Command Palette

Search for a command to run...

UnylyUnyly
Browse all

@Buygit/ Server

FreeNot checked

The only MCP that returns license + supply-chain risk + popularity + price in a single call. 78,094 curated Git assets. Zero config. MIT. Free forever.

GitHubEmbed

About

The only MCP that returns license + supply-chain risk + popularity + price in a single call. 78,094 curated Git assets. Zero config. MIT. Free forever.

README

buygit-mcp-server MCP server

The only MCP that returns license + supply-chain risk + popularity + price in a single call. 78,094 curated Git assets. Zero config. MIT. Free forever.

MCP server for the BuyGit Open Index — 78,094 curated, deduplicated, license-tagged Git assets from GitHub, Codeberg, npm, crates.io, WordPress, HuggingFace, and 17 other sources — to Claude Desktop, Cursor, Cline, Continue, ChatGPT Apps SDK, and any MCP 2025-11-25 client.

npm license

Companion: @buygit/cli — same answers from your shell. npx @buygit/cli search "react form" --license MIT.

Companion: buygit-vscode extension — license-compat + audit from the VS Code command palette + explorer right-click. See packages/vscode-extension.

Works in Antigravity, Claude Desktop, Claude Code, Cursor, Cline, Codex CLI, Continue, Gemini CLI, OpenCode, Roo Code, Windsurf, Zed, and any MCP 2025-11-25 client. Full install matrix in CLIENTS.md.

Cursor one-click install: cursor://anysphere.cursor-deeplink/mcp/install?name=buygit&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBidXlnaXQvbWNwLXNlcnZlckBsYXRlc3QiXX0=

What is BuyGit?

BuyGit is an open marketplace and discovery platform for Git-based digital products — source code, templates, SaaS starters, boilerplates, plugins, AI agents, ML models, and developer tools.

Unlike raw GitHub search, BuyGit curates, deduplicates, and enriches every listing with structured metadata:

  • License classification — SPDX identifier + category (permissive / weak-copyleft / strong-copyleft / proprietary) + plain-English compatibility warnings
  • Supply-chain risk scoring — 0-100 composite score based on dependency hygiene, secret scan status, malware flags, and maintenance signals
  • Popularity scoring — log-scaled 0-100 star score normalized across sources (GitHub, npm, crates.io, etc.)
  • Pricing tier — free vs. paid, with USD price for premium listings
  • Repository health — stars, forks, language, last commit date, archived/disabled status, upstream health

The catalog currently indexes 78,094 crawler-imported listings from 17+ sources, with continuous crawling adding new assets daily. BuyGit also supports seller-curated premium listings (marketplace), but the MCP server exposes only the public crawler-imported catalog — no auth required.

Key URLs:

Why BuyGit over raw GitHub search?

Every tool returns a 4-axis signals block — the differentiator. No other MCP gives you this in one call.

{
  "license_category": "permissive",
  "license_warning": null,
  "popularity": 75,
  "risk": 0,
  "price_usd": 0,
  "pricing_tier": "free"
}
User question github-mcp Smithery code-search context7 Socket MCP BuyGit MCP
"MIT-compatible image diff library" raw search, no license raw search docs only safety only license-filtered
"Is this dependency safe to bundle?" Socket score Socket + popularity + license fused
"Compare A vs B by license + activity" 4+ calls 4+ calls 1 call
"Alternative to GPL X, but MIT-only" buygit_find_alternative
"Is GPL-3.0 safe in my MIT project?" license_warning field
"Explain this listing for me" buygit_explain (AI summary)
"Deep audit with companion MCPs" manual separate buygit_deep_audit (federation)

We also tell you when NOT to use us — see WHEN_NOT_TO_USE.md.

What you get

14 tools, 7 resource templates, 4 prompts — all backed by the public, read-only, free-forever BuyGit Open Index API. Full client install matrix in CLIENTS.md (13 clients).

