npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@codesherlock/codesherlock-alpha-mcp-server

v0.0.28

Published

A TypeScript-based Model Context Protocol (MCP) server

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

shreyansh_04shreyansh_04codesherlockaicodesherlockai

Keywords

mcpmodel-context-protocoltypescriptai

Readme

CodeSherlock MCP Server - Setup & Usage Guide

Key Features:

  • Analyze uncommitted changes (staged and unstaged files)
  • Analyze committed changes (from your latest commit)
  • Perform security analysis using OWASP Top 10 and CWE frameworks
  • Integration with AI assistants like Claude Desktop, Cline, and other MCP-compatible tools

Prerequisites

Before you begin, ensure you have:

  • Node.js (version [INSERT VERSION HERE]) and npm installed on your system
  • A Git repository with code you want to analyze
  • An AI coding assistant that supports MCP (e.g., Claude Desktop, Cline, or similar)

The CodeSherlock MCP Server is available on the npm registry and can be used directly with npx.

Step 1: Get Your API Key

CodeSherlock requires an API key to analyze your code. This API Key is used to authenticate your requests to the CodeSherlock API.

Obtaining Your API Key

  1. Visit the CodeSherlock API Key page: https://codesherlock.ai/mcp-api-key
  2. Sign in or create an account if you haven't already
  3. Generate a new API key
  4. Copy and store your API key securely - you'll need to provide it when prompted

Important Security Notes

  • Never share your API key with others
  • Never commit your API key to version control
  • Store it in a secure location (password manager recommended)
  • If your key is compromised, regenerate it immediately from the CodeSherlock dashboard

Step 2: Configure Your AI Assistant

You need to add the CodeSherlock MCP Server configuration to your AI assistant's settings. Below given are the documentation links for popular AI assistants to setup MCP server:

The general pattern is to specify:

  • Command: npx
  • Args: [-y, codesherlock-mcp-server]
  • Server Name: codesherlock

MCP Configuration JSON:

{
  "mcpServers": {
    "codesherlock": {
      "name": "CodeSherlock alpha MCP Server",
      "description": "CodeSherlock delivers deep code analysis and exposes MCP tools for commit analysis and uncommit analysis.",
      "command": "npx",
      "args": ["-y", "@codesherlock/codesherlock-alpha-mcp-server"],
      "env": {
        "CODESHERLOCK_API_KEY": "your-api-key-here"
      }
    }
  }
}

After adding the configuration, restart your AI assistant to load the MCP server.

Step 3: Using CodeSherlock with Your AI Assistant

Once configured, you can start using CodeSherlock by prompting your AI assistant. The assistant will automatically invoke the MCP server tools to perform code analysis.

Analysis Types

CodeSherlock supports three analysis factors:

| Factor | Description | |--------|-------------| | power analysis | A A full-spectrum scan that covers the most essential and critical issues | | owasp | Security analysis based on OWASP Top 10 vulnerabilities | | cwe | Analyzes code against Common Weakness Enumeration (CWE) framework |

Example Prompts

Here are practical examples of how to prompt your AI assistant to perform code analysis:

"Review my uncommitted changes using CodeSherlock"
"Use CodeSherlock to check my uncommitted code for CWE vulnerabilities"
"Analyze my latest commit for OWASP vulnerabilities using CodeSherlock"
"Check the last commit in my current repo for CWE issues with CodeSherlock"

Understanding the Results

When Analysis Completes

The AI assistant will present the analysis results in a readable format, typically including:

  • Number of issues found
  • Severity levels (Critical, High, Medium, Low)
  • Issue categories
  • Affected files and line numbers
  • Descriptions and recommendations for each issue

Troubleshooting

Common Issues

"Server not found" or "MCP server failed to start"

Solution:

  • Verify the configuration file path is correct
  • Check that Node.js and npm are properly installed

"Authentication failed" or "Invalid API key"

Solution:

  • Verify your API key is correctly added to the configuration
  • Check for any extra spaces or characters in the API key
  • Regenerate your API key from the CodeSherlock dashboard
  • Ensure you've restarted your AI assistant after adding the key

"Not a Git repository"

Solution:

  • Ensure you're analyzing a directory that contains a .git folder
  • Initialize a Git repository if needed: git init

"No changes to analyze"

Solution:

  • For uncommitted analysis: Make sure you have modified files
  • For commit analysis: Verify the commit exists using git log
  • Check that you're in the correct Git repository

Analysis takes too long or times out

Solution:

  • Start with analyzing specific files or smaller changesets
  • Check your internet connection
  • Break large changes into smaller commits for analysis

Best Practices

1. Integrate into Your Workflow

  • Before committing: Analyze uncommitted changes to catch issues early
  • After committing: Review commits before pushing to remote
  • During code review: Use analysis results to supplement manual reviews

2. Choose the Right Analysis Factor

  • Use OWASP Best for web applications and APIs; focuses on the OWASP Top 10 and other common web security risks.
  • Use CWE Ideal when you need deeper, classification-based coverage of software weaknesses across all domains.
  • Use Power Analysis A broad, high-coverage analysis designed to catch the most essential and critical issues across any type of project (web, mobile, backend, etc.)

3. Act on Results

  • Prioritize Critical and High severity issues immediately
  • Create tickets for Medium severity issues
  • Document Low severity issues for future refactoring

Getting Help

If you face any issues, please send us a mail at [email protected]. We will help you resolve the issue as soon as possible.