scan_dependency
ActiveTool of mcp-semanticscholar
Composite "should I add this npm package to my project" check in ONE call — fans out across deps.dev (license + advisories + version history) and bundlephobia (gzipped/minified bundle size, dependency count, ESM/tree-shake support). Use whenever an agent asks "is X safe / popular / small" or "what does adding lodash cost me". Returns a summary block (is_latest, license, published_at, advisory_count, bundle_kb_min, bundle_kb_gz, dependency_count, has_esm, tree_shakeable), per-advisory detail, links, and a list of recent alternative versions. NPM ecosystem only in v1; PyPI / Maven / Cargo / Go fall under deps.dev:version directly. Partial failures degrade gracefully — bundlephobia's first measurement on a new version can take 5-30s; sources_failed will list it if it times out, the rest still returns.
Parameters schema
{
"type": "object",
"required": [
"package"
],
"properties": {
"package": {
"type": "string",
"description": "npm package name. Scoped packages (e.g. \"@types/node\") are accepted."
},
"version": {
"type": "string",
"description": "Specific version to check (e.g., \"18.3.1\"). Defaults to the latest published version when omitted."
}
}
}Parent server
mcp-semanticscholar
https://github.com/pipeworx-io/mcp-semanticscholar
2/7 registries