npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@jbctechsolutions/mcp-google-workspace

v0.1.0

Published

MCP server for Google Workspace — Gmail read + label tools (v0.1). OAuth client credentials are resolved from 1Password at runtime and the refresh token is stored 0600 outside the repo; nothing is ever logged.

Readme

@jbctechsolutions/mcp-google-workspace

License: MIT

MCP server for Google Workspace — a Gmail read + label slice (v0.1): search messages, read them, list/download attachments, list labels, and add/remove labels.

A Model Context Protocol (MCP) server that exposes 6 tools over the Gmail API. No send, no delete, no draft — by design. When write tools arrive later they will use mcp-office365's prepare_/confirm_ two-phase naming.

Tools

| Tool | Description | |------|-------------| | search_emails | Search with a Gmail query; returns from/subject/date/labels/snippet per hit | | get_email | One message by ID: headers, decoded text/HTML body, attachment metadata | | list_attachments | Attachment metadata (filename, mime, size, attachment ID) for a message | | download_attachment | Save one attachment to an absolute path (guarded — see below) | | list_labels | All labels (system + user) with IDs and message counts | | modify_email_labels | Add and/or remove labels on a message (the only write in v0.1) |

download_attachment guardrails: absolute path required, never overwrites (including symlinks), 32MB cap (matches Mercury's attachment limit), verifies the downloaded bytes match the output file's extension (%PDF, PNG/JPG/GIF/HEIC signatures), and refuses executable/script extensions.

Authentication

Auth uses a Google Cloud Internal OAuth app (no verification, no CASA, no 7-day refresh-token expiry — those only apply to External apps) with the single scope https://www.googleapis.com/auth/gmail.modify (covers read, attachment download, and label changes; not permanent delete, not send).

One-time setup (operator)

  1. GCP project + API. Use the jbc-tech-solutions project (org joelbcastillo.com, which contains the jbc.dev domain). The Gmail API is already enabled there (enabled 2026-07-07). If starting fresh elsewhere: APIs & Services → Library → Gmail API → Enable.

  2. OAuth consent screen. APIs & Services → OAuth consent screen → User type: Internal → fill app name/support email → add the scope .../auth/gmail.modify → Save.

  3. OAuth client. APIs & Services → Credentials → Create Credentials → OAuth client ID → Application type Desktop app → Create. Copy the Client ID and Client secret.

  4. 1Password item. Create an item named Google Workspace MCP OAuth in the jbctechsolutions.1password.com account with:

    • the Client ID in a field labelled username
    • the Client secret in a field labelled credential
  5. Sign in once. With the 1Password CLI signed in (op signin --account jbctechsolutions.1password.com), run:

    mcp-google-workspace auth        # opens a browser to grant access
    mcp-google-workspace auth --status
    mcp-google-workspace auth --logout

    The refresh token is written 0600 to ~/.config/mcp-google-workspace/token.json — outside any repo. The client id/secret are re-resolved from 1Password on each run and are never stored in that file. googleapis auto-refreshes access tokens from the refresh token; if Google ever returns invalid_grant, re-run mcp-google-workspace auth.

1Password item contract

| Field label | Holds | |-------------|-------| | username | OAuth Client ID | | credential | OAuth Client secret |

(Item name and field labels are overridable — see the env table.)

Environment overrides

| Variable | Default | Purpose | |----------|---------|---------| | GOOGLE_WS_CLIENT_ID | — | Bypass 1Password for the client id (tests/CI) | | GOOGLE_WS_CLIENT_SECRET | — | Bypass 1Password for the client secret (tests/CI) | | GOOGLE_WS_OP_ACCOUNT | jbctechsolutions.1password.com | 1Password account | | GOOGLE_WS_OP_ITEM | Google Workspace MCP OAuth | 1Password item name | | GOOGLE_WS_OP_CLIENT_ID_FIELD | username | Field label for the client id | | GOOGLE_WS_OP_CLIENT_SECRET_FIELD | credential | Field label for the client secret | | GOOGLE_WS_TOKEN_PATH | ~/.config/mcp-google-workspace/token.json | Refresh-token file (0600, outside any repo) |

Both GOOGLE_WS_CLIENT_ID and GOOGLE_WS_CLIENT_SECRET must be set to skip 1Password; setting only one falls back to 1Password.

Quick start

npm install
npm run build
mcp-google-workspace auth   # once, after the GCP + 1Password setup above

Claude Code / Claude Desktop configuration

{
  "mcpServers": {
    "google-workspace": {
      "command": "node",
      "args": ["/path/to/mcp-google-workspace/dist/index.js"]
    }
  }
}

(Once published: npx -y @jbctechsolutions/mcp-google-workspace. npm publish and Claude-plugin packaging follow mcp-office365's pattern when the server matures — deferred.)

The 1Password CLI must be installed and signed in to the jbctechsolutions account for client-credential resolution to work, and mcp-google-workspace auth must have been run once.

Development

npm test          # vitest unit tests (all network/1Password/fs mocked)
npm run typecheck # tsc --noEmit
npm run build     # compile to dist/

License

MIT © JBC Tech Solutions, LLC