npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@recon-fuzz-mcp/knowledge

v2.1.1

Published

MCP server for all Recon knowledge — getrecon.xyz, book.getrecon.xyz, and getrecon.substack.com

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

recon-fuzz-mcp-adminrecon-fuzz-mcp-admin

Keywords

mcpmcp-servermodel-context-protocolreconfuzzingsecuritydocumentationchimerainvariant-testingaiclaude

Readme

@recon-fuzz/mcp-knowledge

npm License: MIT Node 18+

MCP server that makes Recon documentation searchable by AI tools. Fetches and parses getrecon.xyz/llms-full.txt into structured, queryable content.

Ready to publish? See MCP_ACTIVATION.md for the full guide — npm publish, directory listings, llms.txt integration, and Claude Desktop/Cursor setup.

Tools

Site tools (getrecon.xyz)

| Tool | Input | Returns | |------|-------|---------| | search_glossary | query: string | Top 5 matching glossary terms with definitions | | get_blog_post | slug: string | Full post content + metadata + URL | | get_comparison | slug: string | Both entities, strengths, conclusion, FAQs | | search_site | query: string | Top 10 matches across site content | | list_tools | (none) | Developer tools with descriptions + URLs |

Book tools (book.getrecon.xyz)

| Tool | Input | Returns | |------|-------|---------| | get_book_chapter | slug: string | Full chapter content, category, URL | | get_book_concept | slug: string | Technical concept explanation | | search_book | query: string | Top 10 matches across book content | | list_book_chapters | (none) | All chapters grouped by category |

Substack tools (getrecon.substack.com)

| Tool | Input | Returns | |------|-------|---------| | get_substack_post | slug: string | Full newsletter post content | | search_substack | query: string | Top 10 matches across Substack posts | | list_substack_posts | (none) | All posts sorted by date |

Cross-source

| Tool | Input | Returns | |------|-------|---------| | search_all | query: string | Top 15 matches across all 3 sources | | refresh_cache | (none) | Re-fetch all sources (rate limited to 1/min) |

Setup for Claude Desktop / Cursor

Add to your MCP config (~/Library/Application Support/Claude/claude_desktop_config.json or Cursor settings):

{
  "mcpServers": {
    "recon-knowledge": {
      "command": "npx",
      "args": ["@recon-fuzz/mcp-knowledge"]
    }
  }
}

No API key needed. The server fetches public documentation only.

Local development

git clone https://github.com/Recon-Fuzz/recon-mcp-knowledge.git
cd recon-mcp-knowledge
npm install
npm run build

Test it works

# List tools
echo '{"jsonrpc":"2.0","method":"tools/list","id":1}' | node dist/index.js

# Search for chimera content
echo '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"search_site","arguments":{"query":"chimera"}},"id":2}' | node dist/index.js

Validation steps

Before making this repo public or publishing to npm, verify the following:

1. Functional checks

  • [ ] npm run build compiles with zero errors
  • [ ] tools/list returns 14 tools
  • [ ] search_glossary with query "fuzzing" returns relevant terms
  • [ ] get_blog_post with slug "why-we-built-chimera-write-once-fuzz-everywhere" returns the full post
  • [ ] search_site with query "chimera" returns the new Chimera architecture post
  • [ ] refresh_cache works and respects rate limiting (second call within 60s returns early)
  • [ ] get_comparison returns both entities' strengths (not just entity A)

2. Security checks

  • [ ] @modelcontextprotocol/sdk is pinned to ^1.29.0 (not "latest")
  • [ ] Fetch response size is capped at 10MB
  • [ ] refresh_cache is rate-limited (60s minimum interval)
  • [ ] Query/slug inputs are length-limited (1000/500 chars)
  • [ ] Error messages don't expose upstream network details
  • [ ] Fetch uses redirect: "error" to prevent redirect following
  • [ ] No env vars read, no data sent to any third party, no telemetry

3. Pre-publish checks

  • [ ] Add "files": ["dist"] to package.json before npm publish
  • [ ] Set "sourceMap": false in tsconfig.json for production
  • [ ] Run npm audit — should report 0 vulnerabilities
  • [ ] Test with Claude Desktop or Cursor — verify tools appear and respond

4. Content quality

  • [ ] search_content("chimera") returns the "Why we built Chimera" post
  • [ ] search_content("vscode extension") returns the extension guide
  • [ ] Glossary terms are parsed correctly (no #### prefixes in definitions)
  • [ ] Comparison articles include both sides' strengths

Architecture

  • Fetches llms-full.txt once on startup, caches in memory
  • Cache refreshes every 24h automatically or on manual refresh_cache
  • Parser splits by --- dividers, extracts blog posts, glossary, comparisons, tools
  • Search uses case-insensitive term matching with word-boundary scoring
  • No database, no external search library, no filesystem writes

Privacy

This server is read-only. It fetches from a single hardcoded public URL (getrecon.xyz/llms-full.txt). No user queries, tool arguments, or any data is sent to Recon or any third party.