
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
mcp-package-version
Advanced tools
An MCP server to provide LLMs the latest (stable) version of packages in package.json and requirements.txt files
NOTE: As of version 2.0.0, this MCP server will be rewritten in Go, once released please visit https://github.com/sammcj/mcp-package-version for information on the updated command for your MCP client
An MCP server that provides tools for checking latest stable package versions from multiple package registries:
This server helps LLMs ensure they're recommending up-to-date package versions when writing code.
To install Package Version for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install mcp-package-version --client claude
Configure MCP Settings
Add the following to your MCP settings file:
{
"mcpServers": {
"package-version": {
"command": "npx",
"args": ["-y", "mcp-package-version"]
}
}
}
If you are behind a corporate proxy which MITMs your traffic, you may need to additionally specify the proxy CA cert bundle:
{
"mcpServers": {
"package-version": {
"command": "npx",
"args": ["-y", "mcp-package-version"],
"env": {
"NODE_EXTRA_CA_CERTS": "/path/to/mitm/cert.pem"
}
}
}
}
~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json
~/Library/Application\ Support/Claude/claude_desktop_config.json
~/.config/gomcp/config.yaml
Check latest stable versions for npm packages from a package.json dependencies object.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_npm_versions",
arguments: {
dependencies: {
"express": "^4.17.1",
"react": "^17.0.2"
}
}
});
Check latest stable versions for Python packages from requirements.txt entries.
Check latest stable versions for Python packages from pyproject.toml.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_pyproject_versions",
arguments: {
dependencies: {
dependencies: {
"requests": "^2.28.0",
"pandas": ">=1.5.0"
},
"optional-dependencies": {
"test": {
"pytest": ">=7.0.0"
}
},
"dev-dependencies": {
"black": "^22.0.0"
}
}
}
});
use_mcp_tool({
server_name: "package-version",
tool_name: "check_python_versions",
arguments: {
requirements: [
"requests==2.26.0",
"pandas>=1.3.0"
]
}
});
Check latest stable versions for Go packages from go.mod.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_go_versions",
arguments: {
dependencies: {
module: "example.com/mymodule",
require: [
{
path: "github.com/gin-gonic/gin",
version: "v1.7.0"
}
],
replace: [
{
old: "github.com/old/pkg",
new: "github.com/new/pkg",
version: "v2.0.0"
}
]
}
}
});
But seriously, don't write Java in 2025.
Check latest stable versions for Java packages from pom.xml.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_maven_versions",
arguments: {
dependencies: [
{
groupId: "org.springframework.boot",
artifactId: "spring-boot-starter-web",
version: "2.7.0",
scope: "compile"
}
]
}
});
Check latest stable versions for Java packages from build.gradle.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_gradle_versions",
arguments: {
dependencies: [
{
configuration: "implementation",
group: "com.google.guava",
name: "guava",
version: "31.0-jre"
}
]
}
});
Bulk check latest stable versions for multiple packages from npm and PyPI.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_package_versions",
arguments: {
packages: [
{ name: "react", registry: "npm" },
{ name: "requests", registry: "pypi" },
{ name: "typescript", registry: "npm", currentVersion: "5.0.0" }
]
}
});
Search, list, and get information about Amazon Bedrock AI models.
// List all available Bedrock models
use_mcp_tool({
server_name: "package-version",
tool_name: "check_bedrock_models",
arguments: {
action: "list"
}
});
// Search for specific models
use_mcp_tool({
server_name: "package-version",
tool_name: "check_bedrock_models",
arguments: {
action: "search",
query: "claude",
provider: "anthropic"
}
});
// Get a specific model by ID
use_mcp_tool({
server_name: "package-version",
tool_name: "check_bedrock_models",
arguments: {
action: "get",
modelId: "anthropic.claude-3-sonnet-20240229-v1:0"
}
});
Get the latest Claude Sonnet model from Amazon Bedrock (best for coding tasks).
