10 tools from the Npm MCP Server, categorised by risk level.
View the Npm policy →audit Runs npm/pnpm/yarn audit and returns structured vulnerability data. Auto-detects package manager via lock files (pnpm-lock.yaml → pnpm, yarn.lock →... info Shows detailed package metadata from the npm registry. Works with npm, pnpm, and yarn (all query the same registry). 2/5 init Initializes a new package.json in the target directory. Works with npm, pnpm, and yarn. Returns structured output with the package name, version, a... 2/5 list Lists installed packages as structured dependency data. Auto-detects package manager via lock files (pnpm-lock.yaml → pnpm, yarn.lock → yarn, other... 2/5 nvm Manages Node.js versions via nvm. Supports listing installed versions, showing the current version, listing remote versions, and executing commands... 2/5 search Searches the npm registry for packages matching a query. Note: pnpm and yarn do not have a search command, so this always uses npm. 2/5 test Runs `npm test`, `pnpm test`, or `yarn test` and returns structured output with exit code, stdout, stderr, and duration. Auto-detects package manag... 2/5 install Runs npm/pnpm/yarn install and returns a structured summary of added/removed packages and vulnerabilities. Auto-detects package manager via lock fi... 3/5 outdated Checks for outdated packages and returns structured update information. Auto-detects package manager via lock files (pnpm-lock.yaml → pnpm, yarn.lo... 3/5 The Npm MCP server exposes 10 tools across 3 categories: Read, Write, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Npm server.
Npm tools are categorised as Read (7), Write (2), Execute (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept