Home / modelcontextprotocol / typescript-sdk
Repository Analysis

modelcontextprotocol/typescript-sdk

The official TypeScript SDK for Model Context Protocol servers and clients

1.2 Likely human-written View on GitHub
1.2
Adjusted Score
1.2
Raw Score
100%
Time Factor
2026-05-30
Last Push
12,572
Stars
TypeScript
Language
131,226
Lines of Code
485
Files
104
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 2MEDIUM 9LOW 93

Pattern Findings

104 matches across 8 categories. Click a row to expand file-level details.

Hyper-Verbose Identifiers45 hits · 45 pts
SeverityFileLineSnippet
LOWtest/integration/test/helpers/mcp.ts14export async function createInMemoryTaskEnvironment(options?: {
LOWtest/e2e/scenarios/client-auth.test.ts72function createMockAuthorizationServer(config: MockASConfig = {}) {
LOWtest/e2e/helpers/express.ts52export async function startExpressWithHostValidation(allowedHosts: string[], handler: RequestHandler): Promise<ExpressHo
LOWtest/helpers/src/helpers/http.ts32export function createExpressResponseMock(options: { trackRedirectUrl?: boolean } = {}): Response & {
LOWtest/helpers/src/helpers/http.ts87export function createNodeServerResponseMock(): ServerResponse {
LOWtest/conformance/src/everythingClient.ts238async function runClientCredentialsBasic(serverUrl: string): Promise<void> {
LOWtest/conformance/src/everythingClient.ts275async function runCrossAppAccessCompleteFlow(serverUrl: string): Promise<void> {
LOWtest/conformance/src/everythingClient.ts356async function runElicitationDefaultsClient(serverUrl: string): Promise<void> {
LOWexamples/server/src/elicitationUrlExample.ts158function generateTrackedElicitation(sessionId: string, createCompletionNotifier?: ElicitationCompletionNotifierFactory):
LOWexamples/shared/src/authServer.ts273export function createProtectedResourceMetadataRouter(resourcePath = '/mcp'): Router {
LOWexamples/client/src/elicitationUrlExample.ts111async function waitForElicitationsToComplete(): Promise<void> {
LOWexamples/client/src/elicitationUrlExample.ts302async function elicitationRequestHandler(request: ElicitRequest): Promise<ElicitResult> {
LOW…ples/client/src/streamableHttpWithSseFallbackClient.ts67async function connectWithBackwardsCompatibility(url: string): Promise<{
LOWexamples/client/src/simpleStreamableHttp.ts730async function runNotificationsToolWithResumability(interval: number, count: number): Promise<void> {
LOWexamples/client/src/parallelToolCallsClient.ts108async function startParallelNotificationTools(client: Client): Promise<Record<string, CallToolResult>> {
LOWexamples/client/src/dualModeAuth.ts39function createHostManagedTransport(serverUrl: URL, session: HostSessionStore, ui: HostUi): StreamableHTTPClientTranspor
LOWexamples/client/src/dualModeAuth.ts58function createUserConfiguredTransport(serverUrl: URL, clientId: string, clientSecret: string): StreamableHTTPClientTran
LOWscripts/sync-snippets.ts299function getOrLoadRegion(
LOWpackages/middleware/express/src/auth/bearerAuth.ts31function buildWwwAuthenticateHeader(
LOWpackages/middleware/express/src/auth/metadataRouter.ts149export function getOAuthProtectedResourceMetadataUrl(serverUrl: URL): string {
LOWpackages/middleware/node/test/streamableHttp.test.ts3072async function createTestServerWithDnsProtection(config: {
LOWpackages/core/src/experimental/tasks/helpers.ts31export function assertToolsCallTaskCapability(
LOWpackages/core/src/experimental/tasks/helpers.ts69export function assertClientRequestTaskCapability(
LOWpackages/core/src/types/guards.ts98export function assertCompleteRequestPrompt(request: CompleteRequest): asserts request is CompleteRequestPrompt {
LOWpackages/core/src/types/guards.ts105export function assertCompleteRequestResourceTemplate(request: CompleteRequest): asserts request is CompleteRequestResou
LOWpackages/core/src/util/standardSchema.ts177export function standardSchemaToJsonSchema(schema: StandardJSONSchemaV1, io: 'input' | 'output' = 'input'): Record<strin
LOWpackages/core/src/util/standardSchema.ts239export function promptArgumentsFromStandardSchema(
LOWpackages/core/src/shared/toolNameValidation.ts109export function validateAndWarnToolName(name: string): boolean {
