npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-tollbooth

v0.4.1

Published

How much context are your MCP servers actually costing you? Token budget + duplicate-server detection for Claude Desktop, Claude Code, Cursor and VS Code.

Readme

MCP Tollbooth

npm version npm downloads CI License: MIT Telegram

How much context window are your MCP servers actually costing you — and are any of them doing the same job twice?

MCP Tollbooth scans your local Model Context Protocol configuration (Claude Desktop, Claude Code, Cursor, VS Code) and answers two questions nobody else is answering well:

  • Token budget — how many tokens each server silently costs you before your agent does anything useful, and what the total toll is across your whole setup
  • Overlap detection — do you have three different servers all fighting to do "GitHub stuff"? Pick one, save the budget.
  • A lightweight trust signal (repo activity, stars, license) as a secondary check, clearly labeled as a heuristic — not a security scanner

Why this, and not a security scanner

By mid-2026 the MCP ecosystem already has security tooling — secret-leak scanning, permission auditing, agent-friendliness diagnostics. That space is getting crowded, and doing it shallowly wouldn't add much.

What's still missing is the boring-but-real cost problem: every server you add eats context before your agent types a word. A handful of servers can burn 50,000+ tokens of budget, and most people have no idea which ones are the expensive ones — or that they've installed the same capability twice under two different names. Tollbooth answers exactly that, and nothing more than that, well.

Install & use

npx mcp-tollbooth

No install, no config. It scans the standard locations:

  • .mcp.json (Claude Code, project-scoped)
  • ~/.claude.json (Claude Code, user-scoped)
  • claude_desktop_config.json (Claude Desktop — macOS/Windows/Linux paths)
  • .cursor/mcp.json and ~/.cursor/mcp.json (Cursor)
  • .vscode/mcp.json (VS Code)

Or point it at a specific file:

npx mcp-tollbooth --config ./my-config.json

Raw JSON for scripting / CI:

npx mcp-tollbooth --json

CI: fail a build over budget

npx mcp-tollbooth --config .mcp.json --max-tokens 20000

Exits 1 if the total estimated toll goes over the number you set — nothing to parse, just a pass/fail gate. Or use the bundled GitHub Action directly:

- uses: Ereb-Blade/mcp-tollbooth@main
  with:
    config: .mcp.json
    max-tokens: 20000

--fix: clean up overlap and low-trust servers interactively

npx mcp-tollbooth --fix

Runs the same audit, then walks you through what's worth disabling:

  • Overlapping servers (same category, e.g. two vcs servers) — pre-selects the lower-trust one(s) to disable, keeps the best one.
  • Low-trust servers — anything scoring under 50 that wasn't already covered above.

You pick exactly what to disable with the arrow keys, see a plain-text diff of what's about to change, and nothing touches disk until you explicitly confirm. Every config file it edits gets a timestamped .bak-<epoch> backup saved right next to it first, and every other key in the file (settings, unrelated servers, formatting) is left untouched — only the selected servers are removed from the servers list.

Not compatible with --json (it's interactive by nature).

Example output

  MCP Tollbooth  — what your MCP servers are costing your context window

Scanned config files:
  • Claude Code (project .mcp.json) (/you/project/.mcp.json) — 5 server(s)

┌──────────────────┬────────────────────┬─────────────┬────────────┬───────────┬────────┐
│ Server           │ Category           │ Est. Tokens │ Trust*     │ Last Push │ Stars  │
├──────────────────┼────────────────────┼─────────────┼────────────┼───────────┼────────┤
│ playwright       │ browser-automation │ ~3,200      │ 95 Healthy │ 8d ago    │ 34,813 │
│ github           │ vcs                │ ~2,400      │ 60 Caution │ unknown   │ —      │
│ filesystem       │ filesystem         │ ~900        │ 95 Healthy │ 1d ago    │ 88,173 │
│ some-random-tool │ other              │ ~800*       │ 40 Risky   │ unknown   │ —      │
└──────────────────┴────────────────────┴─────────────┴────────────┴───────────┴────────┘

Overlap detected — you're paying twice for the same job:
  • vcs: github, some-other-git-tool — do you need all of these?

Total context toll: ~7,300 tokens  across 4 server(s)  ·  avg trust 72/100

How it works

Token estimates for well-known servers are based on their documented tool counts. For everything else, Tollbooth falls back to a conservative heuristic based on the server's transport type — flagged with *, and clearly an estimate, not a measurement. Live connection mode (actually counting tool schemas) is on the roadmap.

Overlap detection groups servers by inferred category (vcs, filesystem, browser-automation, etc.) and flags any category with more than one server.

Trust score (0-100) is a secondary, clearly-labeled heuristic: official npm scope, days since last commit, GitHub stars, archived status, license presence. It is not a security scan — it doesn't read source code, run the server, or detect malicious behavior. If you want real security scanning, that's a separate category of tool.

Limitations

  • Token estimates for unlisted servers are heuristics, not measurements.
  • GitHub/npm lookups depend on the package's repository field being accurate.
  • Unauthenticated GitHub API calls are rate-limited — set GITHUB_TOKEN if auditing a lot of servers at once.

Roadmap

  • [x] GitHub Action for CI-time token-budget regression checks on team MCP configs (--max-tokens, action.yml)
  • [ ] --precise live connection mode for exact token counts (connect and count real tool schemas)
  • [x] --fix mode to interactively disable low-value / redundant servers
  • [ ] Per-server historical token trend (did that update just double your bill?)

Development

npm install
npm run build
npm test        # builds first (pretest), then runs the vitest suite
npm run dev -- --config test-configs/demo.mcp.json   # run from source without building

The published CLI itself supports Node >=18. The test suite (vitest 4) requires Node >=20 — CI runs build + test on Node 20/22 accordingly (see .github/workflows/ci.yml).

Contributing

Issues and PRs welcome — especially the known-server token cost table in src/heuristics.ts and category keyword coverage.

License

MIT


Updates & discussion: Telegram — MCP-TollBoth

If Tollbooth saved you some context budget, a star helps other people find it.