npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@iflow-mcp/nevermined-io-weather-mcp

v0.1.1

Published

[![banner](https://raw.githubusercontent.com/nevermined-io/assets/main/images/logo/banner_logo.png)](https://nevermined.io)

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

chatflowdevchatflowdevqystartqystart

Keywords

Readme

banner

Weather MCP (High-Level and Low-Level servers)

Minimal MCP server exposing a weather.today(city) tool, a weather://today/{city} resource and a weather.ensureCity prompt. Includes both a High-Level server (SDK McpServer + Streamable HTTP) and a Low-Level server (manual JSON‑RPC routing) to demonstrate Nevermined Payments integration.

About this demo

This repository is a reference/demo project used to test and validate the Model Context Protocol (MCP) integration inside Nevermined's TypeScript SDK @nevermined-io/payments. It showcases how to protect MCP tools, resources and prompts with the paywall, both in a High‑Level (SDK McpServer + Streamable HTTP) server and a Low‑Level JSON‑RPC server. It is intended for examples, local experimentation and integration tests, not as production‑ready code.

Requirements

  • Node.js >= 18
  • Yarn (Berry or Classic)

Install

yarn install

Develop

yarn dev

Build

yarn build

Start (built)

yarn start

Client demo (High-Level)

# default city Madrid
yarn client

# custom city
yarn client Paris
### Client demo (Low-Level)

```bash
# default city Madrid
yarn tsx src/client-low-level.ts

# custom city
yarn tsx src/client-low-level.ts Paris

### Nevermined auth

Client obtains an access token with its `NVM_API_KEY` and sends it as `Authorization: Bearer ...`. The server requires `Authorization` and performs a lightweight validation (custom JSON‑RPC error `-32003` if unauthorized).

Server env:

```bash
export NVM_SERVER_API_KEY=...     # Server key (builder/agent owner)
export NVM_AGENT_ID=weather-agent # Logical agent id used in validation (or your real ID)
export NVM_ENV=staging_sandbox    # optional
yarn dev

Client env:

export MCP_ENDPOINT=http://localhost:3000/mcp
export NVM_API_KEY=...            # Subscriber key
export NVM_PLAN_ID=...            # Plan that grants access
export NVM_AGENT_ID=...           # Agent id associated to the plan
yarn client Madrid

If auth is missing/invalid, the tool returns a JSON‑RPC error with code -32003.

Low-Level client env:

export MCP_LOW_ENDPOINT=http://localhost:3000/mcp-low
export NVM_API_KEY=...
yarn tsx src/client-low-level.ts Madrid

MCP Inspector (over HTTP)

yarn inspector

This runs yarn dlx @modelcontextprotocol/inspector connect http://localhost:3000/mcp.

Environment

  • PORT (default 3000)
  • ALLOWED_HOSTS for DNS-rebind protection (default 127.0.0.1,localhost)

Endpoints (High-Level)

  • POST /mcp — JSON-RPC requests (initialize handled here; server-side sessions)
  • GET /mcp — SSE stream for server notifications
  • DELETE /mcp — session termination
  • GET /healthz — simple health check

Endpoints (Low-Level)

  • POST /mcp-low — Minimal JSON-RPC with manual routing and Authorization header passthrough
  • GET /healthz-low — simple health check

Acceptance checklist

  • List Tools shows weather.today
  • Calling weather.today with { "city": "Madrid" } returns a text summary and a resource_link to weather://today/Madrid
  • Reading that resource returns JSON with the TodayWeather fields

Notes

  • DNS-rebind protection is enabled; ALLOWED_HOSTS defaults to 127.0.0.1,localhost and their :PORT variants.
  • Inspector requests do not include Authorization headers; use the client demo for auth tests.

Tutorial: Protecting an MCP server with Nevermined (Paywall + Credits Burn)

This guide shows how to protect your MCP tools with Nevermined so that only subscribed users can access them, and how to burn credits after each call.