use_mcp_tool({
server_name: "package-version",
tool_name: "get_latest_bedrock_model",
arguments: {}
});
Check latest stable versions for Swift packages in Package.swift.
use_mcp_tool({
server_name: "package-version",
tool_name: "check_swift_versions",
arguments: {
dependencies: [
{
url: "https://github.com/apple/swift-argument-parser",
version: "1.0.0",
requirement: "from"
},
{
url: "https://github.com/apple/swift-log.git",
version: "1.4.0",
requirement: "upToNextMajor"
}
],
constraints: {
"https://github.com/apple/swift-argument-parser": {
majorVersion: 1
}
}
}
});
Check latest versions for GitHub Actions.
// Check latest versions for GitHub Actions
use_mcp_tool({
server_name: "package-version",
tool_name: "check_github_actions",
arguments: {
actions: [
{
owner: "actions",
repo: "checkout",
currentVersion: "v3"
},
{
owner: "actions",
repo: "setup-node",
currentVersion: "v3"
}
],
includeDetails: true // Optional: include published date and URL
}
});
Check available tags for Docker container images from Docker Hub, GitHub Container Registry, or custom registries.
// Check Docker Hub images
use_mcp_tool({
server_name: "package-version",
tool_name: "check_docker_tags",
arguments: {
image: "nginx",
limit: 5
}
});
// Check GitHub Container Registry images
use_mcp_tool({
server_name: "package-version",
tool_name: "check_docker_tags",
arguments: {
image: "ghcr.io/owner/repo",
registry: "ghcr"
}
});
// Check custom registry images
use_mcp_tool({
server_name: "package-version",
tool_name: "check_docker_tags",
arguments: {
image: "my-image",
registry: "custom",
customRegistry: "registry.example.com"
}
});
// Filter tags using regex patterns
use_mcp_tool({
server_name: "package-version",
tool_name: "check_docker_tags",
arguments: {
image: "node",
filterTags: ["^18", "^20"],
includeDigest: true
}
});
When writing code that includes package dependencies, LLMs should:
Choose the Right Tool for the Job
check_npm_versions
for package.jsoncheck_python_versions
for requirements.txtcheck_pyproject_versions
for pyproject.tomlcheck_maven_versions
for pom.xmlcheck_gradle_versions
for build.gradlecheck_go_versions
for go.modcheck_swift_versions
for Package.swiftcheck_package_versions
for quick bulk checks across npm and PyPIcheck_bedrock_models
to search, list, or get specific model informationget_latest_bedrock_model
to get the latest Claude Sonnet model (best for coding tasks)check_github_actions
to find the latest versions of GitHub Actionscheck_docker_tags
to find available tags for Docker images from Docker Hub, GitHub Container Registry, or custom registriesAlways Check Versions Before Writing
Package.json Best Practices
// Before writing package.json, check versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_package_versions",
arguments: {
packages: [
{ name: "express", registry: "npm" },
{ name: "react", registry: "npm" }
]
}
});
// Use the returned versions in package.json
{
"dependencies": {
"express": `^${versions.find(p => p.name === 'express').latestVersion}`,
"react": `^${versions.find(p => p.name === 'react').latestVersion}`
}
}
Requirements.txt Best Practices
// Before writing requirements.txt, check versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_package_versions",
arguments: {
packages: [
{ name: "requests", registry: "pypi" },
{ name: "pandas", registry: "pypi" }
]
}
});
// Use the returned versions in requirements.txt
