check_package

The fast package sanity check before you install or recommend a dependency.

DESCRIPTION

Use this before adding a dependency, before running npm install in an unfamiliar repo, or when you want to know if a package is real before you put it in front of an agent. It is the quickest defense against typosquatting and stale version assumptions.

WHEN TO USE

GOOD FIT

Before adding a new npm package.
Before running npm install in an unfamiliar codebase.
When you want installed versus latest version context quickly.
When you need to verify a package is real before recommending it.

AVOID IT WHEN

You need CVE detail or migration guidance; use audit_package.
You need repo structure or code flow information.
You already have a confirmed upgrade plan and only need implementation work.

PARAMETERS

Name	Type	Required	Description
package	string	Yes	The npm package name, for example express or stripe.
version	string	No	Installed version to compare against the latest release.
source	string	No	Package source. Use "local" by default or "github:owner/repo" when you need a specific upstream.

DETAILS

WHEN TO REACH FOR IT

Use this before audit_package

check_package is the cheap first pass. It answers the basic questions fast: does the package exist, what version do we have, what is latest, and is there an obvious postinstall or security concern. If the answer still matters after that, escalate to audit_package.

EXAMPLE

{  "jsonrpc": "2.0",  "id": 4,  "method": "tools/call",  "params": {    "name": "check_package",    "arguments": {      "package": "express",      "version": "5.0.0"    }  }}

OUTPUT

Package exists: yesInstalled version: 5.0.0Latest version: 5.2.1Postinstall script risk: none detectedSecurity summary: no known critical advisory on the requested version

TOKEN EFFICIENCY

Most check_package responses are about 150 to 350 tokens. Manually checking npm, release history, and advisory pages usually costs 2,000 to 6,000 tokens of browsing and copied snippets.