npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@patternstack/mcp

v2.7.0

Published

Tells your AI when the ecosystem shifts under your repo — watches dependencies for deprecations, quiet decay, and breaking majors, pushed into agent context via MCP

Readme

@patternstack/mcp

PatternStack MCP Server — tells your AI when the ecosystem shifts under your repo.

Coding agents scaffold deprecated, abandoned, and superseded packages because nobody searches for a change they don't know happened. PatternStack watches your repo's dependencies — deprecations, quiet decay, breaking majors — and pushes state changes into your agent's context before codegen.

Features

  • Deprecations, the moment you're exposed — register a manifest and dead dependencies are flagged in the response, with the maintainer's actual notice and the successor package
  • Quiet decay, before it's a CVE — publish activity and lifecycle state (stable → stagnant → deprecated) for every package you depend on; the changes that never show up as a version bump
  • Deltas your agent can act on — one call returns what changed since the last session: worsened, improved, new, removed, with urgency
  • Session-start briefing — the server instructs your agent to check deltas before generating code; manifest changes auto-sync
  • Security context — CVE warnings from OSV/GitHub Advisory data

Not Dependabot/Renovate (no version-bump PRs), not a security scanner. PatternStack is the layer for changes that have no version number.

CI: catch dead dependencies (no API key needed)

patternstack check scans your manifest and fails the build if any dependency is deprecated, abandoned, or superseded — zero AI, zero tokens, no signup. A whole scan counts as a single anonymous request, so it drops straight into a pipeline.

npx -y @patternstack/mcp check            # scan ./, exit non-zero on dead deps
npx -y @patternstack/mcp check ./service  # scan a specific directory
npx -y @patternstack/mcp check --strict   # also fail on unmaintained (no release 18mo+)
npx -y @patternstack/mcp check --json     # machine-readable output
🔭 PatternStack check — 6 dependencies in package.json

  ✖ request   deprecated     request has been deprecated, see github.com/request/request/issues/3142
  ✖ tslint    deprecated     TSLint has been deprecated in favor of ESLint
  ⚠ moment    unmaintained   No release since 2023-12-27

  2 deprecated · 0 vulnerable · 1 unmaintained · 3 healthy
  ✖ check failed — 2 package(s) must be addressed

Supports npm, PyPI, Cargo, Go, RubyGems, Composer, Hex, pub, Maven, Swift. Use it as a GitHub Action / pre-commit / CI step to block PRs that introduce dead packages.

Quick Start (MCP server)

npx -y @patternstack/mcp

Setup

1. Get Your API Key

Visit patternstack.ai/dashboard/projects and generate an API key.

2. Add to Your MCP Config

Generate a project-scoped key (psk_proj_*) from your project's settings page. This is the recommended approach — just one environment variable, no user ID needed.

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "patternstack": {
      "command": "npx",
      "args": ["-y", "@patternstack/mcp"],
      "env": {
        "PATTERNSTACK_API_KEY": "psk_proj_your_key_here"
      }
    }
  }
}

Claude Code (via CLI):

# Try it without a key — package lookups (dependency.health,
# dependency.alternatives, lifecycle.state) work immediately:
claude mcp add patternstack -- npx -y @patternstack/mcp

# To watch your repo (deltas, AGENTS.md rules, weekly digest),
# re-add with a free API key:
claude mcp remove patternstack && claude mcp add patternstack -e PATTERNSTACK_API_KEY=psk_proj_your_key_here -- npx -y @patternstack/mcp

Or manually edit ~/.claude/mcp.json:

{
  "mcpServers": {
    "patternstack": {
      "command": "npx",
      "args": ["-y", "@patternstack/mcp"],
      "env": {
        "PATTERNSTACK_API_KEY": "psk_proj_your_key_here"
      }
    }
  }
}

API Key Configuration

The MCP client looks for API keys in this order (first found wins):

| Priority | Source | Description | | -------- | -------------------- | ------------------------------------------------ | | 1 | Environment Variable | PATTERNSTACK_API_KEY in MCP config | | 2 | .patternstack file | JSON file in project root: { "apiKey": "..." } | | 3 | .env file | PATTERNSTACK_API_KEY=... in project .env | | 4 | Global config | ~/.patternstackrc with { "apiKey": "..." } |

Free includes full MCP access: Free accounts get full MCP access with 500 requests/day. Pro (1,000/day), Workspace (1,000/day), and Premium (5,000/day) tiers offer higher limits.

Recommended: Use project-scoped keys (psk_proj_*). Generate one from Dashboard -> Projects -> [Project] -> Settings. Project keys embed your project context automatically — no additional configuration needed.

Best Practice: Use environment variable in MCP config for security. Never commit API keys to version control.

MCP Tools

The watch loop:

| Tool | Description | | ---- | ----------- | | project.register | Register a project's manifest — deprecated dependencies are flagged in the response | | project.sync | Sync manifest changes; the response includes ecosystem deltas since the last sync | | project.deltas | What changed since you last looked: worsened, improved, new, removed, with urgency |

Per-package state:

| Tool | Description | | ---- | ----------- | | lifecycle.state | Lifecycle state for a package: stable, stagnant, deprecated, active-risk, and more | | dependency.health | Quick health check (deprecated, vulnerable, unmaintained) | | dependency.alternatives | Successor packages with adoption stats and migration effort | | dependency.safe-upgrade | Is this upgrade safe? Breaking-change analysis |

Watchlist & account:

| Tool | Description | | ---- | ----------- | | watchlist.get / watchlist.add / watchlist.remove | Watch individual packages for lifecycle changes | | account.summary / account.actions | Account overview and prioritized actions across projects |

How it works

PatternStack continuously tracks 50,000+ packages across npm, PyPI, crates.io, RubyGems, Packagist, and Go — registry deprecation notices, publish activity, CVE feeds, and repo metadata. Your manifest adds anything not already watched.

We benchmarked a search-enabled agent against this data on 20 post-cutoff ecosystem questions — the honest results (including the ones we lost) are at patternstack.ai/evals.

Supported Ecosystems

  • JavaScript/TypeScript (npm)
  • Python (PyPI)
  • Go (go.mod)
  • Rust (Cargo)
  • Ruby (Bundler)
  • PHP (Composer)
  • Elixir (Hex)
  • Java/Kotlin (Maven)
  • C#/.NET (NuGet)
  • Dart/Flutter (Pub)
  • Swift (SwiftPM)

Development

cd packages/mcp
npm install
npm run build
npm run dev

License

MIT