Enables npm registry operations from MCP clients like Claude Code and Cursor, with 64 tools for package intelligence, security audits, dependency analysis, org/team management, and write operations like deprecate and unpublish.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
esbuild allows arbitrary file read when running the development server on Windows
process.env. You'll be asked to provide them before it can run.GITHUB_OUTPUTNPM_REGISTRYNPM_REQUEST_TIMEOUT_MSNPM_RETRY_BACKOFF_MSNPM_TOKEN— No API key required for reads — search, packages, downloads, security, dep tree, licenses all work anonymously. Auth is opt-in via .[](https://m8ven.ai/mcp/yawlabs-npmjs-mcp-1tw2t6)