npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@pangeacyber/mcp-proxy

v0.9.10

Published

Protect any MCP server from malicious entities and confidential PII.

Downloads

10,677

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ggallien.pangeaggallien.pangeacolin.fagancolin.faganpangeaprodpangeaprodkenankenan

Keywords

Readme

Pangea MCP proxy

Protect communications between a client and any MCP server. Now with 99% less prompt injection! The Pangea MCP proxy allows any MCP client to secure the messages it sends and receives to/from an MCP server, using the Pangea AI Guard service to guard tools' inputs and outputs.

What it does: protect users from common threat vectors by running all MCP I/O through Pangea AI Guard, which blocks:

  • Prompt injections (yes, even the ones wrapped in a riddle)
  • Malicious links, IPs, domains (via CrowdStrike, DomainTools, WhoisXML threat intel)
  • 50 types of confidential information and PII
  • 10 content filters, including toxicity, self harm, violence, and filtering by topic
  • Support for 104 spoken languages

Bonus: It stores your AI Guard token safely in Pangea Vault, with automatic rotation.

Extra bonus: Each request to AI Guard and its detection results are logged to your Secure Audit Log, giving you an immutable trail of activity for audits, debugging, and incident response.

Prerequisites

  • Node.js v22.15.0 or greater.
  • A Pangea API token with access to AI Guard. This token needs to be stored in Pangea Vault. See Service Tokens for documentation on how to create and manage Pangea API tokens.
  • A Pangea API token with access to Vault. This will be used to fetch the above token at runtime.

Usage

In an existing stdio-based MCP server configuration like the following:

{
  "mcpServers": {
    "qrcode": {
      "command": "npx",
      "args": ["-y", "@jwalsh/mcp-server-qrcode"]
    }
  }
}

Wrap the original command with npx -y @pangeacyber/mcp-proxy and add environment variables:

{
  "mcpServers": {
    "qrcode": {
      "command": "npx",
      "args": [
        "-y",
        "@pangeacyber/mcp-proxy",
        "--",
        "npx",
        "-y",
        "@jwalsh/mcp-server-qrcode"
      ],
      "env": {
        "PANGEA_VAULT_TOKEN": "pts_00000000000000000000000000000000",
        "PANGEA_VAULT_ITEM_ID": "pvi_00000000000000000000000000000000"
      }
    }
  }
}
  1. Update the PANGEA_VAULT_TOKEN value to the Pangea Vault API token.
  2. Update the PANGEA_VAULT_ITEM_ID value to the Vault item ID that contains the Pangea AI Guard API token.

For remote servers using HTTP or SSE, use mcp-remote to turn them into stdio servers:

{
  "mcpServers": {
    "proxied": {
      "command": "npx",
      "args": [
        "-y",
        "@pangeacyber/mcp-proxy",
        "--",
        "npx",
        "-y",
        "mcp-remote",
        "https://remote.mcp.server/sse"
      ],
      "env": {
        "PANGEA_VAULT_TOKEN": "pts_00000000000000000000000000000000",
        "PANGEA_VAULT_ITEM_ID": "pvi_00000000000000000000000000000000"
      }
    }
  }
}

App ID

To identify the calling app by ID in Pangea, set the APP_ID environment variable.

App name

To identify the calling app by name in Pangea, set the APP_NAME environment variable.

Custom Pangea base URL

To use a Pangea base URL other than the default https://{SERVICE_NAME}.aws.us.pangea.cloud, set the PANGEA_BASE_URL_TEMPLATE environment variable to a custom template (e.g. https://{SERVICE_NAME}.dev.pangea.cloud).