requests=={requests.latestVersion}
pandas=={pandas.latestVersion}
Version Range Considerations
Error Handling
Here's how an LLM should approach creating new projects with different package managers:
// 1. Check npm package versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_npm_versions",
arguments: {
dependencies: {
"express": "^4.17.1",
"typescript": "~4.5.0"
}
}
});
// 2. Use the versions in package.json
write_to_file({
path: "package.json",
content: {
"name": "my-project",
"version": "1.0.0",
"dependencies": {
"express": `^${versions.find(p => p.name === 'express').latestVersion}`,
"typescript": `^${versions.find(p => p.name === 'typescript').latestVersion}`
}
}
});
// 1. Check Python package versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_pyproject_versions",
arguments: {
dependencies: {
dependencies: {
"requests": "^2.28.0",
"pandas": ">=1.5.0"
},
"dev-dependencies": {
"pytest": ">=7.0.0"
}
}
}
});
// 2. Use the versions in pyproject.toml
write_to_file({
path: "pyproject.toml",
content: `
[project]
name = "my-project"
version = "1.0.0"
dependencies = [
"requests>=${versions.find(p => p.name === 'requests').latestVersion}",
"pandas>=${versions.find(p => p.name === 'pandas').latestVersion}"
]
[project.optional-dependencies]
test = [
"pytest>=${versions.find(p => p.name === 'pytest (dev)').latestVersion}"
]
`
});
// 1. Check Go package versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_go_versions",
arguments: {
dependencies: {
module: "example.com/mymodule",
require: [
{
path: "github.com/gin-gonic/gin",
version: "v1.7.0"
}
]
}
}
});
// 2. Use the versions in go.mod
write_to_file({
path: "go.mod",
content: `
module example.com/mymodule
go 1.21
require (
github.com/gin-gonic/gin ${versions.find(p => p.name === 'github.com/gin-gonic/gin').latestVersion}
)
`
});
// 1. Check Maven package versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_maven_versions",
arguments: {
dependencies: [
{
groupId: "org.springframework.boot",
artifactId: "spring-boot-starter-web",
version: "2.7.0"
}
]
}
});
// 2. Use the versions in pom.xml
write_to_file({
path: "pom.xml",
content: `
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>my-project</artifactId>
<version>1.0.0</version>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${versions.find(p => p.name === 'org.springframework.boot:spring-boot-starter-web').latestVersion}</version>
</dependency>
</dependencies>
</project>
`
});
// 1. Check Swift package versions
const versions = await use_mcp_tool({
server_name: "package-version",
tool_name: "check_swift_versions",
arguments: {
dependencies: [
{
url: "https://github.com/apple/swift-argument-parser",
version: "1.0.0",
requirement: "from"
}
]
}
});
// 2. Use the versions in Package.swift
write_to_file({
path: "Package.swift",
content: `
// swift-tools-version:5.5
import PackageDescription
let package = Package(
name: "MyProject",
products: [
.library(name: "MyProject", targets: ["MyProject"]),
],
dependencies: [
.package(url: "https://github.com/apple/swift-argument-parser", from: "${versions.find(p => p.name === 'swift-argument-parser').latestVersion}"),
],
targets: [
.target(name: "MyProject", dependencies: [.product(name: "ArgumentParser", package: "swift-argument-parser")]),
.testTarget(name: "MyProjectTests", dependencies: ["MyProject"]),
]
)
`
});
This ensures that new projects always start with the latest stable versions of packages.
