@patternstack/mcp
v2.7.0
Published
Tells your AI when the ecosystem shifts under your repo — watches dependencies for deprecations, quiet decay, and breaking majors, pushed into agent context via MCP
Maintainers
Readme
@patternstack/mcp
PatternStack MCP Server — tells your AI when the ecosystem shifts under your repo.
Coding agents scaffold deprecated, abandoned, and superseded packages because nobody searches for a change they don't know happened. PatternStack watches your repo's dependencies — deprecations, quiet decay, breaking majors — and pushes state changes into your agent's context before codegen.
Features
- Deprecations, the moment you're exposed — register a manifest and dead dependencies are flagged in the response, with the maintainer's actual notice and the successor package
- Quiet decay, before it's a CVE — publish activity and lifecycle state (stable → stagnant → deprecated) for every package you depend on; the changes that never show up as a version bump
- Deltas your agent can act on — one call returns what changed since the last session: worsened, improved, new, removed, with urgency
- Session-start briefing — the server instructs your agent to check deltas before generating code; manifest changes auto-sync
- Security context — CVE warnings from OSV/GitHub Advisory data
Not Dependabot/Renovate (no version-bump PRs), not a security scanner. PatternStack is the layer for changes that have no version number.
CI: catch dead dependencies (no API key needed)
patternstack check scans your manifest and fails the build if any dependency is
deprecated, abandoned, or superseded — zero AI, zero tokens, no signup. A whole scan
counts as a single anonymous request, so it drops straight into a pipeline.
npx -y @patternstack/mcp check # scan ./, exit non-zero on dead deps
npx -y @patternstack/mcp check ./service # scan a specific directory
npx -y @patternstack/mcp check --strict # also fail on unmaintained (no release 18mo+)
npx -y @patternstack/mcp check --json # machine-readable output🔭 PatternStack check — 6 dependencies in package.json
✖ request deprecated request has been deprecated, see github.com/request/request/issues/3142
✖ tslint deprecated TSLint has been deprecated in favor of ESLint
⚠ moment unmaintained No release since 2023-12-27
2 deprecated · 0 vulnerable · 1 unmaintained · 3 healthy
✖ check failed — 2 package(s) must be addressedSupports npm, PyPI, Cargo, Go, RubyGems, Composer, Hex, pub, Maven, Swift. Use it as a GitHub Action / pre-commit / CI step to block PRs that introduce dead packages.
Quick Start (MCP server)
npx -y @patternstack/mcpSetup
1. Get Your API Key
Visit patternstack.ai/dashboard/projects and generate an API key.
2. Add to Your MCP Config
Generate a project-scoped key (psk_proj_*) from your project's settings page. This is the recommended approach — just one environment variable, no user ID needed.
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"patternstack": {
"command": "npx",
"args": ["-y", "@patternstack/mcp"],
"env": {
"PATTERNSTACK_API_KEY": "psk_proj_your_key_here"
}
}
}
}Claude Code (via CLI):
# Try it without a key — package lookups (dependency.health,
# dependency.alternatives, lifecycle.state) work immediately:
claude mcp add patternstack -- npx -y @patternstack/mcp
# To watch your repo (deltas, AGENTS.md rules, weekly digest),
# re-add with a free API key:
claude mcp remove patternstack && claude mcp add patternstack -e PATTERNSTACK_API_KEY=psk_proj_your_key_here -- npx -y @patternstack/mcpOr manually edit ~/.claude/mcp.json:
{
"mcpServers": {
"patternstack": {
"command": "npx",
"args": ["-y", "@patternstack/mcp"],
"env": {
"PATTERNSTACK_API_KEY": "psk_proj_your_key_here"
}
}
}
}API Key Configuration
The MCP client looks for API keys in this order (first found wins):
| Priority | Source | Description |
| -------- | -------------------- | ------------------------------------------------ |
| 1 | Environment Variable | PATTERNSTACK_API_KEY in MCP config |
| 2 | .patternstack file | JSON file in project root: { "apiKey": "..." } |
| 3 | .env file | PATTERNSTACK_API_KEY=... in project .env |
| 4 | Global config | ~/.patternstackrc with { "apiKey": "..." } |
Free includes full MCP access: Free accounts get full MCP access with 500 requests/day. Pro (1,000/day), Workspace (1,000/day), and Premium (5,000/day) tiers offer higher limits.
Recommended: Use project-scoped keys (psk_proj_*). Generate one from Dashboard -> Projects -> [Project] -> Settings. Project keys embed your project context automatically — no additional configuration needed.
Best Practice: Use environment variable in MCP config for security. Never commit API keys to version control.
MCP Tools
The watch loop:
| Tool | Description |
| ---- | ----------- |
| project.register | Register a project's manifest — deprecated dependencies are flagged in the response |
| project.sync | Sync manifest changes; the response includes ecosystem deltas since the last sync |
| project.deltas | What changed since you last looked: worsened, improved, new, removed, with urgency |
Per-package state:
| Tool | Description |
| ---- | ----------- |
| lifecycle.state | Lifecycle state for a package: stable, stagnant, deprecated, active-risk, and more |
| dependency.health | Quick health check (deprecated, vulnerable, unmaintained) |
| dependency.alternatives | Successor packages with adoption stats and migration effort |
| dependency.safe-upgrade | Is this upgrade safe? Breaking-change analysis |
Watchlist & account:
| Tool | Description |
| ---- | ----------- |
| watchlist.get / watchlist.add / watchlist.remove | Watch individual packages for lifecycle changes |
| account.summary / account.actions | Account overview and prioritized actions across projects |
How it works
PatternStack continuously tracks 50,000+ packages across npm, PyPI, crates.io, RubyGems, Packagist, and Go — registry deprecation notices, publish activity, CVE feeds, and repo metadata. Your manifest adds anything not already watched.
We benchmarked a search-enabled agent against this data on 20 post-cutoff ecosystem questions — the honest results (including the ones we lost) are at patternstack.ai/evals.
Supported Ecosystems
- JavaScript/TypeScript (npm)
- Python (PyPI)
- Go (go.mod)
- Rust (Cargo)
- Ruby (Bundler)
- PHP (Composer)
- Elixir (Hex)
- Java/Kotlin (Maven)
- C#/.NET (NuGet)
- Dart/Flutter (Pub)
- Swift (SwiftPM)
Development
cd packages/mcp
npm install
npm run build
npm run devLicense
MIT
