npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mailbox-mcp

v0.4.0

Published

Multi-account, multi-provider email MCP server

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jgnpmjgnpm

Keywords

mcpemailgmailimapjmapfastmailmodel-context-protocol

Readme

mailbox-mcp

Give your AI tools access to your email. Search, read, send, and manage messages across multiple accounts without leaving your terminal.

mailbox-mcp is an MCP server that connects your email to Claude Code, Cursor, Windsurf, or any AI tool that supports the Model Context Protocol. Instead of switching between your terminal and Gmail, you ask the AI to find that invoice, summarize a thread, or draft a reply — and it does.

What makes this different from the 60+ other email MCP servers:

  • Multiple accounts, one server. Work email, personal email, client accounts — all accessible through a single server. No need to run separate instances.
  • Not just Gmail. Supports Gmail (full API), any IMAP/SMTP provider (ProtonMail, corporate mail, self-hosted), and JMAP (Fastmail, Stalwart, Topicbox). Add providers without changing a line of tool code.
  • Actually secured. 6 rounds of security auditing. Encrypted credentials (AES-256-GCM), prompt injection fencing on every email field, rate limiting, TLS enforcement, SSRF protection with IP encoding evasion detection, input validation. Most MCP servers skip security entirely.
  • 36 tools. Search, read, send, reply, forward, drafts, labels, filters, templates, signatures, vacation replies, attachments, unsubscribe, and more.
  • Zero native dependencies. Pure Node.js. Install and run anywhere.

Quick Start

Install

git clone https://github.com/jgalea/mailbox-mcp.git
cd mailbox-mcp
npm install && npm run build

Then add to your Claude Code MCP config (~/.claude.json):

{
  "mcpServers": {
    "mailbox": {
      "command": "node",
      "args": ["/path/to/mailbox-mcp/dist/server.js"]
    }
  }
}

Replace /path/to/mailbox-mcp with the actual path where you cloned the repo.

Add a Gmail Account

1. Create a Google Cloud project

  1. Go to Google Cloud Console and create a new project
  2. Enable the Gmail API: APIs & Services > Library > Gmail API > Enable
  3. Enable the People API (for contact search): APIs & Services > Library > People API > Enable

2. Set up OAuth consent screen

  1. Go to Google Auth Platform > Branding
  2. Set App name and User support email
  3. Go to Audience, select External
  4. Add the Google account you'll sign in with as a test user (this must be the exact @gmail.com address you use to authenticate, not a workspace alias)

3. Create OAuth credentials

  1. Go to Google Auth Platform > Clients > Create Client
  2. Application type: Desktop app
  3. Click Create
  4. Go to APIs & Services > Credentials, find your client, and click the download icon to get the JSON
  5. Save the file as ~/.mailbox-mcp/oauth-keys.json

4. Authenticate

In Claude Code, run: authenticate alias="personal" provider="gmail" email="[email protected]"

This opens a browser window to complete the OAuth flow. Your tokens are stored locally in ~/.mailbox-mcp/accounts/.

Add an IMAP Account

In Claude Code, run:

authenticate alias="work" provider="imap" email="[email protected]" host="imap.company.com" smtpHost="smtp.company.com" username="[email protected]" password="your-app-password"

Credentials are encrypted at rest using AES-256-GCM.

Add a JMAP Account

In Claude Code, run:

authenticate alias="fastmail" provider="jmap" email="[email protected]" host="fastmail.com" username="[email protected]" password="your-app-password"

JMAP auto-discovers the API endpoint via .well-known/jmap. Credentials are encrypted at rest using AES-256-GCM.

Supported JMAP servers: Fastmail, Stalwart, Topicbox, Cyrus IMAP, and any RFC 8620-compliant server.

JMAP advantages over IMAP:

  • Native thread support (real conversations, not synthetic)
  • Server-side search (faster, more accurate)
  • Batch operations in a single HTTP request
  • No persistent connection required

Tools

Universal (Gmail + IMAP + JMAP)

| Tool | Description | |------|-------------| | list_accounts | List configured accounts | | authenticate | Add a new account | | remove_account | Remove an account | | search_emails | Search messages | | read_email | Read a message | | read_thread | Read a conversation thread | | send_email | Send a new email (supports attachments) | | reply_email | Reply to a message (supports attachments) | | forward_email | Forward a message (supports attachments) | | create_draft | Create a draft (supports reply drafts via in_reply_to, attachments) | | trash_emails | Trash messages | | list_labels | List labels/folders | | create_label | Create a label/folder | | delete_label | Delete a label/folder | | modify_email | Modify message labels | | batch_modify_emails | Bulk modify labels | | download_attachment | Download an attachment | | inbox_summary | Inbox overview |

Gmail-Only

| Tool | Description | |------|-------------| | create_filter | Create a filter | | list_filters | List filters | | delete_filter | Delete a filter | | snooze_email | Snooze a message | | list_snoozed | List snoozed messages | | check_snoozed | Check snoozed status | | save_template | Save a template | | list_templates | List templates | | delete_template | Delete a template | | send_template | Send from template | | get_signature | Get signature | | set_signature | Update signature | | get_vacation | Get vacation settings | | set_vacation | Configure vacation reply (supports date ranges, domain-only) | | unsubscribe | Find unsubscribe link | | bulk_unsubscribe | Bulk unsubscribe | | search_contacts | Search contacts | | list_send_as | List send-as aliases |

Sending attachments

send_email, reply_email, forward_email, and create_draft accept an optional attachments parameter — an array of local file paths. The server reads each file, detects its MIME type from the extension, and embeds it in the outgoing message (or draft).

send_email account="personal" to=["[email protected]"] subject="The report" body="See attached." attachments=["/path/to/report.pdf", "/path/to/chart.png"]
  • Each file must be a regular file ≤ 25 MB; total per message is capped at 25 MB (Gmail's hard limit).
  • Paths are resolved through any symlinks, and filenames are stripped of CRLF before going into headers.
  • Gmail routes messages with attachments through the multipart upload endpoint (35 MB API limit) instead of the JSON endpoint, so the 25 MB message cap is the real ceiling.
  • JMAP uploads each file to the server's upload URL first, then references the resulting blobIds in the Email/set call.

License

MIT

Built at AgentVania.