npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@vantasdk/vanta-mcp-server

v1.1.0

Published

Model Context Protocol server for Vanta's security compliance platform

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vantasdkvantasdk

Keywords

mcpmodel-context-protocolvantasecuritycompliance

Readme

Vanta MCP Server

A Model Context Protocol server that provides access to Vanta's automated security compliance platform. Vanta helps organizations achieve and maintain compliance with security frameworks like SOC 2, ISO 27001, HIPAA, GDPR, and others through automated monitoring, evidence collection, and continuous security testing. This MCP server enables AI assistants to interact with Vanta's API to retrieve compliance test results, manage security findings, and access framework requirements.

⚠️ Important Disclaimer: This experimental server is currently in public preview and provides AI assistants with access to your Vanta compliance data. You may encounter bugs, errors or unexpected results. Always verify the accuracy and appropriateness of AI-generated responses before taking any compliance or security actions. Users are responsible for reviewing all outputs and ensuring they meet their organization's security and compliance requirements.

Features

Controls

  • List security controls or fetch a specific control by ID
  • Discover which automated tests validate each control
  • Review evidence documents mapped to controls

| Tool Name | Description | | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | | controls | Access security controls in your Vanta account. Provide controlId to get a specific control, or omit to list all controls with optional framework filtering. | | list_control_tests | Enumerate automated tests that validate a specific security control, including status and failing entity details. | | list_control_documents | List documents that provide evidence for a specific security control so you can quickly locate supporting artifacts. |

Documents

  • Enumerate compliance documents across your organization
  • Inspect the controls, links, or uploads associated with a document

| Tool Name | Description | | ---------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | | documents | List documents in your Vanta account or retrieve a specific document by ID with metadata for compliance and evidence management. | | document_resources | Retrieve resources linked to a document (controls, links, uploads) by specifying the desired resource type. |

Frameworks

  • Review framework adoption and progress metrics across your organization
  • Drill into the controls required by each framework

| Tool Name | Description | | ---------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | | frameworks | List compliance frameworks available in your Vanta account along with completion status and progress metrics. | | list_framework_controls | Retrieve the controls associated with a framework, including descriptions, implementation guidance, and current compliance status. |

Integrations

  • Enumerate connected integrations and review their metadata
  • Explore supported resource kinds and fetch integration resources on demand

| Tool Name | Description | | ------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | integrations | List integrations connected to your Vanta account or fetch details for a specific integration, including supported resource kinds and connection status. | | integration_resources | Access integration resources by selecting the desired operation (list_kinds, get_kind_details, list_resources, or get_resource). |

People

  • List or retrieve people for compliance and access reviews

| Tool Name | Description | | ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | | people | List people in your Vanta account or retrieve a specific person by ID, including role, email, and group membership metadata. |

Risks

  • Track risk scenarios, their status, scoring, and treatment plans

| Tool Name | Description | | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------ | | risks | List risk scenarios managed in your risk register or fetch a specific scenario by ID to review status, scoring, and treatment information. |

Tests

  • Monitor automated security tests running in your environment
  • Investigate the entities associated with a specific test

| Tool Name | Description | | ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | tests | Retrieve Vanta's automated security and compliance tests. Filter by status, integration, or framework to understand which controls are passing or failing. | | list_test_entities | Get the resources monitored by a specific security test, including failing entities that require remediation. |

Vulnerabilities

  • Review vulnerabilities surfaced by Vanta, including CVE metadata and affected assets

| Tool Name | Description | | ------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | | vulnerabilities | List vulnerabilities detected across your infrastructure or retrieve a specific vulnerability by ID with CVE details, severity, and impacted asset information. |

Multi-Region Support

  • US, EU, and AUS regions with region-specific API endpoints
  • Global compliance support for distributed organizations

Tools

| Tool Name | Description | | ------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | | tests | Retrieve Vanta's automated security and compliance tests. Filter by status, integration, or framework to understand pass/fail posture quickly. | | list_test_entities | Get resources monitored by a particular test, including failing entities that need remediation. | | controls | List security controls in your Vanta account or retrieve a specific control by ID with framework mapping details. | | list_control_tests | Enumerate automated tests that validate a specific control, complete with status and failing entity information. | | list_control_documents | List documents mapped to a control to locate supporting evidence quickly. | | documents | List compliance documents or fetch details for a specific document, including metadata. | | document_resources | Retrieve resources linked to a document (controls, links, uploads) by choosing the desired resource type. | | integrations | List integrations connected to your Vanta account or fetch details for a specific integration, including resource kinds and connection status. | | integration_resources | Inspect integration resource kinds, schema information, full resource lists, or a specific resource by selecting from the supported operations. | | frameworks | List compliance frameworks with completion status and progress metrics for each. | | list_framework_controls | Retrieve the controls associated with a compliance framework, including descriptions and implementation guidance. | | people | List people across your organization or look up a specific person by ID with role, email, and group membership metadata. | | risks | List risk scenarios under management or fetch a specific scenario to review status, scoring, and treatment plans. | | vulnerabilities | List detected vulnerabilities or retrieve a specific item with CVE metadata, severity, and impacted assets. |

Configuration

Vanta OAuth Credentials

  1. Create OAuth credentials from Vanta's developer dashboard
  2. Save the client_id and client_secret to an env file:
    {
  "client_id": "your_client_id_here",
  "client_secret": "your_client_secret_here"
}

Note: Vanta currently allows only a single active access_token per Application. More info here

Usage with Claude Desktop

Add the server to your claude_desktop_config.json:

{
  "mcpServers": {
    "vanta": {
      "command": "npx",
      "args": ["-y", "@vantasdk/vanta-mcp-server"],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

If you are unfamiliar with setting up MCP servers in Claude Desktop, here is an example in the official MCP documentation.