LOWpackages/core/src/shared/taskManager.ts193export function extractTaskManagerOptions(tasksCapability: TaskManagerOptions | undefined): TaskManagerOptions | undefin
LOW…s/server/src/server/middleware/hostHeaderValidation.ts40export function localhostAllowedHostnames(): string[] {
LOW…s/server/src/server/middleware/hostHeaderValidation.ts51export function hostHeaderValidationResponse(req: Request, allowedHostnames: string[]): Response | undefined {
LOWpackages/client/test/client/auth.test.ts55function withBrowserLikeEnvironment(): void {
LOWpackages/client/src/client/client.ts126export function getSupportedElicitationModes(capabilities: ClientCapabilities['elicitation']): {
LOWpackages/client/src/client/crossAppAccess.ts124export async function requestJwtAuthorizationGrant(options: RequestJwtAuthGrantOptions): Promise<JwtAuthGrantResult> {
LOWpackages/client/src/client/crossAppAccess.ts203export async function discoverAndRequestJwtAuthGrant(options: DiscoverAndRequestJwtAuthGrantOptions): Promise<JwtAuthGra
LOWpackages/client/src/client/auth.ts453export function applyClientAuthentication(
LOWpackages/client/src/client/auth.ts820export function validateClientMetadataUrl(url: string | undefined): void {
LOWpackages/client/src/client/auth.ts871export function extractWWWAuthenticateParams(res: Response): { resourceMetadataUrl?: URL; scope?: string; error?: string
LOWpackages/client/src/client/auth.ts934export function extractResourceMetadataUrl(res: Response): URL | undefined {
LOWpackages/client/src/client/auth.ts965export async function discoverOAuthProtectedResourceMetadata(
LOWpackages/client/src/client/auth.ts1068async function discoverMetadataWithFallback(
LOWpackages/client/src/client/auth.ts1225export async function discoverAuthorizationServerMetadata(
LOWpackages/client/src/client/auth.ts1444export function prepareAuthorizationCodeRequest(
LOWpackages/codemod/src/utils/importUtils.ts86export function isOriginalNameImportedFromMcp(sourceFile: SourceFile, exportName: string): boolean {
LOWpackages/codemod/src/utils/importUtils.ts105export function resolveOriginalImportName(sourceFile: SourceFile, localName: string): string | undefined {
Verbosity Indicators21 hits · 35 pts
SeverityFileLineSnippet
LOWtest/e2e/scenarios/flow.test.ts240 // Step 1: first call rejects with UrlElicitationRequiredError
LOWtest/e2e/scenarios/flow.test.ts252 // Step 2: user "opens" the URL (out-of-band, simulated by marking complete)
LOWtest/e2e/scenarios/flow.test.ts255 // Step 3: server emits notifications/elicitation/complete and the client receives it for that exact elicitation
LOWtest/e2e/scenarios/flow.test.ts260 // Step 4: retry succeeds
LOWtest/e2e/scenarios/flow.test.ts462 // Step 1: first connect fails with 401 → discovery + DCR + redirect to the authorization endpoint
LOWtest/e2e/scenarios/flow.test.ts480 // Step 2: user completes redirect, finishAuth exchanges the code for tokens
LOWtest/e2e/scenarios/flow.test.ts492 // Step 3: second connect with fresh transport succeeds and tools/list works
LOWexamples/server/src/elicitationFormExample.ts139 // Step 1: Collect basic event information
LOWexamples/server/src/elicitationFormExample.ts168 // Step 2: Collect date and time
LOW…ples/client/src/streamableHttpWithSseFallbackClient.ts74 // Step 1: Try Streamable HTTP transport first
LOW…ples/client/src/streamableHttpWithSseFallbackClient.ts97 // Step 2: If transport fails, try the older SSE transport
LOWscripts/generate-multidoc.sh33# Step 1: Generate V1 docs from v1.x branch
LOWscripts/generate-multidoc.sh95# Step 2: Generate V2 docs from main branch
LOWpackages/codemod/src/bin/batchTest.ts298 // Step 1: Clone or reset
LOWpackages/codemod/src/bin/batchTest.ts314 // Step 2: Detect package manager
LOWpackages/codemod/src/bin/batchTest.ts318 // Step 3: Install
LOWpackages/codemod/src/bin/batchTest.ts339 // Step 4: Baseline checks
LOWpackages/codemod/src/bin/batchTest.ts349 // Step 5: Run codemod (programmatic API)
LOWpackages/codemod/src/bin/batchTest.ts362 // Step 6: Rewrite v2 deps to local tarballs, then re-install
