Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@postman/postman-mcp-cli
Advanced tools
@postman/postman-mcp-cli
A CLI tool to download a ZIP by ID, unzip, and run node mcpServer.js
Postman MCP Runner
A CLI tool to download, extract, and run MCP (Model Context Protocol) servers from S3. This tool simplifies the process of running MCP servers by handling the download, extraction, and execution in a single command.
Features
- 🔄 Downloads MCP server ZIP files from S3 by ID
- 📦 Extracts server files and dependencies
- 🚀 Runs MCP servers with proper stdin/stdout communication
- 📚 Handles node_modules dependencies
- 🔧 Supports bidirectional communication for MCP protocol
Installation
Prerequisites
- Node.js (v18.19.1 or later recommended)
- npm or yarn
Usage
Basic Usage
# Run an MCP server by ID
node bin/cli.js <server-id>
# Example
node bin/cli.js my-mcp-server-123
If installed globally
# If you ran npm link, you can use the command directly
@postman/postman-mcp-cli <server-id>
How it Works
- Download: Fetches the MCP server ZIP file from S3 using the provided ID
- Extract: Unzips the server files to a temporary directory
- Dependencies: Runs
npm install - Execute: Runs
node mcpServer.jswith proper stdin/stdout piping for MCP protocol communication
FAQs
A CLI tool to download a ZIP by ID, unzip, and run node mcpServer.js
The npm package @postman/postman-mcp-cli receives a total of 20 weekly downloads. As such, @postman/postman-mcp-cli popularity was classified as not popular.
We found that @postman/postman-mcp-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 415 open source maintainers collaborating on the project.
Package last updated on 06 Aug 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025