1) Install and configure

yarn add @nevermined-io/payments

Server environment:

export NVM_API_KEY=...            # Builder/agent owner API key
export NVM_AGENT_ID=did:nv:...    # Your agent id registered in Nevermined
export NVM_ENV=staging_sandbox    # or production

Client (subscriber) will use its own NVM_API_KEY to obtain an access token and send it as Authorization: Bearer ....

2) Initialize Nevermined in your MCP server

import { Payments } from '@nevermined-io/payments'

const nvmApiKey = process.env.NVM_API_KEY!
const environment = process.env.NVM_ENV || 'staging_sandbox'
const payments = Payments.getInstance({ nvmApiKey, environment })

// Configure paywall defaults once
payments.mcp.configure({ agentId: process.env.NVM_AGENT_ID!, serverName: 'my-mcp' })

3) Wrap your tool handler with the paywall (works in both servers)

// Your original tool handler
async function myHandler(args: any) {
  // ... your logic
  return { content: [{ type: 'text', text: 'Hello World' }] }
}

// Protect it with paywall (single call). Burn 1 credit per call
const protectedHandler = payments.mcp.withPaywall(myHandler, { credits: 1n })

// High-Level
server.registerTool('my.namespace.tool', { inputSchema: { /* zod */ } }, protectedHandler)

// Low-Level
const tools = new Map([[ 'my.namespace.tool', protectedHandler ]])

What the paywall does:

  • Extracts Authorization from the MCP HTTP headers automatically.
  • Validates access with Nevermined (startProcessingRequest).
  • If unauthorized, responds with a JSON‑RPC error -32003 (and suggests plans when possible).
  • Runs your handler.
  • Burns credits via redeemCreditsFromRequest based on the credits option.

4) Client side

Use the Nevermined client to obtain an access token and pass it as Authorization to your MCP transport.

import { Payments } from '@nevermined-io/payments'
import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js'

const subsPayments = Payments.getInstance({ nvmApiKey: process.env.NVM_API_KEY!, environment: 'staging_sandbox' })
const { accessToken } = await subsPayments.agents.getAgentAccessToken(process.env.NVM_PLAN_ID!, process.env.NVM_AGENT_ID!)

const transport = new StreamableHTTPClientTransport(new URL('http://localhost:3000/mcp'), {
  requestInit: { headers: { Authorization: `Bearer ${accessToken}` } },
})

5) Error semantics

  • Missing token → JSON‑RPC -32003 (“Authorization required”).
  • Invalid/not subscribed → JSON‑RPC -32003 (“Payment required”, optionally with plan suggestions).
  • Network/other errors → JSON‑RPC -32002.

6) Advanced

  • Customize credits to a function that receives a context { args, result, request } and returns a bigint.
  • Use payments.mcp.decorateTool to register and protect in one step.

Example: dynamic credits and resource burning

  • Dynamic credits on tool calls (e.g., random 1..10 credits per call):
const handler = payments.mcp.withPaywall(myHandler, {
  credits: () => BigInt(1 + Math.floor(Math.random() * 10)),
})
  • Burn 1 credit for resource reads (weather-today):
server.registerResource(
  'weather-today',
  new ResourceTemplate('weather://today/{city}', { list: undefined }),
  { title: "Today's Weather Resource", mimeType: 'application/json' },
  async (uri, { city }, extra) => {
    const headers = extra?.requestInfo?.headers ?? {}
    const raw = headers['authorization'] ?? headers['Authorization']
    const authHeader = Array.isArray(raw) ? raw[0] : raw
    if (!authHeader) throw { code: -32003, message: 'Authorization required' }
    const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7).trim() : authHeader
    const logicalUrl = `mcp://weather-mcp/resources/weather-today?city=${encodeURIComponent(String(city))}`
    const agentId = process.env.NVM_AGENT_ID!

    const start = await payments.requests.startProcessingRequest(agentId, token, logicalUrl, 'GET')
    if (!start?.balance?.isSubscriber) throw { code: -32003, message: 'Payment required' }

    const weather = await getTodayWeather(String(city))
    await payments.requests.redeemCreditsFromRequest(start.agentRequestId, token, 1n)
    return { contents: [{ uri: uri.href, mimeType: 'application/json', text: JSON.stringify(weather) }] }
  }
)