npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-scan

v2.0.1

Published

Open-source security scanner for Model Context Protocol (MCP) servers. Audits Claude Desktop, VS Code, Cursor, Windsurf, and 16+ AI tools for secrets, prompt injection, supply-chain risks, and 17+ security checks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rodolfboctorrodolfboctor

Keywords

mcpsecurityscannerauditmodel-context-protocolmcp-scanmcp-securitymcp-serverclaude-desktopcursorvscodewindsurfai-securityllm-securityprompt-injectionsupply-chain-securitysecret-detectiontyposquattingdata-flow-analysissarifgithub-actionclidevtoolssecurity-auditvulnerability-scanner

Readme

mcp-scan

CI npm version npm downloads License: MIT GitHub Stars

Open-source security scanner for Model Context Protocol (MCP) servers.

MCP servers run with full access to your filesystem, API keys, and network. mcp-scan audits every MCP server configuration on your system — detecting leaked secrets, prompt injection risks, supply-chain vulnerabilities, and data flow issues before they become incidents.

npx mcp-scan@latest

No installation. No sign-up. No telemetry. Zero network requests during scanning.

Why mcp-scan?

MCP servers are the new attack surface for AI-powered development. They run silently alongside your AI tools with shell access, filesystem permissions, and network egress. A single malicious or misconfigured server can exfiltrate API keys, inject instructions into your AI sessions, or become a supply-chain entry point.

mcp-scan was built after analyzing hundreds of publicly available MCP server configs and finding patterns that existing security tools miss: credential relay, prompt injection via tool descriptions, typosquatting near popular packages, and data sent to unexpected endpoints.

Featured in Stytch Engineering Blog: "npm-audit for MCP security: A deep-dive on mcp-scan"

What It Detects

| Check | Severity | Description | |-------|----------|-------------| | Data Exfiltration | CRITICAL | Tool reads filesystem and sends data to a network endpoint | | Credential Relay | CRITICAL | Environment variables or secrets passed to external APIs | | Known Malicious Package | CRITICAL | Config references packages on the known-bad list | | Exposed Secret | CRITICAL | Hardcoded API keys, tokens, or passwords in config | | Prompt Injection | HIGH | Instructions embedded in tool names or descriptions | | Typosquatting | HIGH | Package name closely resembles a trusted popular package | | Supply Chain Risk | HIGH | Low-trust package with no history, stars, or maintainers | | Outdated Package with CVEs | MEDIUM | Package has known vulnerabilities in the installed version | | Overly Broad Permissions | MEDIUM | Server requests filesystem or shell access it does not need | | Unverified Source | LOW | Package not from a verified registry or organization | | Missing Transport Security | LOW | MCP server communicates over unencrypted transport |

Supported AI Tools

mcp-scan automatically detects configurations for 16+ AI tool clients:

| Category | Tools | |----------|-------| | AI Assistants | Claude Desktop, Claude Code, Gemini CLI, Codex CLI | | Editors | VS Code, Cursor, Windsurf, Zed | | AI Coding Tools | Cline, Roo Code, Continue, Amp, Plandex | | Other | ChatGPT Desktop, GitHub Copilot |

v2.0 Features

  • Data Flow Analysis — Trace where your data goes after MCP processes it
  • Network Egress Monitor — See every endpoint your servers contact
  • Privacy Assessment — One-command PII and compliance report
  • Policy Engine — Custom security rules in .mcp-scan-policy.yml
  • Compliance Mapping — SOC 2, GDPR, HIPAA, PCI-DSS, NIST 800-53
  • SBOM Generation — CycloneDX and SPDX output
  • GitHub Action — Scan on every PR with SARIF upload to GitHub Security tab
  • 17+ Scanners — Secrets, supply chain, prompt injection, data flow, and more

All Commands

# Full security scan (auto-detects all AI tool configs)
npx mcp-scan@latest

# Output as JSON for CI/CD pipelines
npx mcp-scan@latest --json

# Privacy impact assessment and data map
npx mcp-scan@latest privacy

# Compliance report (SOC 2, GDPR, HIPAA, PCI-DSS, NIST 800-53)
npx mcp-scan@latest compliance

# Software Bill of Materials (CycloneDX or SPDX)
npx mcp-scan@latest sbom

# Validate custom security policies
npx mcp-scan@latest policy

# CI mode — exit 1 if findings above threshold
npx mcp-scan@latest --ci --severity-threshold HIGH

GitHub Actions Integration

Add mcp-scan to your CI pipeline. Results appear in the GitHub Security tab via SARIF 2.1.0:

steps:
  - uses: actions/checkout@v4

  - name: Scan MCP configurations
    uses: rodolfboctor/mcp-scan@v2
    with:
      severity-threshold: MEDIUM
      sarif-upload: true

Custom Security Policies

Define your own rules in .mcp-scan-policy.yml:

rules:
  - name: no-external-endpoints
    description: Block servers contacting endpoints outside your org domain
    match:
      network_egress:
        not_in_domain: "*.mycompany.com"
    severity: HIGH

  - name: require-approved-packages
    description: Only allow packages from your approved list
    match:
      package:
        not_in_allowlist: true
    severity: CRITICAL

Compliance Mapping

| Framework | Controls Covered | |-----------|-----------------| | SOC 2 | CC6.1, CC6.6, CC6.7, CC7.1 | | GDPR | Art. 25, Art. 32, Art. 33 | | HIPAA | 164.312(a)(1), 164.312(e)(1) | | PCI-DSS | Req. 6, Req. 10, Req. 11 | | NIST 800-53 | CA-7, RA-5, SA-11, SI-2 |

Privacy & Security Architecture

mcp-scan runs entirely locally. It reads config files from disk, performs all analysis in-process, and never sends data anywhere.

  • Zero network requests during scanning
  • No API keys required
  • No data leaves your machine
  • No account or sign-up needed
  • Fully open source — audit the code yourself

Roadmap

  • v2.1 — Runtime Monitoring
  • v2.2 — Sandboxed Execution
  • v2.3 — Real-Time Alerting

Installation

Use without installing (always latest version):

npx mcp-scan@latest

Install globally:

npm install -g mcp-scan
mcp-scan

Contributing

Issues and PRs welcome. See CONTRIBUTING.md for guidelines.

For security disclosures: see SECURITY.md.

License

MIT — built by Abanoub Rodolf Boctor · ThynkQ