npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

quantumguard-mcp

v0.1.1

Published

QuantumGuard MCP Server - Post-quantum cryptography security tools for AI coding agents. Scan for quantum vulnerabilities, get migration templates, check NIST compliance.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kotakatokotakato

Keywords

mcpmcp-servermodel-context-protocolpost-quantumpost-quantum-cryptographypqcquantum-safequantum-resistantquantum-computingcryptographysecurityvulnerability-scannerdilithiumml-dsasphincsslh-dsaml-kemkybernistfips-203fips-204fips-205cnsablockchainethereumsolidityauditcomplianceclaude-codecursorvscodeai-codingai-agent

Readme

QuantumGuard MCP

npm version license downloads

Post-quantum cryptography security tools for AI coding agents. Scan your codebase for quantum vulnerabilities, check NIST compliance, and get migration guidance -- all from within Claude Code, Cursor, or VS Code.

Why QuantumGuard?

NIST finalized its post-quantum cryptography standards in 2024 (FIPS 203, 204, 205). The NSA's CNSA 2.0 mandates quantum-safe algorithms by 2030-2035. The EU requires migration inventories by 2027.

Meanwhile, most codebases are full of ECDSA signatures, RSA key exchanges, and SHA-1 hashes that quantum computers will break. Between $381B and $650B in crypto assets sit in quantum-vulnerable addresses today.

The problem: developers have no fast way to find and fix these vulnerabilities during their normal workflow.

QuantumGuard MCP solves this by embedding 9 PQC security tools directly into your AI coding agent via the Model Context Protocol (MCP). No context switching. No separate audit tools. Just ask your AI assistant to scan.

Quick Start (30 seconds)

Option 1: npx (zero install)

npx quantumguard-mcp

Option 2: Add to your project

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "quantumguard": {
      "command": "npx",
      "args": ["-y", "quantumguard-mcp"]
    }
  }
}

Option 3: Global install

npm install -g quantumguard-mcp

Then add to your MCP config:

{
  "mcpServers": {
    "quantumguard": {
      "command": "quantumguard-mcp"
    }
  }
}

Works with Claude Code, Cursor, and VS Code (any MCP-compatible client).

9 Tools

| Tool | What it does | |------|-------------| | pqc_scan_file | Scan a single file for quantum-vulnerable patterns (ECDSA, RSA, DH, Ed25519, etc.) | | pqc_scan_directory | Recursively scan an entire project across 14+ file types | | pqc_compliance_check | Audit a project against NIST FIPS 202/203/204/205 and CNSA 2.0 | | pqc_nist_standards_reference | Quick reference for all NIST PQC standard parameters | | pqc_migration_guide | Code templates for ECDSA-to-Dilithium, RSA-to-ML-KEM, SHA-256-to-SHA3 in Rust, TypeScript, and Solidity | | pqc_recommend_algorithm | Algorithm recommendations based on use case (blockchain, API auth, IoT, government, finance) | | pqc_algorithm_comparison | Side-by-side comparison of algorithms (performance, key size, security level) | | pqc_key_size_comparison | Compare key and signature sizes to plan storage/bandwidth impact | | pqc_analyze_signature | Identify the algorithm from a hex-encoded signature or public key |

Usage Examples

Once QuantumGuard MCP is configured, just ask your AI agent in natural language:

Scan for vulnerabilities

"Scan this project for quantum vulnerabilities"

## QuantumGuard PQC Vulnerability Report

**Total findings: 12**
- CRITICAL: 5
- HIGH: 4
- MEDIUM: 3

### PQC-002 [CRITICAL]
- **File**: `src/auth/wallet.ts:42:15`
- **Match**: `ECDSA`
- **Issue**: Elliptic curve signature/key exchange (vulnerable to Shor's algorithm)
- **Fix**: Replace with ML-DSA-65 (Dilithium) for signatures. Use FIPS 204 compliant library
- **CWE**: CWE-327

### PQC-030 [CRITICAL]
- **File**: `contracts/Vault.sol:89:5`
- **Match**: `ecrecover`
- **Issue**: EVM ECDSA recovery/signing - quantum vulnerable wallet operations
- **Fix**: Implement hybrid signing: ECDSA (EVM compat) + ML-DSA-65 (quantum safety)
- **CWE**: CWE-327

Check compliance

"Check if this project is NIST PQC compliant"

Reports pass/fail status for each FIPS standard (202, 203, 204, 205), CNSA 2.0 timeline requirements, and EU quantum-safe regulatory deadlines.

