npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

m365-graph-mcp

v0.2.0

Published

Model Context Protocol server for Microsoft 365 (mail, calendar, files, Teams, Tasks, OneNote, Contacts) via delegated Microsoft Graph access.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ollenaeaesollenaeaes

Keywords

mcpmodel-context-protocolmicrosoft-graphmicrosoft-365m365outlooksharepointteamsclaude

Readme

m365-graph-mcp

Model Context Protocol server for Microsoft 365.

Provides delegated, scope-gated access to mail, calendar, files (OneDrive + whitelisted SharePoint sites), Teams, Tasks, OneNote, and Contacts via the Microsoft Graph API. Every Graph call is bound to a real signed-in user's token — the server can never see more than the user could see by signing into Outlook/SharePoint themselves.

Install

npm install -g m365-graph-mcp
# or
npx m365-graph-mcp --help

Quick start (stdio, for Claude Desktop / Cursor)

npx m365-graph-mcp --transport stdio --auth interactive

This opens a browser, signs you in, caches the token, and starts an MCP server on stdio. Configure your MCP client (e.g. Claude Desktop) to launch this command.

Hosted mode (HTTP, for shared deployments)

npx m365-graph-mcp --transport http --port 8001 --auth oauth-proxy

Runs a Streamable HTTP MCP server with an embedded OAuth proxy. Each user signs in through their browser; the server uses the On-Behalf-Of flow to call Graph as that user. Designed to be deployed to a customer-controlled environment (Azure Container Apps, AKS, etc.) — see the project ARCHITECTURE.md for the deploy contract.

SharePoint access modes

M365_GRAPH_MCP_SHAREPOINT_SITES selects one of three modes:

| Value | Mode | Behavior | | ------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | unset / empty | disabled | No SharePoint sites accessible. /sites/* calls rejected before reaching Graph. (Default.) | | siteId1,siteId2,… | allowlist | Tenant-wide allowlist. A user can reach a site only if it is on this list AND they have SharePoint permission to it. The allowlist is an upper bound, never an expansion. Combine with set_active_sites for per-session narrowing. | | * | open | No admin gate. A user can reach any site they have SharePoint permission to via their delegated token. Microsoft's ACLs are the only filter. |

OneDrive (/me/drive/*) is unaffected by the mode.

CLI flags

| Flag | Default | Description | | ------------- | ------------------------------------------- | -------------------------------------------- | | --transport | stdio | stdio or http | | --auth | interactive (stdio), oauth-proxy (http) | interactive, azcli, env, oauth-proxy | | --port | 8001 | HTTP port (only with --transport http) | | --tenant | — | Azure tenant ID (interactive/azcli only) | | --client-id | bundled multi-tenant app | Public-client app reg ID (interactive only) | | --version | — | Print version and exit | | --help | — | Show help |

License

MIT