npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@kajaril/sovereignty-scan-mcp

v0.2.0

Published

MCP server for EU AI Act vendor sovereignty scanning. MIT-licensed free tier.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kajarilkajaril

Keywords

mcpeu-ai-actsovereigntycloudflare-workersgdprcompliance

Readme

@kajaril/sovereignty-scan-mcp

MCP server for EU AI Act vendor sovereignty scanning. MIT-licensed free tier.

npm npm downloads License: MIT

Know where your stack processes data before the enforcer does. Covers 55 providers across 12 categories.

Install

1. Get a free API key

curl -s -X POST https://sovereignty-scan.kajaril.com/register \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]"}' | jq .api_key

Save the returned key — it cannot be recovered.

2. Add to claude_desktop_config.json

{
  "mcpServers": {
    "sovereignty-scan": {
      "type": "http",
      "url": "https://sovereignty-scan.kajaril.com/mcp",
      "headers": {
        "Authorization": "Bearer ks_free_YOUR_KEY"
      }
    }
  }
}

Restart Claude Desktop.

Client compatibility

| Client | Status | |--------|--------| | Claude Desktop | ✓ Supported | | Cursor / Windsurf | ✓ Supported (HTTP MCP) | | claude.ai web | ✗ Not supported (no HTTP MCP) |

Quick test

Verify the endpoint is live:

curl -s https://sovereignty-scan.kajaril.com/health | jq .

Call a tool with your key:

curl -s -X POST https://sovereignty-scan.kajaril.com/mcp \
  -H "Authorization: Bearer ks_free_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"scan_provider","arguments":{"name":"cloudflare"}}}' \
  | jq .

Tools

scan_provider — Full jurisdictional profile for a single vendor: headquarters country, data residency regions, EU residency option, US CLOUD Act exposure, GDPR DPA availability, and legal framework.

  • name — string, case-insensitive

Example response:

{
  "name": "Cloudflare",
  "hq_country": "US",
  "data_residency_regions": ["US", "EU", "APAC"],
  "eu_residency_option": true,
  "us_cloud_act_subject": true,
  "gdpr_dpa_available": true,
  "legal_framework": "GDPR+SCC"
}

scan_stack — Aggregate jurisdictional summary for a list of vendors: CLOUD Act exposure count, EU residency coverage, missing DPAs. Maximum 50 providers per call.

  • providers — string[], max 50

list_providers — List all tracked providers. Optional category filter.

  • category? — AI · Hosting · Database · Auth · Analytics · Observability · CI/CD · Communications · Payments · Search · Sandbox · Cache

get_us_cloud_act_providers — All providers subject to US CLOUD Act compelled disclosure (18 U.S.C. § 2713). No parameters.

suggest_eu_alternatives — EU/EEA/UK/CH-based alternatives in the same category as a given provider. Deterministic ordering: EU/EEA first, then UK/CH. Capped at 10.

  • provider_name — string, case-insensitive

Pricing

| | Free | Paid | |---|---|---| | Price | — | €39–149 / mo | | License | MIT | Subscription | | Status | Live | Coming soon | | Output | Jurisdiction, residency, legal framework, CLOUD Act | + Proprietary risk score + Remediation guidance | | Auth | API key (free registration) | API key | | Rate limit | 100 req / day / IP | Extended |

Paid tier notifications: [email protected]

Self-hosting

Requires a Cloudflare account (Workers + D1 + KV).

1. Clone and install

git clone https://github.com/kajaril/sovereignty-scan-mcp
cd sovereignty-scan-mcp
npm install

2. Create infrastructure

npx wrangler d1 create sovereignty-db-free
npx wrangler kv namespace create CACHE_KV
npx wrangler kv namespace create KEYS_KV
npx wrangler rate-limit:namespace create RATE_LIMITER
npx wrangler rate-limit:namespace create BURST_LIMITER

Copy the IDs printed by each command into wrangler.jsonc under d1_databases, kv_namespaces, and unsafe.bindings.

3. Apply schema and seed data

npx wrangler d1 execute sovereignty-db-free --remote --file=migrations/0001_providers.sql
node --input-type=module -e "
  import { generateSeedSQL } from './src/seed.js';
  process.stdout.write(generateSeedSQL());
" | npx wrangler d1 execute sovereignty-db-free --remote --command=-

4. Deploy

npx wrangler deploy

The custom domain (sovereignty-scan.kajaril.com) in the default config is owned by kajaril — remove or replace the routes entry with your own domain or use the default *.workers.dev URL.

Health

GET https://sovereignty-scan.kajaril.com/health

Returns a structured payload (HTTP 200):

{
  "status": "ok",
  "provider_count": 55,
  "anthropic_path_count": 3,
  "last_kv_refresh": "2026-05-11T00:00:00.000Z",
  "cache_age_seconds": 86400,
  "schema_version": "0001"
}

status is "ok" when D1 is reachable, "degraded" otherwise. cache_age_seconds is null if the KV cache has never been warmed.

License

MIT — see LICENSE.