npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@scorezilla/mcp

v0.4.0

Published

Official MCP server for Scorezilla — add a leaderboard to your game from your AI coding assistant.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

isco-tecisco-tec

Keywords

mcpmodel-context-protocolleaderboardscorezillaclaude-codecursorai-coding-assistantgame-dev

Readme

scorezilla-mcp

npm version license: MIT

Official Model Context Protocol (MCP) server for Scorezilla — the easiest way to add a leaderboard to your game. Connect this server to your AI coding assistant (Claude Code, Cursor, Continue.dev, …) and ship a working leaderboard without leaving your editor.

What you can ask the AI to do

  • "Add a leaderboard to my game" → it bootstraps a game + board and pastes ready-to-run TypeScript SDK code into your project
  • "What did my last test score rank?" → it reads your live leaderboard
  • "List my games" / "show me the boards on X" → it inspects what you already have

Eleven tools total — five read-only, and six that write: four that create resources (bootstrap_leaderboard, create_game, create_board, mint_key) plus two that update config (update_board_config — score bounds + retention, e.g. an anti-cheat maxScore; update_game_config — the browser-submit origin allowlist).

Install + configure

Status — v0.3.0. Published on the @latest dist-tag. 0.3.0 adds three create-only write tools — create_game, create_board, mint_key — so an agent can provision against an existing game (add boards, mint keys, create more games), not just bootstrap a brand-new one. 0.2.0 added the integration-axis arguments (identity strategy, OAuth provider, hosting/anti-cheat pattern, server language) to bootstrap_leaderboard + get_sdk_snippet. Destructive ops (edit/delete, key revocation) remain dashboard-only by design.

1. Get a token

Sign in at dashboard.scorezilla.dev, open MCP tokens, click Create token. Copy the mcp_live_* value once — it's not shown again.

2. Add the server to your AI coding assistant

Claude Code — edit ~/.claude/settings.json:

{
  "mcpServers": {
    "scorezilla": {
      "command": "npx",
      "args": ["-y", "@scorezilla/mcp"],
      "env": {
        "SCOREZILLA_TOKEN": "mcp_live_…"
      }
    }
  }
}

🔒 Keep ~/.claude/settings.json private. The token is stored in plaintext in that file. Make sure it's not committed to git (it's usually in your .gitignore), not synced to a public dotfiles repo, and not backed up to a shared location. On macOS/Linux: chmod 600 ~/.claude/settings.json so only your user can read it. If a token leaks, revoke it at dashboard.scorezilla.dev/account/tokens.

Cursor — open Settings → Features → MCP → Add new MCP server, then use the same command + args + env shape.

Anything else MCP-compatible — point your client at npx -y @scorezilla/mcp with SCOREZILLA_TOKEN set in the environment.

3. Ask away

In Claude Code or Cursor: "Add a Scorezilla leaderboard to this game."

Tools

| Tool | What it does | |---|---| | list_games | Lists your games. Use this first to orient. | | list_boards | Lists leaderboards under a game. | | get_keys | Returns the public key (safe to embed) and the secret-key prefix. The full secret never leaves the dashboard. | | get_board_top_n | Returns the top entries on a board. The "is my integration working?" tool. | | get_sdk_snippet | Returns ready-to-paste integration code for a board. Optional axis args tailor it: anonymous/OAuth identity, client-only vs. server-validated anti-cheat, and the server language (TS/Python/Go/C#). | | bootstrap_leaderboard | Creates a new game + first board in one call, then returns the widget embed + SDK snippet + a plain-English recommendation. Same optional axis args (anti-cheat, OAuth, server language). The 90-second-demo path. | | create_game | Creates a new (empty) game. Use when a game already exists (so bootstrap_leaderboard would conflict) or you want another. | | create_board | Adds a leaderboard board to an existing game (by gameId), with full options (sortDir, scoreKind, retention, bounds). | | mint_key | Mints a fresh public/secret key pair for an existing game. The secret is shown once. |

Flags

scorezilla-mcp [--read-only] [--base-url=<url>] [--version] [--help]
  • --read-only — refuse to register the write tools (bootstrap_leaderboard, create_game, create_board, mint_key, update_board_config, update_game_config). Use this on shared/CI configs to guarantee the AI can't create or change resources.
  • --base-url=<url> — override the API origin. Defaults to https://api.scorezilla.dev. Useful for self-hosted or staging environments.

Env vars

  • SCOREZILLA_TOKENrequired. Bearer token issued at dashboard.scorezilla.dev/account/tokens.
  • SCOREZILLA_BASE_URL — same as --base-url, but via env. CLI flag wins if both are set.
  • SCOREZILLA_BETA_TOKEN — pre-public closed-beta only. When set, sent as the X-MCP-Beta header on every API call to unlock the MCP namespace before the public switch is flipped. You'll only need this if a Scorezilla team member gave you a beta token; ignore otherwise.

Tokens: how they work

  • Tokens are scoped to the developer who issued them and see every game associated with their account.
  • The MCP server never returns the secret-key plaintext for a game — for that, copy from the dashboard.
  • Revoke a token any time at dashboard.scorezilla.dev/account/tokens. Revocations propagate within a few seconds.
  • Tokens are bearer credentials: anyone with the value can call the API on your behalf. Don't commit them to source; don't paste them into shared chats. Keep them in env blocks, password managers, or secret stores.

Runtime requirements

  • Node ≥ 20
  • A network path to https://api.scorezilla.dev

Releasing

Releases are CI-driven and require an approval click in the npm-publish GitHub Environment. The full flow:

  1. Author a changeset locally: pnpm changeset — describes what changed and the bump type. Commit the file under .changeset/.
  2. Merge to main. .github/workflows/release.yml runs and opens a "chore(release): version @scorezilla/mcp" PR that bumps package.json, syncs server.json (the MCP Registry manifest) via scripts/sync-server-json-version.mjs, and updates CHANGELOG.md.
  3. Merge the version PR. The same workflow then publishes:
    • npm tarball with --provenance (verifiable build attestation via GH OIDC + sigstore)
    • MCP Registry record via mcp-publisher login github-oidcmcp-publisher publish
    • Post-publish smoke test that installs the published tarball and runs the binary
  4. Pre-flight guards that run before publish: typecheck, test, build, bin smoke (node dist/index.js --version), and release:check (asserts package.json and server.json versions agree).

Manual publishes from a developer terminal still work (bash scripts/publish.sh) but aren't the path CI takes — they skip provenance and approval gates. Use only for one-off recovery.

Issues / feedback

GitHub Issues.

License

MIT.