npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@whisper-security/whisper-graph-mcp

v0.1.0

Published

Open-source MCP server for WhisperGraph — query the internet's infrastructure & threat-intel graph (DNS, BGP, GeoIP, WHOIS) via Cypher.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ehsan-whsperehsan-whsperkakoochkakooch

Keywords

mcpmodel-context-protocolcyphergraph-databasethreat-intelligencednsbgpwhoisosintsecuritywhispergraph

Readme

WhisperGraph is a graph database of internet infrastructure: 7.39B nodes, 39B edges, and 5.6M threat-intelligence edges mapping DNS resolution, domain hierarchy, BGP routing, IP allocation, GeoIP, web hyperlinks, email infrastructure, DNSSEC, WHOIS, and threat feeds.

This is the open-source MCP server for it. It exposes WhisperGraph to any MCP client (Claude Desktop, Claude Code, Cursor, …) as one Cypher query tool plus read-only schema-introspection and threat-assessment tools. It validates every query against a safety rule set, then relays it to the hosted WhisperGraph API using your API key.

Learn more: WhisperGraph intro · Cypher API reference · Query guide · Cypher syntax · Functions · Best practices · MCP setup

Quick start

You need a WhisperGraph API key — get a free one.

Claude Desktop / Claude Code / Cursor (stdio)

Add this to your MCP client config:

{
  "mcpServers": {
    "whisper-graph": {
      "command": "npx",
      "args": ["-y", "@whisper-security/whisper-graph-mcp"],
      "env": { "WHISPER_API_KEY": "your-api-key" }
    }
  }
}

Or with Claude Code:

claude mcp add whisper-graph -e WHISPER_API_KEY=your-api-key -- npx -y @whisper-security/whisper-graph-mcp

Hosted remote server (no install)

Whisper also runs a hosted MCP server at https://mcp.whisper.security — point any MCP client that supports remote servers at it and authenticate with your API key. Self-hosting this repo is for teams who want to run the MCP layer in their own environment. See How to set up.

Tools

All six tools are read-only.

| Tool | What it does | | ------------------- | --------------------------------------------------------------------------------------------------------------- | | query | Execute a Cypher query against WhisperGraph. Validated against a safety rule set before it reaches the backend. | | list_labels | List every node label with counts. Call it before writing a query when you're unsure which label to anchor on. | | describe_label | Confirm a label exists and enumerate its property keys. | | explain_indicator | Threat assessment for an IP, hostname, CIDR, or ASN — score, level, factors, sources. | | whisper_history | Historical WHOIS or BGP data for an indicator. | | domain_variants | Typosquatting / brand-protection variants of a domain, checked against the graph. |

Resources

Six MCP resources: the full schema, the relationship map, a Cypher function reference, a query cookbook, plus live whisper://stats and whisper://quota.

Prompts

Eight investigation-workflow prompt templates: investigate-ip, map-attack-surface, compare-domains, blast-radius, threat-triage, whois-pivot, bgp-investigation, typosquat-sweep.

Self-hosting (Docker / HTTP)

For remote or team deployments, run the server over Streamable HTTP:

docker run -p 8080:8080 -e MCP_TRANSPORT=http \
  ghcr.io/whisper-sec/whisper-graph-mcp:latest

Or with Docker Compose:

docker compose up

In HTTP mode the server does not authenticate inbound requests — it relays the caller's X-API-Key or Authorization: Bearer header to the hosted WhisperGraph API, falling back to the WHISPER_API_KEY environment variable when no header is present. Put it behind your own gateway if you need access control.

Configuration

All configuration is via environment variables.

| Variable | Default | Description | | -------------------------- | -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | | WHISPER_API_KEY | (none) | Your WhisperGraph API key. Get a free one. | | MCP_TRANSPORT | stdio | stdio for local CLI use, http for remote/Docker. | | HTTP_HOST | 0.0.0.0 | Bind host for the HTTP transport. | | HTTP_PORT | 8080 | Bind port for the HTTP transport. | | WHISPER_ALLOWED_HOSTS | (none) | Comma-separated Host header allowlist for DNS-rebinding protection in HTTP mode. Leave empty only behind a trusted gateway. | | WHISPER_DB_URL | https://graph.whisper.security | Base URL of the hosted WhisperGraph API. | | WHISPER_QUERY_TIMEOUT_MS | 60000 | Hard per-query deadline forwarded to the API. | | WHISPER_DB_TIMEOUT_MS | 10000 | HTTP timeout for non-query calls. | | LOG_LEVEL | info | debug, info, warn, or error. |

Development

npm install
npm run dev       # run from source over stdio
npm test          # unit + integration tests (no secrets needed)
npm run build     # bundle to dist/
npm run lint      # eslint
npm run typecheck # tsc --noEmit

The test suite runs entirely offline against a fake backend — no API key required.

Contributing

Contributions are welcome. See CONTRIBUTING.md and our Code of Conduct. Security issues: see SECURITY.md.

License

Apache-2.0. "Whisper", the Whisper logo, and "WhisperGraph" are trademarks of Whisper Security — see NOTICE.