npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@database-mcp/mariadb

v0.4.1

Published

MCP server for MariaDB with read-only guardrails, row caps, and statement timeouts

Readme

@database-mcp/mariadb

npm CI License: MIT

MCP server giving AI clients safe, structured access to a MariaDB database. Two tools, guardrails on by default. MariaDB is MySQL wire-compatible, so this is a thin package over the @database-mcp/mysql adapter with MariaDB-flavored configuration.

Quick start (Claude Desktop / Claude Code / Cursor)

{
  "mcpServers": {
    "mariadb": {
      "command": "npx",
      "args": ["-y", "@database-mcp/mariadb"],
      "env": {
        "MARIADB_HOST": "127.0.0.1",
        "MARIADB_USER": "readonly_user",
        "MARIADB_PASSWORD": "your-password",
        "MARIADB_DATABASE": "mydb"
      }
    }
  }
}

Configuration

Use whichever method fits your setup. When methods are combined, flags win over the YAML file, and the YAML file wins over environment variables.

Environment variables

MARIADB_HOST, MARIADB_PORT, MARIADB_USER, MARIADB_PASSWORD, MARIADB_DATABASE, as in the quick start above.

Mounted secret file (Docker, Kubernetes)

Keeps the password out of the environment and out of every config file. Point MARIADB_PASSWORD_FILE at a file that contains only the password:

"env": {
  "MARIADB_HOST": "127.0.0.1",
  "MARIADB_USER": "readonly_user",
  "MARIADB_PASSWORD_FILE": "/run/secrets/mariadb_password",
  "MARIADB_DATABASE": "mydb"
}

YAML config file

Keeps the client entry down to two lines. Pass an absolute path, since the working directory at launch is unpredictable:

"args": ["-y", "@database-mcp/mariadb", "--config", "/absolute/path/database-mcp.yaml"]
# /absolute/path/database-mcp.yaml
connection:
  host: 127.0.0.1
  port: 3306
  user: readonly_user
  password: ${MARIADB_PASSWORD} # expanded from the environment at load time
  # or read it from a mounted file instead:
  # password_file: /run/secrets/mariadb_password
  database: mydb

guardrails:
  readOnly: true
  maxRows: 1000
  queryTimeoutMs: 30000

Never write a literal password into the YAML file. Use ${VAR} expansion or password_file as shown.

Connection string

"args": ["-y", "@database-mcp/mariadb", "--dsn", "mysql://[email protected]:3306/mydb"]

MariaDB uses the MySQL URI scheme. Putting the password inside the DSN works but is discouraged. If you do it anyway, the server redacts it from any log output.

Checking the result

Run the server with --print-config to see exactly what it resolved. The password always prints as ***.

Tools

  • execute_sql { sql } runs a single SQL statement.
  • search_objects { table? } lists tables, or describes one (columns, indexes, foreign keys).

Guardrails (defaults)

| Guardrail | Default | Override | | ------------- | -------- | ----------------------------------------- | | Read-only | on | --allow-write / ALLOW_WRITE | | Row cap | 1000 | --max-rows / MAX_ROWS | | Query timeout | 30000 ms | --query-timeout-ms / QUERY_TIMEOUT_MS |

Read-only is enforced in two layers: a conservative SQL guard, plus SET SESSION TRANSACTION READ ONLY on every pooled connection.

Part of database-mcp

One package per engine, identical tool contract, shared conformance suite: github.com/arifulislamat/database-mcp

License

MIT