npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

curatedmcp

v2.1.1

Published

The CuratedMCP agent — discover, run, audit, and govern every MCP server your AI tools (Claude, Cursor, Windsurf, Copilot, Gemini) use

Readme

curatedmcp

npm version npm downloads License: MIT Node.js ≥18

The CuratedMCP Agent. One CLI to discover, run, audit, and govern every MCP server your AI tools (Claude, Cursor, Windsurf, Copilot, Gemini) use.

# 10-second risk scan of your machine — no signup
npx curatedmcp audit

Plug it in once. Add servers anytime. Audit and govern them from one place.


What you get

| Command | What it does | | --- | --- | | curatedmcp audit | Scan your MCP configs for risky servers (high/medium/low). Zero auth, instant value. | | curatedmcp (no args) | Run as an MCP hub server over stdio for Claude, Cursor, Windsurf, etc. | | curatedmcp add <slug> | Add a server from the CuratedMCP catalog to your stack. | | curatedmcp remove <slug> | Remove a server from your stack. | | curatedmcp list | Show your current stack. | | curatedmcp init | Print the config snippet to drop into your AI client. | | curatedmcp guard -- <cmd> | Run a server behind the local action firewall. | | curatedmcp login | Authenticate the agent to your CuratedMCP account. | | curatedmcp sync | Pull your team's registry config and push audit results. |


1. Audit (the wedge — start here)

npx curatedmcp audit

Scans every MCP config file on your machine (Claude Desktop, Cursor, Windsurf, Claude Code, …), classifies each server against the CuratedMCP catalog, and flags:

  • 🔴 HIGH — unverified or known-risky servers with credentials
  • 🟡 MEDIUM — verified servers running outside catalog defaults
  • 🟢 VERIFIED — known-good catalog servers

No signup, no cloud, no data leaves your machine. Logged in? Add --sync to push the result to your dashboard.


2. Run as the MCP Hub

If you use MCP servers across multiple AI clients, you've felt this pain: configure GitHub MCP in Claude Desktop, then re-do it in Cursor, then in Windsurf. New agent ships? Re-paste every config.

The agent fixes that. It's one MCP entry that fans out to every server you've added, in every AI client.

   Claude   Cursor   Windsurf   Copilot   Gemini
       \      \      |      /      /
        ┌──────────────────────────┐
        │       curatedmcp         │   ← one config in each agent
        │     (the MCP hub)        │
        └────┬──────┬──────┬───────┘
             │      │      │
          GitHub  Postgres  Stripe   ← `add`'d once, available everywhere

Add it to your AI client

{
  "mcpServers": {
    "curatedmcp": {
      "command": "npx",
      "args": ["-y", "curatedmcp"]
    }
  }
}

| Client | Path | | --------------- | --------------------------------------------------------------------- | | Claude Desktop | ~/Library/Application Support/Claude/claude_desktop_config.json (mac) / %APPDATA%\Claude\claude_desktop_config.json (win) | | Cursor | ~/.cursor/mcp.json | | Windsurf | ~/.codeium/windsurf/mcp_config.json | | Claude Code | ~/.claude/mcp.json (or .claude/mcp.json per-project) |

Add servers to your stack

npx curatedmcp add github          # prompts for GITHUB_TOKEN
npx curatedmcp add postgres --env DATABASE_URL=postgres://...
npx curatedmcp list

Restart your AI client

Tools appear with a <slug>__ prefix:

  • github__create_issue
  • postgres__query
  • filesystem__read_file

3. Guard (local action firewall)

npx curatedmcp guard -- npx -y @modelcontextprotocol/server-github

Wraps an MCP server with a local policy engine that gates every tools/call against ~/.curatedmcp/guard-policy.json. Default policy allows read, prompts on write, blocks destructive.

npx curatedmcp guard --dashboard --port 7878 -- npx -y @some/server
# Then open http://localhost:7878 for the live action log

4. Login + sync (for teams)

Once you have a CuratedMCP account, link the CLI to it:

npx curatedmcp login                  # paste a registry key from your dashboard
npx curatedmcp sync                   # pull team registry config + push audit results
npx curatedmcp sync --team acme-eng   # pick a specific team if you're in more than one

Sync pulls the locked-down server list approved by your team and merges it into your local stack — so every developer's machine runs the same vetted set of servers.


Config files

~/.curatedmcp/stack.json — your stack, plain JSON, hand-editable, version-controllable:

{
  "version": 1,
  "entries": [
    {
      "slug": "github",
      "name": "GitHub",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": { "GITHUB_TOKEN": "ghp_xxxxxxxxxxxx" },
      "addedAt": "2026-05-01T10:14:00.000Z"
    }
  ]
}

Set "disabled": true on an entry to skip it without removing it.

Other files (created on first use):

  • ~/.curatedmcp/auth.json — login token (mode 0600)
  • ~/.curatedmcp/guard-policy.json — firewall policy
  • ~/.curatedmcp/launcher.json — anonymous client UUID

In-agent discovery

The agent itself exposes discovery tools to your AI client, so you can ask:

"Find me an MCP server for Postgres." "What's the best Stripe MCP?" "Add the Postgres MCP server to my stack."

The agent uses search_servers, get_server_details, and add_to_stack to do all of that without you leaving the chat.


Privacy

  • All config is local at ~/.curatedmcp/. No cloud sync unless you login.
  • Anonymous telemetry only (event names like "search", "add"). Disable with --no-telemetry or CURATOR_TELEMETRY=false.
  • Audit results stay on your machine unless you login and run --sync.

Compatibility

  • Works with Claude Desktop, Claude Code, Cursor, Windsurf, Copilot, Gemini, OpenAI Agents — anything that supports MCP over stdio.
  • Node.js ≥ 18.

Migrating from the old packages

The agent replaces three earlier packages, which are now deprecated:

| Old | New | | --- | --- | | @curatedmcp/launcher | curatedmcp (no args) / curatedmcp add / curatedmcp list | | @curatedmcp/auditor (aka mcp-audit) | curatedmcp audit | | @curatedmcp/sentinel (aka sentinel) | curatedmcp guard |

A launcher bin alias is kept for back-compat.


Links

MIT licensed.