When writing code that includes package dependencies, you must:
1. Before writing any dependency files, check latest stable versions using the package-version MCP server:
// For Node.js (package.json):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_npm_versions",
arguments: {
dependencies: {
"package-name": "version"
}
}
});
// For Python (requirements.txt):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_python_versions",
arguments: {
requirements: [
"package-name==version"
]
}
});
// For Python (pyproject.toml):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_pyproject_versions",
arguments: {
dependencies: {
dependencies: {
"package-name": "version"
}
}
}
});
// For Java Maven (pom.xml):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_maven_versions",
arguments: {
dependencies: [
{
groupId: "group",
artifactId: "artifact",
version: "version"
}
]
}
});
// For Java Gradle (build.gradle):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_gradle_versions",
arguments: {
dependencies: [
{
configuration: "implementation",
group: "group",
name: "name",
version: "version"
}
]
}
});
// For Go (go.mod):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_go_versions",
arguments: {
dependencies: {
module: "module-name",
require: [
{
path: "package-path",
version: "version"
}
]
}
}
});
// For Swift (Package.swift):
use_mcp_tool({
server_name: "package-version",
tool_name: "check_swift_versions",
arguments: {
dependencies: [
{
url: "https://github.com/package/repo",
version: "version",
requirement: "from" // or "upToNextMajor" or "exact"
}
]
}
});
// For AWS Bedrock models:
use_mcp_tool({
server_name: "package-version",
tool_name: "check_bedrock_models",
arguments: {
action: "search",
query: "claude",
provider: "anthropic"
}
});
// For getting the latest Claude Sonnet model:
use_mcp_tool({
server_name: "package-version",
tool_name: "get_latest_bedrock_model",
arguments: {}
});
// For GitHub Actions:
use_mcp_tool({
server_name: "package-version",
tool_name: "check_github_actions",
arguments: {
actions: [
{
owner: "owner",
repo: "repo",
currentVersion: "version" // optional
}
],
includeDetails: false // optional, default is false
}
});
// For Docker container images:
use_mcp_tool({
server_name: "package-version",
tool_name: "check_docker_tags",
arguments: {
image: "image-name",
registry: "dockerhub", // or "ghcr" or "custom"
customRegistry: "registry.example.com", // required when registry is "custom"
limit: 10, // optional, default is 10
filterTags: ["regex-pattern"], // optional
includeDigest: false // optional, default is false
}
});
2. Use the returned latest versions in your dependency files:
- For applications: Use exact versions
- For libraries: Use compatible ranges
- npm: ^ for minor updates, ~ for patch updates
- Python: >= for compatible versions, == for exact versions
- Java: Use the version directly (Maven/Gradle handle ranges differently)
- Go: Use semantic version prefixes (e.g., v1.2.3)
- Swift: Use from, upToNextMajor, or exact version requirements
- Document any version-specific requirements in comments
3. If version checks fail:
- Document it in comments
- Use known stable versions as fallback
- Consider project requirements and compatibility
Example system prompt for users:
When writing code that includes dependencies, you must check latest stable versions using the package-version MCP server before writing any dependency files (package.json, requirements.txt, pyproject.toml, pom.xml, build.gradle, go.mod, Package.swift). Use exact versions for applications and appropriate version ranges for libraries based on the package manager's conventions. Document any version-specific requirements or failed checks in comments. For AI model information, use the AWS Bedrock tools to search, list, or get specific model details. For GitHub Actions, use the check_github_actions tool to find the latest versions. For Docker container images, use the check_docker_tags tool to find available tags from Docker Hub, GitHub Container Registry, or custom registries.
Clone and Install Dependencies
git clone https://github.com/sammcj/mcp-package-version.git
cd mcp-package-version
npm i
Build the Server
npm run build
Development Workflow
npm run watch
for development to automatically rebuild on changesnpm run build
for production buildsRelease Process
# 1. Make your changes
vim src/your-file.ts
# 2. Commit your changes
git add .
git commit -m "feat: your new feature"
# 3. Run bump command (this will):
# - Update version in package.json
# - Update CHANGELOG.md
# - Commit changes
# - Push to GitHub
npm run bump
# GitHub Actions will then:
# - Create a git tag
# - Create a GitHub release
# - Publish to npm (when triggered manually)
Manual npm Publishing
# To trigger a manual npm publish
gh workflow run publish.yml
No environment variables are required as this server uses public registries and documentation sites:
FAQs
An MCP server to provide LLMs the latest (stable) version of packages in package.json and requirements.txt files
The npm package mcp-package-version receives a total of 642 weekly downloads. As such, mcp-package-version popularity was classified as not popular.
We found that mcp-package-version demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.