
Security News
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
@nooqta/gitlab-mcp-server
Advanced tools
An MCP server providing tools to interact with the GitLab API.
A Model Context Protocol (MCP) server that provides tools for interacting with the GitLab API.
This server allows AI assistants (like Claude via the MCP integration) to perform various actions on GitLab, such as searching repositories, managing issues, creating branches, and more, directly through natural language commands.
This server exposes the following tools for use by MCP clients:
search_repositories
: Search for GitLab projects by name.get_project_from_git_url
: Get GitLab project details from a git remote URL.list_issues
: List issues for a specific GitLab project (filterable by state, labels, assignee, scope).get_my_issues
: List issues assigned to or created by the authenticated user across all projects (filterable by state, scope).get_issue
: Get details of a specific issue within a project by its IID.create_issue_note
: Add a comment (note) to a specific issue.update_issue
: Update attributes of an issue (e.g., description, labels, state).create_branch
: Create a new branch in a project from a specified ref.create_issue
: Create a new issue in a project.create_merge_request
: Create a new merge request.list_issue_notes
: List comments (notes) for a specific issue.create_merge_request_note
: Add a comment (note) to a specific merge request.search_user
: Search for GitLab users by email or username.create_repository
: Create a new GitLab project (repository) under a user or group namespace.(Refer to the server's ListTools
response or the source code (src/index.ts
) for detailed input schemas for each tool.)
api
and read_api
scopes.Clone the repository:
git clone https://github.com/nooqta/noqta-gitlab-server.git # Replace with actual URL after creation
cd noqta-gitlab-server
Install dependencies:
npm install
Configure Environment Variables:
cp .env.example .env
.env
file:
api
and read_api
scopes..env
for the GITLAB_PERSONAL_ACCESS_TOKEN
variable.GITLAB_API_URL
to point to your instance's API endpoint (e.g., https://gitlab.yourcompany.com/api/v4
). Otherwise, leave it as the default for gitlab.com.Build the server:
npm run build
This compiles the TypeScript code to JavaScript in the build/
directory.
If you have cloned the repository and built the project (npm run build
), you can run the server directly:
node build/index.js
Once the package is published to npm (as @nooqta/gitlab-mcp-server
), you can run it directly using npx
without cloning or installing manually. npx
will download and execute the package.
npx @nooqta/gitlab-mcp-server
Note: When running via npx
, the server still requires the environment variables (GITLAB_PERSONAL_ACCESS_TOKEN
and optionally GITLAB_API_URL
) to be set in the environment where you execute the npx
command, or available via a .env
file in the directory where you run npx
.
The server communicates over standard input/output (stdio). For persistent use, consider running it with a process manager like pm2
or systemd
.
To use this server with an MCP client like Claude Desktop, add its configuration to the client's settings file.
Configuration File Locations:
~/Library/Application Support/Claude/claude_desktop_config.json
%APPDATA%/Claude/claude_desktop_config.json
~/.config/Claude/claude_desktop_config.json
Example claude_desktop_config.json
entry (using npx):
{
"mcpServers": {
"@nooqta/gitlab-mcp-server": {
"command": "npx",
"args": ["@nooqta/gitlab-mcp-server"],
"env": {
"GITLAB_PERSONAL_ACCESS_TOKEN": "...",
"GITLAB_API_URL": "..."
}
}
}
// Potentially other configurations...
}
Example claude_desktop_config.json
entry (using local build):
{
"mcpServers": {
"@nooqta/gitlab-mcp-server": {
// Use the package name for consistency, even if running locally
"command": "/full/path/to/your/custom-gitlab-server/build/index.js"
// Note: The server reads secrets from the .env file in its own project directory.
// Ensure the .env file is correctly configured in the cloned repository.
// DO NOT add secrets directly to this configuration file using an "env" block.
}
}
// Potentially other configurations...
}
Important Security Note: This server uses dotenv
to load GITLAB_PERSONAL_ACCESS_TOKEN
and GITLAB_API_URL
from a .env
file. Never put your actual token or sensitive URLs directly into the MCP client configuration file (like claude_desktop_config.json
) using the env
property. Always use a .env
file (located either in the server's project directory for local runs, or in the directory where npx
is executed) or provide the variables through the operating system's environment.
npm run build
(Compiles TypeScript and sets executable permissions)npm run watch
(Automatically recompiles on file changes)Since MCP servers communicate over stdio, direct debugging can be tricky. Use the MCP Inspector for easier debugging:
npm run inspector
This command starts the server with the inspector attached. Open the URL provided in the console output in your browser to view MCP messages and server logs.
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please see the CONTRIBUTING.md file for guidelines.
FAQs
An MCP server providing tools to interact with the GitLab API.
We found that @nooqta/gitlab-mcp-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Security News
A critical flaw in the popular npm form-data package could allow HTTP parameter pollution, affecting millions of projects until patched versions are adopted.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.