npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

waw-mcp

v0.1.0

Published

WAW — World Agentic Web MCP server: give an AI agent a real email identity, read its OTP/verification codes, sign up autonomously with a browser, and discover/publish MCP servers. Runs anywhere over stdio.

Readme

waw-mcp — World Agentic Web MCP server

The MCP server of WAW. It gives an AI agent, over a single stdio MCP connection:

  • a real, valid email address as its identity (mailbox_provision),
  • the ability to read OTP / verification codes sent to it (otp_get),
  • autonomous signup to a website with a real browser (signup_run),
  • and discovery / publishing of MCP servers by intent in the shared WAW registry (registry_search / registry_register).

This package is the standalone, runs-anywhere distribution: one bundled file, started by node over stdio, configured only by environment variables (no secret ever lives in the repo). The full source, the HTTP/SMTP gateway that receives email, and the Docker demo live in the main repo: https://github.com/Revens2/waw.


Install

npm install -g waw-mcp        # global `waw-mcp` command
# or run without installing:
npx waw-mcp

better-sqlite3 (native) is installed automatically. For signup_run you also need a browser once: npx playwright install chromium.

Configure (environment variables — never commit secrets)

| Variable | Required | Purpose | |---|---|---| | VAULT_PASSPHRASE (or VAULT_MASTER_KEY) | yes | Master secret for the encrypted vault. | | MAIL_DOMAIN | recommended | Domain the agent provisions addresses on (e.g. agents.acme.com). | | DB_PATH | no | SQLite path. Default ~/.waw/gateway.db. Point it at the WAW gateway's DB to receive real email. | | WEBHOOK_SIGNING_SECRET | no | Only if pairing with the WAW gateway for inbound email. |

Use from an MCP client (Claude Code, etc.)

Add to your MCP config (e.g. .mcp.json or claude mcp add). Secrets go in the env block, which lives in your local client config — not in any repo:

{
  "mcpServers": {
    "waw": {
      "command": "waw-mcp",
      "env": {
        "VAULT_PASSPHRASE": "your-long-random-passphrase",
        "MAIL_DOMAIN": "agents.example.com"
      }
    }
  }
}
# CLI equivalent
claude mcp add waw --env VAULT_PASSPHRASE=… --env MAIL_DOMAIN=agents.example.com -- waw-mcp

Tools

| Tool | Purpose | |---|---| | mailbox_provision / mailbox_list | Get (or list) a real @MAIL_DOMAIN address. | | mailbox_link_owner | Link the human operator's real email to a mailbox. | | otp_get / emails_list | Read the latest OTP / recent emails for a mailbox. | | signup_run | Resumable, idempotent autonomous signup (Playwright + vault + OTP). | | registry_search / registry_register / registry_list / registry_get | Discover or publish MCP servers by intent. |

First connection — link a human owner

On a fresh connection the agent calls mailbox_list; if it is empty, it asks the human operator for their real email and provisions its primary identity with ownerEmail set to it. The agent address is then derived from the owner's, and the ownership is recorded — every autonomous identity traces back to a real human (accountability + recovery):

owner [email protected]  →  agent you.agent@MAIL_DOMAIN

The owner email is supplied at runtime by the human; it is never stored in this repo.


Receiving real email

This server reads OTPs from the WAW database. To make real messages land there, pair it with the WAW gateway (main repo) sharing the same DB_PATH: the gateway exposes a signed inbound webhook (Mailgun / Postmark / generic) and an optional self-hosted SMTP server. See https://github.com/Revens2/waw for the gateway, the security model, and a Dockerized end-to-end demo.

Security

Secrets come only from environment variables; .env is git-ignored and .env.example carries placeholders. Vault data is AES-256-GCM encrypted at rest, OTP codes are never returned over the wire, and logs redact sensitive fields. Full threat model in the main repo's SECURITY.md.

License

MIT