Labsco
MShekow logo

Package Version Check

โ˜… 6

from MShekow

Returns the latest package / dependency / tool versions for Python, NPM, Go, Docker, Helm, etc.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

package-version-check-mcp

A MCP server that returns the latest stable versions of packages you use as dependencies in a variety of ecosystems, such as Python, NPM, Go, or GitHub Actions.

It also supports looking up the latest versions of almost 1000 tools, such as development runtimes like python, node, dotnet, development tools like gradle, and various DevOps tools like kubectl or terraform, via the mise-en-place tool.

Why do I need this?

Whenever an AI coding agents generates files that pin dependency versions, they insert outdated versions because their training happened weeks or months ago, and new dependency versions have been released since then. As a developer, it is annoying having to manually fix these outdated versions.

This MCP fixes this problem. Use it together with an MCP such as Context7 to avoid that your AI agent produces outdated code.

Features

Supported ecosystems / tools:

  • Developer ecosystems:
    • NPM - Node.js packages from registry.npmjs.org
    • PyPI - Python packages from PyPI
    • NuGet - .NET packages from NuGet
    • Maven / Gradle - Java/Kotlin/Scala packages from Maven repositories (Maven Central, Google Maven, etc.)
    • Go - Go modules from proxy.golang.org
    • PHP - PHP packages from Packagist (used by Composer)
    • Ruby - Ruby gems from rubygems.org
    • Rust - Rust crates from crates.io
    • Swift - Swift packages from GitHub repositories
    • Dart - Dart packages from pub.dev
  • DevOps ecosystems:
    • Docker - Docker container images from Docker registries
    • Helm - Helm charts from ChartMuseum repositories and OCI registries
    • GitHub Actions - Actions hosted on GitHub.com, returning their current version, their inputs and outputs, and (optionally) their entire README with usage examples
    • Terraform Providers and Modules - Providers & Modules from Terraform Registry, OpenTofu Registry, or custom registries
    • Various tools such as kubectl, terraform, gradle, maven, etc. supported by mise-en-place

Why build yet another MCP

This MCP is certainly not the first one to tackle the "outdated dependency" problem. However, we feel that it has various advantages over other MCPs:

  • We offer (far) better ecosystem coverage than other MCPs
  • There is full test coverage, with automated dependency updates (powered by Renovate) and regular, automated release builds. In contrast, other projects are often vibe coded, have poor (or no) tests, and are already abandoned, because the authors were just messing around
  • This MCP provides several alternatives for how to run it locally (uvx or docker), or you can just use the free hosted offering (which other MCPs do not have)
  • This MCP uses a minimal Docker/OCI image, hardened for security. SBOMs you generate with tools like Trivy are known to be correct, and the image is signed with Cosign (which allows you to verify its authenticity in case you want to self-host the MCP)

Development

Prerequisites

mise-en-place

The MCP server depends on the mise-en-place package for looking up tool versions. See https://mise.jdx.dev/installing-mise.html for installation instructions.

Running the Server Manually (For Development)

If you're developing or testing the MCP server locally, you can run it directly.

First, follow the Package management with Poetry -> Setup instructions to configure your virtual environments.

Next:

.poetry/bin/poetry run python -m package_version_check_mcp.main

Or if you have the .venv activated:

python src/package_version_check_mcp/main.py

Package management with Poetry

Setup

On a new machine, create a venv for Poetry (in path <project-root>/.poetry), and one for the project itself (in path <project-root>/.venv), e.g. via C:\Users\USER\AppData\Local\Programs\Python\Python312\python.exe -m venv <path>. This separation is necessary to avoid dependency conflicts between the project and Poetry.

Using the pip of the Poetry venv, install Poetry via pip install -r requirements-poetry.txt

Then, run poetry sync --all-extras, but make sure that either no venv is active, or the .venv one, but not the .poetry one (otherwise Poetry would stupidly install the dependencies into that one, unless you previously ran poetry config virtualenvs.in-project true). The --all-extras flag is required to install development dependencies, such as pytest.

Updating dependencies

  • When dependencies changed from the outside, e.g. because Renovate updated the pyproject.toml and poetry.lock file, run poetry sync --all-extras to update your local environment. This removes any obsolete dependencies from your .venv venv.
  • If you updated a dependency in pyproject.toml, run poetry update && poetry sync --all-extras to update the lock file and install the updated dependencies including extras.
  • To only update the transitive dependencies (keeping the ones in pyproject.toml the same), run poetry update && poetry sync --all-extras, which updates the lock file and installs the updates into the active venv.

Make sure that either no venv is active (or the .venv venv is active) while running any of the above poetry commands.