npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@hellocrossman/mcp-sdk

v0.4.2

Published

Turn your Express API into an MCP server with zero configuration. Auto-discovers routes, database tables, and generates AI-enhanced tools.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hellocrossmanhellocrossman

Keywords

mcpmodel-context-protocolexpressaitoolsclaudechatgptcursorapisdkdatabaseauto-discovery

Readme

@hellocrossman/mcp-sdk

Turn your Express API into an MCP server with zero configuration.

Auto-discovers your routes, database tables, and generates AI-enhanced tools so your customers can access your business data through AI assistants (Claude, ChatGPT, Cursor).

Install

npm install @hellocrossman/mcp-sdk

Zero-Config Setup

npx @hellocrossman/mcp-sdk init

This automatically finds your Express app file, adds the MCP setup, and you're done. Restart your app and visit /mcp to see your tools.

Manual Setup

import express from 'express';
import { createMcpServer } from '@hellocrossman/mcp-sdk';

const app = express();

// Your existing routes
app.get('/api/customers', (req, res) => { /* ... */ });
app.post('/api/orders', (req, res) => { /* ... */ });

// Add MCP in one line
createMcpServer({ app });

app.listen(3000);

What Gets Discovered

The SDK automatically finds and exposes:

Express Routes

Every API route becomes a callable tool:

| HTTP Method | Tool Name Example | Description | |---|---|---| | GET | get_customers_by_id | Fetches a record by ID | | POST | create_orders | Creates a new record | | PUT/PATCH | update_orders_by_id | Updates a record | | DELETE | delete_orders_by_id | Deletes a record |

Database Tables

If DATABASE_URL is in your environment (PostgreSQL), the SDK auto-discovers every table and generates tools:

  • list_<table> -- Query all records with filtering and pagination
  • get_<table>_by_id -- Fetch a single record by primary key

No extra configuration needed. The SDK detects the database connection from your environment variables automatically.

Smart Security

Sensitive tables are auto-hidden by default:

  • users, accounts, sessions, tokens, passwords, api_keys, migrations

Sensitive columns are redacted in query results:

  • password, password_hash, secret, api_key, access_token, credit_card

AI-Enhanced Descriptions

Tool names and descriptions are automatically enriched by AI to be clear and business-oriented. Instead of list_scans, you get browse_scan_history with a description like "Retrieve all scan records to review analysis results and status."

Discovery Report

On startup, you'll see a clean summary in your console:

[mcp-sdk] ---- Discovery Report ----
[mcp-sdk] Express routes: 4 found, 4 tools generated
[mcp-sdk]   + create_scans (POST /api/scans)
[mcp-sdk]   + get_scan_details (GET /api/scans/:id)
[mcp-sdk] Database: 8 tables found, 12 tools generated
[mcp-sdk]   + list_roadmap_items (DB_QUERY)
[mcp-sdk]   + get_feature_details (DB_QUERY)
[mcp-sdk] Auto-hidden (sensitive): users, sessions
[mcp-sdk] AI enrichment: applied
[mcp-sdk] Total tools: 16
[mcp-sdk] ----------------------------

Options

createMcpServer({
  app,                              // Your Express app (required)
  path: '/mcp',                     // MCP endpoint path (default: '/mcp')
  name: 'my-app',                   // Server name shown to AI clients
  version: '1.0.0',                 // Server version
  description: 'My MCP server',     // Server description
  routePrefix: '/api',              // Only expose routes starting with this
  excludeRoutes: ['/api/admin/*'],  // Hide specific routes (supports wildcards)
  
  // Database options
  database: true,                   // Auto-detect database (default: true)
  excludeTables: ['internal_logs'], // Hide specific tables
  includeTables: ['products'],      // Only expose these tables (overrides exclude)
  includeWrites: false,             // Generate create tools for tables (default: false)
  
  // AI enrichment
  enrichment: true,                 // Auto-enrich tool descriptions (default: true)
});

Controlling What's Exposed

Hide specific tables:

createMcpServer({ app, excludeTables: ['internal_logs', 'analytics'] });

Only expose specific tables:

createMcpServer({ app, includeTables: ['products', 'orders'] });

Enable write operations:

createMcpServer({ app, includeWrites: true });

Disable database discovery:

createMcpServer({ app, database: false });

Security

  • Only routes matching routePrefix are exposed (default: /api)
  • Sensitive tables are auto-hidden (users, sessions, tokens, migrations, etc.)
  • Sensitive columns are redacted in all query results
  • Database tools are read-only by default (opt-in for writes)
  • Route-based tools go through your existing Express middleware (auth, rate limiting, validation)
  • Use excludeRoutes and excludeTables for additional control

Connecting AI Clients

Claude Desktop:

{
  "mcpServers": {
    "my-app": {
      "url": "https://yourapp.com/mcp"
    }
  }
}

Cursor: Add the MCP server URL in Cursor settings under MCP Servers.

Requirements

  • Node.js >= 18
  • Express >= 4
  • Zod >= 3
  • pg >= 8 (optional, for database discovery)

License

MIT