npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@parrotit/mcp-responder

v0.4.0

Published

Local MCP server that lets a responder's AI client (Claude, openclaw.ai, Cursor) read from and save to their ParrotIt vault on demand. ParrotIt the company never sees plaintext.

Readme

@parrotit/mcp-responder

A local MCP server that lets your AI client (Claude Desktop, Claude Code, Cursor, openclaw.ai, …) read from and save to your ParrotIt vault on demand — so you never paste the same details into another form again.

It runs entirely on your machine, talks to the AI client over stdio, and decrypts your vault values locally with a key held in your OS keychain. ParrotIt's servers only ever hold ciphertext + the names of your attributes — never your values.

Read this first — the trust boundary

  • Your AI client (and its provider) sees whatever it reads. When the AI pulls your email or address to fill a form, that value goes to your AI provider (Anthropic, OpenAI, …). That is your informed choice when you connect an AI.
  • ParrotIt never sees your values. Only this connector, on your device, can decrypt them.
  • Every read and save is logged. Open the ParrotIt app → AI activity to see a sentence per action and disconnect any AI at any time.
  • That log is only as honest as this connector. It is recorded by the official @parrotit/mcp-responder binary; a different program could read a plain export of your data without appearing in it. Install this from npm, not a fork you don't trust.
  • Some data is never released to a headless AI: special-category data (e.g. health) and government identifiers (NI / NHS / passport / driving licence / UTR / right-to-work) are refused for reads, and refused for saves.
  • Disconnecting stops future access, not past reads. Anything already read is in your AI client's context and cannot be un-sent.

Install & connect

npm install -g @parrotit/mcp-responder
parrotit-mcp-responder pair

pair enrols this connector as a linked ParrotIt device: it generates its own keys, opens a pairing session, and prints a 6-digit safety code. In the ParrotIt app, go to My Devices → add a device and enter the code to approve it. The connector then unwraps your vault key, stores its credentials in your OS keychain, and prints the config snippet below.

Add it to your AI client config (e.g. Claude Desktop's claude_desktop_config.json):

{
  "mcpServers": {
    "parrotit": {
      "command": "npx",
      "args": ["-y", "@parrotit/mcp-responder"],
      "env": { "PARROTIT_CLIENT_FAMILY": "claude-desktop" }
    }
  }
}

Restart the client. The tools appear under the parrotit server.

Connectors are read-only by default. To let an AI save details, turn on "Allow saving" for it under AI activity in the ParrotIt app.

Tools

| Tool | Purpose | |-------------|-------------------------------------------------------------------------------------------| | get | Fetch one canonical-key value (e.g. contact.applicant.email). Requires a purpose. | | get_many | Fetch several values in one call; partial success allowed. Requires a purpose. | | list_keys | Return canonical keys + labels + sensitivity tiers — never values. | | search | Match a free-text description (e.g. "home address") to ranked canonical-key candidates. | | save | Save a NEW detail the user stated about themselves. Result is metadata only; most saves land pending until the user confirms them in the app. |

Reads and saves each write exactly one entry to your AI activity log. The save result never echoes the value back.

Sensitivity tiers

Mirrors the ParrotIt catalogue.

| Tier | Class | Examples | Read | Save | |------|------------------|-------------------------------------------|------------------------------|-------------------------------| | 1 | Public | Name, email, phone | Served | A tiny allowlist auto-saves; rest pending | | 2 | Private | Date of birth, address | Served | Pending-confirm-in-app | | 3 | Regulated | Income, bank details | Served, flagged | Pending; gov IDs refused | | 4 | Special category | Health conditions, medications | Refused (headless) | Refused |

Configuration (env)

| Variable | Default | Purpose | |--------------------------------|-----------------------------------------------------------|--------------------------------------| | PARROTIT_CLIENT_FAMILY | unknown | Which AI client — shown in your log. | | PARROTIT_API_BASE_URL | https://europe-west2-tut-blog.cloudfunctions.net/api | ParrotIt API base. | | PARROTIT_KEYCHAIN_SERVICE | parrotit-mcp-responder | OS keychain service name. |

Privacy invariants

  1. ParrotIt operators cannot read your vault — values are decrypted only here, on your device.
  2. You can see every read and save — the AI activity log in the app.
  3. You can revoke — disconnect a connector in the app; it loses access on its next token mint and within the token TTL at the latest. Past reads cannot be retracted.
  4. No login — your identity is anchored in your enrolled devices; this connector is one of them.