MCP Hub
Back to servers

nextscan

Validated

MCP server that scans Next.js projects and returns a compact summary

Registry
Productivity
Stars
1
Tools
1
Updated
Mar 1, 2026
Validated
Mar 6, 2026
View Source
Claim this server
Validation Details

Duration: 7.2s

Server: nextscan v1.0.0

Quick Install

npx -y @berkayderin/nextscan

nextscan

MCP server that scans Next.js projects and returns a compact summary. One tool call → full project overview.

What it does

Without nextscanWith nextscan
Manual file-by-file explorationSingle scan call
Multiple tool calls to understand routesCompact route tree with flags
Missing security issuesHardcoded secrets + env leak detection
Unknown API coverageAuth + validation status per endpoint
Schema guessworkPrisma/Drizzle relation mapping

Quick Install

# Clone and build
cd nextscan
npm install
npm run build

# Add to Claude Code
claude mcp add nextscan -- node /path/to/nextscan/dist/index.js

Tool: scan

ParameterTypeRequiredDescription
pathstringYesAbsolute path to Next.js project root
focusenumNoroutes | api | schema | security

Example Output

nextscan — my-app
────────────────────────────────────────
Root: /Users/dev/my-app
   src/ : yes  app/ : yes  middleware: yes
   ORM  : prisma

Routes
   Pages: 12  Layouts: 3  API: 5
   Dynamic: 4  Static: 8
   Client: 3  Server: 9
   Groups: (marketing), (auth)
   Matchers: /dashboard/:path*, /api/:path*
   ┌─ Pages
   ├─ /
   ├─ /about
   ├─ /dashboard [client]
   ├─ /blog/[slug] [dyn,SSG]
   └─ /settings [client]

API Endpoints
   Total: 5  Unprotected: 1
   ├─ GET,POST /api/users [auth:next-auth | val:zod]
   ├─ GET /api/health [no-auth,no-rate-limit]
   └─ POST /api/webhook [no-auth,no-validation]

Schema
   Models: 5  Relations: 4
   Orphans: AuditLog
   User ─< Post (1:N)
   User ─ Profile (1:1)
   Post >─< Tag (N:N)

Security
   Score: 75/100  Headers: yes  Middleware: yes
   [high] API route /api/health has no auth: [GET]
   [medium] No rate limiting on /api/users

Example Prompts

  • "Scan my Next.js project at /Users/dev/my-app"
  • "Check the security of my Next.js app"
  • "Show me the route structure"
  • "Analyze the database schema"

Architecture

src/
├── index.ts              # MCP server entry point
├── tools/scan.ts         # Orchestrator
├── analyzers/
│   ├── routes.ts         # App router analysis
│   ├── api.ts            # API endpoint analysis
│   ├── schema.ts         # Schema orchestration
│   └── security.ts       # Security scanning
├── parsers/
│   ├── typescript.ts     # ts-morph utilities
│   ├── prisma.ts         # Regex-based Prisma parser
│   └── drizzle.ts        # AST-based Drizzle parser
├── formatters/
│   └── compact.ts        # Unicode tree formatter
└── utils/
    ├── fs.ts             # File system utilities
    └── detect.ts         # Project detection

Requirements

  • Node.js 18+
  • An MCP-compatible client (Claude Code, Claude Desktop, etc.)

Development

npm install
npm run build
npm test
npm run test:coverage

Author

Berkay Deringithub.com/berkayderin

License

MIT

Reviews

No reviews yet

Sign in to write a review