npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@vini-cius/mcp-mssql-server

v1.0.1

Published

MCP server for executing MS SQL Server queries via MCP protocol

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vini-ciusvini-cius

Keywords

mcpmodel-context-protocolmcp-serversql-servermssqldatabasetypescript

Readme

SQL Server MCP Service

License: MIT Node.js Version TypeScript

A secure and robust Model Context Protocol (MCP) service for executing SQL Server queries via MCP protocol. This service provides a safe way to interact with SQL Server databases while preventing destructive operations and SQL injection attacks.

🚀 Features

  • 🔒 Secure Query Execution: Built-in protection against SQL injection and destructive operations
  • 📊 Schema Discovery: Get table, function, and procedure schemas and database information
  • 🛠️ Multiple Tools: 9 specialized tools for different database operations
  • ⚡ High Performance: Connection pooling for efficient database operations
  • 🔧 TypeScript Support: Full TypeScript implementation with type safety
  • 🧪 Comprehensive Testing: Jest-based test suite for reliability

🛠️ Available Tools

1. execute_query

Executes safe SQL queries with parameter support.

Parameters:

  • query (string, required): The SQL query to execute
  • parameters (object, optional): Query parameters for prepared statements

Example:

{
  "query": "SELECT * FROM Users WHERE Status = @status",
  "parameters": {
    "status": "active"
  }
}

2. get_table_schema

Retrieves detailed column information for a specific table.

Parameters:

  • tableName (string, required): Name of the table
  • schemaName (string, optional): Schema name (default: "dbo")

Example:

{
  "tableName": "Users",
  "schemaName": "dbo"
}

3. list_tables

Lists all tables in the database with optional schema filtering.

Parameters:

  • schemaName (string, optional): Filter tables by specific schema

Example:

{
  "schemaName": "dbo"
}

4. get_database_info

Retrieves general database information (name, version, edition, etc.).

Parameters: None

5. list_procedures

Lists all stored procedures in the database, optionally filtered by schema.

Parameters:

  • schemaName (string, optional): Filter procedures by schema

Example:

{
  "schemaName": "dbo"
}

6. list_functions

Lists all functions (scalar and table-valued) in the database, optionally filtered by schema and function type.

Parameters:

  • schemaName (string, optional): Filter functions by schema
  • functionType (string, optional): 'SCALAR' or 'TABLE'

Example:

{
  "schemaName": "dbo",
  "functionType": "SCALAR"
}

7. get_procedure_schema

Gets the schema and parameters of a specific stored procedure.

Parameters:

  • procedureName (string, required): Name of the procedure
  • schemaName (string, optional): Schema name (default: "dbo")

Example:

{
  "procedureName": "MyProcedure",
  "schemaName": "dbo"
}

8. get_function_schema

Gets the schema and parameters of a specific function.

Parameters:

  • functionName (string, required): Name of the function
  • schemaName (string, optional): Schema name (default: "dbo")

Example:

{
  "functionName": "MyFunction",
  "schemaName": "dbo"
}

9. execute_procedure

Executes a stored procedure with parameters.

Parameters:

  • procedureName (string, required): Name of the procedure
  • parameters (object, optional): Procedure parameters
  • schemaName (string, optional): Schema name (default: "dbo")

Example:

{
  "procedureName": "MyProcedure",
  "parameters": {
    "param1": 123,
    "param2": "abc"
  },
  "schemaName": "dbo"
}

📦 Installation

Prerequisites

  • Node.js >= 20.0.0
  • SQL Server instance
  • pnpm (recommended)

Install Dependencies

pnpm install

⚙️ Configuration

  1. Copy Environment Template
cp .env.example .env
  1. Configure Environment Variables

| Variable | Description | Default | |------------------|---------------------------------------------|------------------------------| | HTTP_PORT | HTTP server port | 3333 | | NODE_ENV | Node environment (development/production)| development | | ORIGIN | Allowed CORS origins (comma-separated) | - | | SQL_SERVER | SQL Server hostname/IP | localhost | | SQL_DATABASE | Database name | master | | SQL_USER | Database username | - | | SQL_PASSWORD | Database password | - | | SQL_PORT | SQL Server port | 1433 | | SQL_ENCRYPT | Enable encryption | true | | SQL_TRUST_CERT | Trust server certificate | false |

Example .env:

HTTP_PORT=3333
NODE_ENV=development
ORIGIN=http://localhost:3000,http://example.com
SQL_SERVER=localhost
SQL_DATABASE=master
SQL_USER=sa
SQL_PASSWORD=YourSecurePassword123!
SQL_PORT=1433
SQL_ENCRYPT=true
SQL_TRUST_CERT=false

🚀 Usage

Start HTTP Server (Recommended)

pnpm run dev:http
# or
pnpm run start:http

Build for Production

pnpm run build

Running Tests

pnpm run test

🖥️ Desktop App Integration

To integrate this server with a desktop app, add the following to your app's server configuration:

Using Node.js directly:

{
  "mcpServers": {
    "sqlserver": {
      "command": "node",
      "args": [
        "{ABSOLUTE PATH TO FILE HERE}/dist/cli.js"
      ]
    }
  }
}

Using npx:

{
  "mcpServers": {
    "sqlserver": {
      "command": "npx",
      "args": [
        "mcp-mssql-server"
      ]
    }
  }
}

Note: Replace {ABSOLUTE PATH TO FILE HERE} with the actual absolute path to your project's dist/cli.js file.

🤖 OpenAI Integration

To use this MCP server with OpenAI's API, you can integrate it using the MCP protocol. Here's an example:

import OpenAI from "openai";
const client = new OpenAI();

const resp = await client.responses.create({
  model: "gpt-5",
  tools: [
    {
      type: "mcp",
      server_label: "mssql",
      server_description: "A SQL Server MCP server for executing safe database queries and schema discovery.",
      server_url: "http://localhost:3333/mcp",
      require_approval: "never",
    },
  ],
  input: "Show me all tables in the database",
});

console.log(resp.output_text);

Note: Make sure your HTTP server is running on the specified port before making requests to OpenAI.

🔒 Security Features

Query Validation

The service automatically blocks potentially destructive operations:

  • DROP TABLE
  • DELETE FROM
  • TRUNCATE TABLE
  • INSERT INTO
  • UPDATE
  • CREATE TABLE
  • ALTER TABLE
  • ❌ Stored procedures (sp_, xp_)
  • ❌ SQL injection patterns
  • ❌ Comments (--, /* */)

Allowed Operations

  • SELECT queries
  • WITH clauses (CTEs)
  • SHOW commands
  • DESCRIBE commands
  • EXPLAIN commands
  • ✅ Safe EXEC/EXECUTE for procedures/functions

Parameter Sanitization

All query and procedure parameters are automatically sanitized to prevent injection attacks.

🧪 Testing

The project includes comprehensive tests for schema validation and core functionality:

# Run all tests
pnpm run test

# Run tests in watch mode
pnpm run test -- --watch

# Run tests with coverage
pnpm run test -- --coverage

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

👨‍💻 Author

Vinicius de Souza Santos

🙏 Acknowledgments

⭐ If this project helps you, please give it a star!