npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@tomsmart-ai/mcp-audit-n8n

v0.1.0

Published

MCP server for auditing n8n workflow JSON for AI orchestration anti-patterns. Used internally for AI Orchestration Audit-as-a-Service (AAA) Tier 2-3 deliverables, also usable standalone.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tomsmart-aitomsmart-ai

Keywords

mcpn8nauditai-orchestrationworkflow

Readme

@tomsmart-ai/mcp-audit-n8n

MCP server for auditing n8n workflows. Built for AI Orchestration Audit-as-a-Service deliverables. Open-source MIT.

Point this server at an n8n workflow JSON export and it returns:

  • Anti-pattern findings (missing error handlers, hardcoded API keys, weak prompts, unauthenticated webhooks)
  • Monthly cost estimate at given execution rate (with explicit assumptions)
  • Recommendation on whether to keep vanilla n8n or pair-program with Claude Code

Tools

audit_workflow_json

Surfaces:

  • HIGH: missing Error Trigger node despite AI nodes present, hardcoded API keys in node parameters, unauthenticated webhook nodes
  • MED: AI nodes without continueOnFail/onError config, weak LLM prompts (< 50 chars), HTTP nodes without retry/timeout
  • LOW: high temperature without justification (> 0.9), missing executionOrder setting

Knows about LangChain package nodes (@n8n/n8n-nodes-langchain.openAi, .anthropic, .lmChatAnthropic, .agent, .chainLlm, etc.) NOT just legacy n8n-nodes-base.* types.

cost_estimate_workflow

Returns monthly USD estimate at given executions_per_month. Includes explicit warning about pricing snapshot age + unmodeled cases (loops, tool calls, prompt length variance). Add 20-30% buffer when quoting clients.

pair_pattern_check

Heuristic recommendation:

  • n8n-only-ok if workflow is simple orchestration without much AI complexity
  • hybrid if medium AI complexity — extract AI step to Claude Code-managed MCP server, n8n calls via HTTP
  • use-claude-code-pair if 3+ AI nodes + 2+ Code nodes — split: n8n handles orchestration, Claude Code-managed service handles AI logic

Install

npm install -g @tomsmart-ai/mcp-audit-n8n

Use with Claude Code

{
  "mcpServers": {
    "audit-n8n": {
      "command": "mcp-audit-n8n"
    }
  }
}

Then ask Claude:

Audit my n8n workflow at /path/to/workflow.json — find anti-patterns + estimate cost at 1000 executions/month.

Claude calls audit_workflow_json + cost_estimate_workflow and reports findings.

Source data

Workflow JSON is the standard n8n export format. To get it: open workflow in n8n UI → 3-dot menu → Download → JSON.

The tool reads but never modifies the file. No telemetry, no external API calls except optional LLM categorization (which is opt-in for the future v0.2 release).

Roadmap

  • v0.1.0 (today, Wt 26.05.2026) — audit_workflow_json + cost_estimate_workflow + pair_pattern_check
  • v0.2.0 — orphan node detection (parse workflow.connections, find unreachable nodes)
  • v0.3.0 — credential audit (does referenced credential exist?)
  • v0.4.0 — compatibility check (workflow expressions valid in current n8n version?)
  • v0.5.0 — pattern catalog: detect known patterns (RAG, agent loop, chatbot, etl) and recommend best-practice variants

License

MIT

Author

Tom Smart — smartflowproai.com · @TomSmart_ai

Pair-built with Claude (Anthropic's coding agent). Tom scoped tools + audit categories from n8n production experience. Claude wrote TypeScript. Tom reviewed every change.