Adopt
The de facto distribution backbone for MCP servers — the Official MCP Registry doesn't host code, npm does.
Why It Matters
When the Official MCP Registry says "install this MCP server," what actually happens is npx or npm install pulling a package from npmjs.com. npm is not an MCP-specific registry, but it's the primary distribution channel for the majority of MCP servers. The combined TypeScript + Python SDK downloads reached 97 million/month (up from ~2M at launch in Nov 2024). The npx one-liner pattern has become the standard install mechanism across Claude Code, Cursor, and most MCP clients. If npm goes down, MCP server installation stops.
Strengths
- Battle-tested infrastructure handling billions of downloads per month
npxone-liner pattern makes MCP server installation trivially easy- Versioning, dependency management, and lockfiles are mature and well-understood
- Package signing (npm provenance) provides supply chain security when publishers opt in
- The entire Node.js ecosystem's tooling (bundlers, linters, test runners) applies to MCP server development
Limitations
- npm is a general-purpose registry — no MCP-specific metadata, discovery, or categorization
- Package quality is highly variable; anyone can publish anything
- MCP servers on npm are indistinguishable from regular packages without external metadata
- No MCP-specific security scanning — npm's malware detection is general-purpose
Risks
- In 2025, over 99% of all open-source malware occurred on npm; attackers published 454,648 malicious packages in a single year
- The
mcp-remotenpm package (CVE-2025-6514) contained a critical shell command injection vulnerability, compromising 437,000+ developer environments - The first self-replicating npm worm (Shai-Hulud) spread across 500+ packages in September 2025
- The
npx -ypattern that MCP clients promote runs arbitrary code without review — it's convenience at the cost of security - No provenance or signing is standard for MCP server packages; typosquatted MCP server names already exist