npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@shipcheck/mcp-server

v0.1.4

Published

ShipCheck MCP server — security scanner for vibe-coded apps

Downloads

786

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

patravishekpatravishek

Keywords

mcpsecurityscannervibe-codingshipsafe

Readme

@shipcheck/mcp-server

ShipCheck inside Claude Code, Cursor, and any MCP-compatible agent.

npm

Gives your AI coding agent a dedicated security scanner. Instead of hoping Claude reads the right files and asks the right questions, ShipCheck deterministically scans your entire project and returns structured results Claude can explain and act on.

No code leaves your machine. Runs entirely locally.

Setup

Claude Code

Run once in your terminal:

claude mcp add shipcheck npx @shipcheck/mcp-server

Restart Claude. Then just ask:

"Scan my project for security issues before I deploy" "Is this API route safe?" "Check if my environment variables are configured correctly"

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "shipcheck": {
      "command": "npx",
      "args": ["-y", "@shipcheck/mcp-server"]
    }
  }
}

Tools

scan_project

Full security audit of a project directory. Returns a score, critical issues with fix instructions, and a warning summary.

path    — absolute path to scan (defaults to cwd)
detail  — "summary" (default) or "full" (includes fixes for all warnings)
format  — "json" (default) or "text"

scan_file

Security audit of a single file — useful when you've just written a new API route or component.

path    — absolute path to the file (required)

check_env

Focused audit of environment variable safety. Checks for exposed secrets, missing .gitignore entries, and NEXT_PUBLIC_ leaks.

path    — absolute path to project directory (defaults to cwd)

Why MCP Over Just Asking Claude?

| | Asking Claude directly | ShipCheck MCP | |---|---|---| | Coverage | Files that fit in context window | Every file in your project | | Consistency | Varies by prompt and context | Same checks every time | | Speed | Minutes for large projects | Under 100ms | | API cost | Burns tokens on file reading | Zero — runs locally | | Structured output | Free-form text | JSON with score, severity, fix |

Also Available As

CLI with pre-commit hook — scans automatically on every git commit:

npm install -g @shipcheck/cli
shipcheck install-hook