π¦
io.github.berkayderin/nextscan
MCP server that scans Next.js projects and returns a compact summary
0 installs
Trust: 37 β Low
Devtools
Ask AI about io.github.berkayderin/nextscan
Powered by Claude Β· Grounded in docs
I know everything about io.github.berkayderin/nextscan. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
nextscan
MCP server that scans Next.js projects and returns a compact summary. One tool call β full project overview.
What it does
| Without nextscan | With nextscan |
|---|---|
| Manual file-by-file exploration | Single scan call |
| Multiple tool calls to understand routes | Compact route tree with flags |
| Missing security issues | Hardcoded secrets + env leak detection |
| Unknown API coverage | Auth + validation status per endpoint |
| Schema guesswork | Prisma/Drizzle relation mapping |
Quick Install
# Clone and build
cd nextscan
npm install
npm run build
# Add to Claude Code
claude mcp add nextscan -- node /path/to/nextscan/dist/index.js
Tool: scan
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | Yes | Absolute path to Next.js project root |
focus | enum | No | routes | api | schema | security |
Example Output
nextscan β my-app
ββββββββββββββββββββββββββββββββββββββββ
Root: /Users/dev/my-app
src/ : yes app/ : yes middleware: yes
ORM : prisma
Routes
Pages: 12 Layouts: 3 API: 5
Dynamic: 4 Static: 8
Client: 3 Server: 9
Groups: (marketing), (auth)
Matchers: /dashboard/:path*, /api/:path*
ββ Pages
ββ /
ββ /about
ββ /dashboard [client]
ββ /blog/[slug] [dyn,SSG]
ββ /settings [client]
API Endpoints
Total: 5 Unprotected: 1
ββ GET,POST /api/users [auth:next-auth | val:zod]
ββ GET /api/health [no-auth,no-rate-limit]
ββ POST /api/webhook [no-auth,no-validation]
Schema
Models: 5 Relations: 4
Orphans: AuditLog
User β< Post (1:N)
User β Profile (1:1)
Post >β< Tag (N:N)
Security
Score: 75/100 Headers: yes Middleware: yes
[high] API route /api/health has no auth: [GET]
[medium] No rate limiting on /api/users
Example Prompts
- "Scan my Next.js project at /Users/dev/my-app"
- "Check the security of my Next.js app"
- "Show me the route structure"
- "Analyze the database schema"
Architecture
src/
βββ index.ts # MCP server entry point
βββ tools/scan.ts # Orchestrator
βββ analyzers/
β βββ routes.ts # App router analysis
β βββ api.ts # API endpoint analysis
β βββ schema.ts # Schema orchestration
β βββ security.ts # Security scanning
βββ parsers/
β βββ typescript.ts # ts-morph utilities
β βββ prisma.ts # Regex-based Prisma parser
β βββ drizzle.ts # AST-based Drizzle parser
βββ formatters/
β βββ compact.ts # Unicode tree formatter
βββ utils/
βββ fs.ts # File system utilities
βββ detect.ts # Project detection
Requirements
- Node.js 18+
- An MCP-compatible client (Claude Code, Claude Desktop, etc.)
Development
npm install
npm run build
npm test
npm run test:coverage
Author
Berkay Derin β github.com/berkayderin
License
MIT