npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

raven-verify-mcp

v0.1.2

Published

Local developer-preview MCP tool (raven_verify_token): run Raven's deterministic Solana token-launch verifier on your machine — authorities, Token-2022, metadata, optional Raydium CPMM liquidity check. Results are replayable but UNSIGNED locally; official

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

raven_verifyraven_verify

Keywords

solanamcpmodel-context-protocoltokenrugrugcheckverificationraydiumdefisecurityagent

Readme

raven-verify-mcp — local developer preview

Run Raven's deterministic Solana token-launch verifier locally as an MCP tool, raven_verify_token. It reads a token's on-chain launch state and returns an evidence-backed, replayable verdict, with an honest unknowable instead of a guess when the evidence isn't there.

⚠️ Local results are NOT official Raven-signed attestations

This package runs Raven's engine on your machine. It does not hold Raven's private signing key (it never should), so:

  • Local mode = deterministic + self-verifiable for replay, but UNSIGNED by Raven. signature / attestationPublicKey are null. You can re-run and reproduce the result, but it is your run of Raven's code — not a Raven-issued attestation.
  • Official Raven attestation = hosted only. A signature that proves "Raven asserted this" is produced solely by the hosted Raven service, which holds the key and publishes the public key. A signature only counts as official if it verifies against Raven's published public key.

Use this package to test Raven, build against it, and integrate the tool. For a result an agent can trust as Raven's word, call the hosted Raven verifier (MCP/API) — see "Official mode" below.

Use it (no clone, no build)

Add to your MCP client. Claude Desktop (Settings → Developer → Edit Config), or the same block in Cursor's .cursor/mcp.json:

{
  "mcpServers": {
    "raven-verify": {
      "command": "npx",
      "args": ["-y", "raven-verify-mcp"],
      "env": { "RAVEN_SOLANA_RPC_URL": "https://your-solana-rpc-endpoint" }
    }
  }
}

Restart the client; raven_verify_token appears as a callable tool. You supply the Solana RPC endpoint (any mainnet RPC); the server never takes it from a caller. Without it, every call returns unknowable rather than failing.

The tool

Input

| field | required | notes | |---|---|---| | mintAddress | yes | base58 | | tokenProgramAddress | yes | base58 (SPL Token or Token-2022) | | metadataAddress | no | base58 | | poolAddress | no | base58 Raydium CPMM pool — adds an LP-lock (liquidity) check | | commitment | no | finalized (default) | confirmed | processed |

Output (local mode)verdict (pass | pass_with_info_finding | warning | risk | unknowable), reason, findingCodes[], coverageGaps[], attestationHash, replayable, engineVersion. The signature / attestationPublicKey fields are null in local mode.

{
  "verdict": "pass_with_info_finding",
  "reason": "mutable_but_known_infrastructure_dependency",
  "findingCodes": ["venue.infrastructure_tier_mutable_but_known"],
  "coverageGaps": ["liquidity", "top_holders", "deployer_outcomes"],
  "attestationHash": "sha256:...",
  "signature": null,
  "attestationPublicKey": null,
  "replayable": true
}

isError is set only for malformed input — an unknowable verdict is a valid, honest result.

Official mode (hosted Raven) — signed, trustable by agents

The hosted Raven verifier is live (invite-only alpha). It runs the same engine, holds the signing key — which the local package above structurally cannot — and returns a signed, replayable attestation over HTTPS:

  • POST https://raven-hosted-verifier.onrender.com/verifyx-api-key gated. Body: { "mintAddress", "tokenProgramAddress", optional "poolAddress" }. Returns the verdict plus officialAttestationHash, signature (ed25519), keyId, issuedAt, and attestationPublicKey.
  • GET https://raven-hosted-verifier.onrender.com/pubkey — the published key registry.
  • GET https://raven-hosted-verifier.onrender.com/healthz — liveness.

The agent hands Raven no keys and no funds, and may not supply an RPC — it submits a mint + token program and receives a result it can verify against Raven's published key.

Official signing key

Verify any official signature against this key (live source of truth: /pubkey):

| field | value | | --- | --- | | keyId | rvk_c2997e90215279c2 | | publicKey (SPKI DER, base64) | MCowBQYDK2VwAyEASGJt4Ilx2Z6g0BVC1VQIfaUcV0nr8WB1J45/8vfje6w= | | alg | ed25519 | | domain / version | raven-official-attestation / v2 |

To verify: reconstruct the canonical-JSON envelope {domain, version, officialAttestationHash, keyId, issuedAt} and check the ed25519 signature against the public key above. A matching signature proves the verdict was issued by Raven's hosted verifier and not altered.

Why the engine result is trustworthy regardless

  • Deterministic + replayable from on-chain evidence — no model, no scoring.
  • Honest — absence of evidence is never reported as safety (unknowable, explicit coverageGaps).

Security posture

Frozen input schema, no mutable server state, no caller-supplied RPC. The only network call is the documented Solana RPC. This package contains no signing key and cannot mint a Raven signature.

ISC. Source: https://github.com/billybotticelli4u-collab/-launchguard