Usage with Cursor

Add the server to your Cursor MCP settings:

{
  "mcpServers": {
    "Vanta": {
      "command": "npx",
      "args": ["-y", "@vantasdk/vanta-mcp-server"],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

Environment Variables

  • VANTA_ENV_FILE (required): Absolute path to the JSON file containing your OAuth credentials
  • REGION (optional): API region - us, eu, or aus (defaults to us)

Installation

NPX (Recommended)

npx @vantasdk/vanta-mcp-server

Global Installation

npm install -g @vantasdk/vanta-mcp-server
vanta-mcp-server

From Source

git clone https://github.com/VantaInc/vanta-mcp-server.git
cd vanta-mcp-server
npm install
npm run build
npm start

Build from Source

To build from source:

npm run build

This will:

  1. Compile TypeScript to JavaScript
  2. Make the output executable
  3. Place built files in the build/ directory

Now you can configure Claude Desktop or Cursor to use the built executable:

{
  "mcpServers": {
    "Vanta": {
      "command": "node",
      "args": ["/absolute/path/to/vanta-mcp-server/build/index.js"],
      "env": {
        "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"
      }
    }
  }
}

Development

This server is built with TypeScript and includes the following development tools:

  • TypeScript: For type safety and better development experience
  • ESLint: For code quality and consistency
  • Automated Tool Registry: Zero-maintenance tool registration system
  • DRY Utilities: Centralized utilities to reduce code duplication

Project Structure

vanta-mcp-server/
├── src/
│   ├── operations/              # MCP tool implementations
│   │   ├── index.ts            # Barrel export for all operations
│   │   ├── common/             # Shared utilities and infrastructure
│   │   │   ├── descriptions.ts # Centralized parameter descriptions
│   │   │   ├── imports.ts      # Common imports barrel for operations
│   │   │   └── utils.ts        # DRY utilities and request handlers
│   │   ├── controls.ts         # Control-related operations
│   │   ├── vendors.ts          # Vendor-related operations
│   │   ├── people.ts           # People-related operations
│   │   ├── documents.ts        # Document-related operations
│   │   ├── frameworks.ts       # Framework-related operations
│   │   ├── risks.ts            # Risk scenario operations
│   │   ├── tests.ts            # Test-related operations
│   │   ├── integrations.ts     # Integration-related operations (consolidated)
│   │   ├── discovered-vendors.ts # Discovery operations (consolidated)
│   │   ├── trust-centers.ts    # Trust Center operations
│   │   └── ...                 # Other resource operations (18 total)
│   ├── eval/                   # Evaluation and testing framework
│   │   ├── eval.ts            # LLM evaluation test cases
│   │   └── README.md          # Evaluation documentation
│   ├── api.ts                  # Base API configuration
│   ├── auth.ts                 # Authentication handling
│   ├── config.ts               # Control enabled tools
│   ├── index.ts                # Main server entry point
│   ├── registry.ts             # Automated tool registration
│   └── types.ts                # Type definitions
├── build/                      # Compiled JavaScript output
└── README.md                   # This file

Architecture Highlights

  • Consolidated Tool Pattern: Single tools intelligently handle both list and get operations with optional ID parameters
  • Reduced Complexity: 43 tools (down from 53) through smart consolidation while maintaining full functionality
  • Clean Organization: Operations files are cleanly separated from infrastructure code
  • Common Subdirectory: All shared utilities, imports, and descriptions are organized in operations/common/
  • Automated Registry: New tools are automatically discovered and registered without manual configuration
  • DRY Principles: Extensive code reuse through centralized utilities and schema factories
  • Type Safety: Full TypeScript coverage with comprehensive type definitions

For detailed architecture documentation, see src/operations/README.md.

Debugging

You can use the MCP Inspector to debug the server:

npx @modelcontextprotocol/inspector npx @vantasdk/vanta-mcp-server

The inspector will open in your browser, allowing you to test tool calls and inspect the server's behavior.

If you want to test a local build you can do so using:

npx @modelcontextprotocol/inspector node path/to/build/index.js

In the browser window you will then need to add the environment variable "VANTA_ENV_FILE": "/absolute/path/to/your/vanta-credentials.env"

Example Usage

Get failing AWS tests for SOC2

{
  "tool": "list_tests",
  "arguments": {
    "statusFilter": "NEEDS_ATTENTION",
    "integrationFilter": "aws",
    "frameworkFilter": "soc2",
    "pageSize": 50
  }
}

License

This project is licensed under the terms of the MIT open source license. Please refer to LICENSE file for details.