Get migration code

"Show me how to migrate from ECDSA to Dilithium in Rust"

Returns working code templates with before/after examples for your target language (Rust, TypeScript, or Solidity).

Get algorithm recommendations

"What algorithm should I use for a blockchain wallet?"

Returns context-aware recommendations considering your environment (server, browser, mobile, embedded, smart contract) and priority (security, performance, size, balanced).

What's Quantum-Vulnerable vs Quantum-Safe

| Category | Quantum-Vulnerable | Quantum-Safe Replacement | Standard | |----------|-------------------|-------------------------|----------| | Digital Signatures | ECDSA, Ed25519, DSA | ML-DSA-65 (Dilithium) | FIPS 204 | | Key Exchange | ECDH, DH, RSA | ML-KEM-768 (Kyber) | FIPS 203 | | Hash-Based Signatures | -- | SLH-DSA (SPHINCS+) | FIPS 205 | | Hashing | SHA-1, MD5 | SHA3-256 | FIPS 202 | | Symmetric Encryption | AES-128 | AES-256 | -- | | Blockchain Signing | ecrecover, eth_sign | Hybrid: ECDSA + ML-DSA-65 | FIPS 204 |

Vulnerability Patterns Detected

CRITICAL (broken by Shor's algorithm):

  • ECDSA, Ed25519, EdDSA, RSA, DH, DSA
  • secp256k1, secp256r1, P-256, P-384, curve25519
  • ecrecover, eth_sign, personal_sign, signTypedData

HIGH (weakened by Grover's algorithm):

  • AES-128, SHA-1, MD5
  • ethers.Wallet signing, web3.eth.accounts.sign

MEDIUM (suboptimal for quantum resistance):

  • SHA-256 (reduced from 256-bit to ~128-bit quantum security)
  • keccak256 (pre-FIPS, use SHA3-256 instead)

Supported Languages

Scans files in: TypeScript, JavaScript, Rust, Solidity, Python, Go, Java, C#, Ruby, PHP, YAML, JSON, TOML.

Migration templates available for: Rust, TypeScript, Solidity.

Standards Coverage

| Standard | Description | |----------|-------------| | FIPS 202 | SHA-3 (Secure Hash Algorithm 3) | | FIPS 203 | ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) | | FIPS 204 | ML-DSA (Module-Lattice-Based Digital Signature Algorithm / Dilithium) | | FIPS 205 | SLH-DSA (Stateless Hash-Based Digital Signature Algorithm / SPHINCS+) | | CNSA 2.0 | NSA Commercial National Security Algorithm Suite 2.0 | | NIST SP 800-227 | Post-Quantum Cryptography Migration Recommendations |

Part of Quantum Shield

QuantumGuard MCP is the developer tool component of Quantum Shield, a post-quantum asset custody protocol using dual NIST signatures (Dilithium + SPHINCS+), a Prover Pool, VRF, and time-locked security.

Contributing

Contributions are welcome. Areas where help is needed:

  • New vulnerability patterns -- especially for languages not yet covered
  • Migration templates -- for additional languages (Go, Python, Java)
  • CI/CD integration -- GitHub Actions, GitLab CI templates
  • Testing -- expanding test coverage for edge cases
git clone https://github.com/kota1026/quantum-shield.git
cd quantum-shield/src/services/quantumguard-mcp
npm install
npm run dev

License

MIT