LOWpackages/codemod/src/bin/batchTest.ts370 // Step 7: Post-codemod checks
LOWpackages/codemod/src/bin/batchTest.ts418 // Step 8: Write per-repo report
Decorative Section Separators8 hits · 30 pts
SeverityFileLineSnippet
MEDIUMtest/e2e/helpers/index.ts109// ───────────────────────────────────────────────────────────────────────────────
MEDIUMtest/e2e/helpers/index.ts111// ───────────────────────────────────────────────────────────────────────────────
MEDIUMtest/e2e/helpers/index.ts213// ───────────────────────────────────────────────────────────────────────────────
MEDIUMtest/e2e/helpers/index.ts221// ───────────────────────────────────────────────────────────────────────────────
MEDIUMscripts/generate-multidoc.sh32# ---------------------------------------------------------------------------
MEDIUMscripts/generate-multidoc.sh34# ---------------------------------------------------------------------------
MEDIUMscripts/generate-multidoc.sh94# ---------------------------------------------------------------------------
MEDIUMscripts/generate-multidoc.sh96# ---------------------------------------------------------------------------
Fake / Example Data23 hits · 25 pts
SeverityFileLineSnippet
LOWtest/integration/test/server.test.ts1057 name: 'John Doe',
LOWtest/integration/test/server.test.ts1095 name: 'John Doe',
LOWtest/integration/test/server/mcp.test.ts5056 name: 'John Doe',
LOWtest/integration/test/server/mcp.test.ts6314 name: 'John Doe',
LOWtest/integration/test/server/elicitation.test.ts69 content: { name: 'John Doe' }
LOWtest/integration/test/server/elicitation.test.ts86 content: { name: 'John Doe' }
LOWtest/integration/test/server/elicitation.test.ts143 street: '123 Main St',
LOWtest/integration/test/server/elicitation.test.ts186 email: 'user@example.com'
LOWtest/integration/test/server/elicitation.test.ts211 name: 'John Doe',
LOWtest/integration/test/server/elicitation.test.ts446 content: { email: 'user@example.com' }
LOWtest/integration/test/server/elicitation.test.ts463 content: { email: 'user@example.com' }
LOWtest/integration/test/client/client.test.ts2150 name: 'John Doe',
LOWtest/integration/test/client/client.test.ts2197 expect(structuredContent.name).toBe('John Doe');
LOWtest/integration/test/client/client.test.ts3891 name: 'John Doe',
LOWtest/integration/test/client/client.test.ts3930 expect(structuredContent.name).toBe('John Doe');
LOWtest/e2e/scenarios/prompts.test.ts459 const withOpt = await client.getPrompt({ name: 'summarize', arguments: { text: 'lorem ipsum', max_words: '10' } });
LOWtest/e2e/scenarios/prompts.test.ts461 { role: 'user', content: { type: 'text', text: 'Summarize the following text in at most 10 words:\nlorem ipsum'
LOWtest/e2e/scenarios/prompts.test.ts464 const withoutOpt = await client.getPrompt({ name: 'summarize', arguments: { text: 'lorem ipsum' } });
LOWtest/e2e/scenarios/prompts.test.ts465 expect(withoutOpt.messages).toEqual([{ role: 'user', content: { type: 'text', text: 'Summarize the following text:\n
LOWtest/conformance/src/everythingServer.ts456 default: 'John Doe'
LOWpackages/core/test/validators/validators.test.ts49 const result = validator('John Doe');
LOWpackages/core/test/validators/validators.test.ts51 expect(result.data).toBe('John Doe');
LOWpackages/core/test/validators/validators.test.ts75 expect(validator('user@example.com').valid).toBe(true);
Magic Placeholder Names2 hits · 10 pts
SeverityFileLineSnippet
HIGHdocs/client-quickstart.md300 + '\n export ANTHROPIC_API_KEY=your-api-key-here'
HIGHexamples/client-quickstart/src/index.ts172 + '\n export ANTHROPIC_API_KEY=your-api-key-here'
Slop Phrases1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMexamples/client/src/simpleOAuthClientProvider.ts5 * In-memory OAuth client provider for demonstration purposes
Over-Commented Block3 hits · 3 pts
SeverityFileLineSnippet
LOWscripts/generate-multidoc.sh1#!/usr/bin/env bash
LOWpackages/server/src/stdio.ts1// Subpath entry for the stdio server transport.
LOWpackages/client/src/stdio.ts1// Subpath entry for the stdio client transport.
Example Usage Blocks1 hit · 2 pts
SeverityFileLineSnippet
LOWscripts/generate-multidoc.sh8# Usage: