check_package
Checks whether an npm package exists, compares installed versus latest versions, and flags basic risk before you install or upgrade it.
DESCRIPTION
This is the fast package sanity check. Use it before pulling a new dependency into a project or before starting an upgrade plan. It is meant to prevent wasted time on typo packages, stale versions, or obviously risky installs.
WHEN TO USE
GOOD FIT
- Before adding a new npm package to a codebase.
- Before running npm install on a package name you have not used before.
- When you need installed versus latest version context quickly.
- Before deciding whether a package upgrade is worth deeper analysis.
AVOID IT WHEN
- You need migration guidance, breaking changes, or CVE detail; use audit_package.
- You need code-level reasoning inside your repo; use get_project_context, find_code, or read_code.
- You already know the exact package version plan and only need implementation work.
PARAMETERS
| Name | Type | Required | Description |
|---|---|---|---|
| package | string | Yes | npm package name, for example stripe or next. |
| version | string | No | Installed version if you want an explicit comparison. |
| source | string | No | Package source. Use "local" by default or "github:owner/repo" when needed. |
EXAMPLE
tools-call.json
{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "check_package", "arguments": { "package": "stripe", "version": "20.0.0" } }}OUTPUT
response.json
{ "jsonrpc": "2.0", "id": 2, "result": { "content": [ { "type": "text", "text": "Package exists: yes\nInstalled: 20.0.0\nLatest: 20.3.1\nPostinstall risk: none\nSecurity summary: no critical advisories detected" } ] }}TOKEN EFFICIENCY
This tool is cheaper than a full package audit. Use it as the first gate, then escalate to audit_package only when you actually need deep upgrade intelligence.