ------- | -------------------------------------- | | command | string | The bash command to execute | | restart | boolean | Restart the session (clears all state) | | stop | boolean | Stop the current session |

Examples

// Execute a command
await server.bash({ command: "ls -la" });

// Set environment variable (persists in session)
await server.bash({ command: 'export MY_VAR="value"' });
await server.bash({ command: "echo $MY_VAR" }); // "value"

// Restart session (clears all state)
await server.bash({ restart: true });

// Stop session
await server.bash({ stop: true });

Security

For security and to mitigate prompt injection attacks, the following commands are banned:

Network Tools: curl, wget, nc, telnet, lynx, w3m, httpie
Text Editors: vim, nano, vi, emacs, code, atom, cursor
Privilege Escalation: sudo, su, doas
Dangerous Operations: rm -rf /, fork bombs, alias
Pagers: less

You can extend this list by passing additional banned commands to the constructor:

const server = new BashServer(
  { name: "bash-mcp-server", version: "1.0.0" },
  {},
  ["git", "docker"] // Additional banned commands
);

Configuration

Session Parameters

const session = new BashSession({
  command: "/bin/bash", // Shell to use
  output_delay: 200, // Delay before reading output (ms)
  timeout: 120000, // Command timeout (ms)
  sentinel: "<<exit>>", // Internal marker for command completion
});

Limitations

  • No Interactive Commands: Cannot handle vim, less, or password prompts
  • No GUI Applications: Command-line only
  • Output Limits: Large outputs may be truncated
  • No Streaming: Results returned only after command completion
  • Session Persistence: Sessions persist within the conversation but not between API calls

Development

Build

npm run build

Test

npm test

License

Apache-2.0

References