Tool One-line value
buygit_search Curated, license-tagged, risk-scored search across 78,094 assets. fields= sparse fieldset + summary_mode=compact for token savings.
buygit_get_listing Replaces 3 separate MCP calls — license + risk + popularity + repo signals + similar in one shot
buygit_list_categories Full taxonomy with per-category counts
buygit_trending Curated trending (not GitHub Trending noise), license-aware
buygit_compare Single-call 2-5 way comparison with license_warning
buygit_stats Catalog meta — totals by license, category, source, plus data_freshness
buygit_random Surprise me — license + risk badges on every pick
buygit_find_alternative License-filtered, risk-scored alternatives — the answer GitHub search cannot give
buygit_check_license_compat "Is GPL-3 safe in my MIT project?" Returns compatible / review / incompatible with note. The only MCP that answers this without a separate SCA tool.
buygit_audit_repo Audit any external GitHub repo URL — same 4-axis signals as catalog rows, via live GitHub probe. Falls back to richer cached signals when URL is in our index.
buygit_explain v0.9.0 · AI-powered listing summary (overview / license / risk / usage focus). Gated on ANTHROPIC_API_KEY. Uses Claude Haiku for cost-efficient summaries.
buygit_diff_versions v0.9.0 · Time-window signal diff — shows how a listing's license, popularity, and risk changed between snapshots.
buygit_deep_audit v0.9.0 · Federated deep audit — chains Socket, OpenSSF Scorecard, and TruffleHog companion MCPs alongside BuyGit's own signals for a comprehensive security audit.
search_tools Meta routing tool — give it a plain-English intent, get the ranked tool to call next. MCP Tool Search Tool semantic.

Resources let you @-mention a listing, category, comparison, or any cacheable static asset and have it attached as conversation context — no tools/call required:

  • buygit://listing/{slug} — full listing detail with 4-axis signals
  • buygit://category/{slug} — category top 20
  • buygit://compare/{slug-a}+{slug-b}+{slug-c} — single-fetch 2-5 way compare
  • buygit://trending/{period} — day/week/month trending, pin once and re-reference
  • buygit://stats — catalog meta + data_freshness, pin to know catalog scale
  • buygit://category-tree — full taxonomy lookup table
  • buygit://license/{spdx} — compatibility matrix row for any SPDX id

Prompts (slash-menu in Claude Desktop):

  • starter_for_stack — "Find me a starter kit for {stack}"
  • alternative_to — "Alternatives to {repo}"
  • audit_my_dependency — "Is {slug} safe to ship?"
  • explore_category — "What's hot in {category}?"

Install

Claude Desktop

Edit ~/Library/Application Support/Claude/claude_desktop_config.json on macOS or %APPDATA%\Claude\claude_desktop_config.json on Windows:

{
  "mcpServers": {
    "buygit": {
      "command": "npx",
      "args": ["-y", "@buygit/mcp-server@latest"]
    }
  }
}

Restart Claude Desktop. The first tool call may take a few seconds while npx resolves the package.

Cursor

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "buygit": {
      "command": "npx",
      "args": ["-y", "@buygit/mcp-server@latest"]
    }
  }
}

Cline (VS Code extension)

Open the Cline MCP settings (Cline: Open MCP Servers from the command palette) and add:

{
  "buygit": {
    "command": "npx",
    "args": ["-y", "@buygit/mcp-server@latest"]
  }
}

Continue

Continue picks up MCP servers from ~/.continue/config.json:

{
  "mcpServers": {
    "buygit": {
      "command": "npx",
      "args": ["-y", "@buygit/mcp-server@latest"]
    }
  }
}

Self-hosted via Docker

docker run -i --rm ghcr.io/buygit/mcp-server:latest

The container runs stdio MCP. Pipe stdin/stdout from your client.

Try it

After you've added the config and restarted your client, ask:

  • "Find me a Next.js SaaS starter under MIT with more than 500 stars."
  • "What's trending in AI agents this week on BuyGit?"
  • "Tell me about next-saas-starter-pro — is the secret scan clean?"
  • "Compare react-saas-template and nextjs-stripe-starter."
  • "Explain the license risk of some-gpl-library for my MIT project."
  • "Run a deep audit on github.com/some-org/some-repo."

The model will call the right tools, attach the canonical BuyGit links, and let you click through.

Configuration

Env var Default Purpose
BUYGIT_API_BASE https://buygit.com Override for staging / self-hosted mirror
BUYGIT_MCP_TRANSPORT stdio stdio (default, all clients) · http (Streamable HTTP)
BUYGIT_TIMEOUT_MS 15000 Per-request timeout in milliseconds. Increase for slow networks.
BUYGIT_EXPLAIN_MODEL claude-haiku-4-5-20251001 Anthropic model for buygit_explain summaries.
ANTHROPIC_API_KEY (none) Required only for buygit_explain. All other tools work without any key.
BUYGIT_COMPANION_TOOL_MAP (built-in) JSON override for companion MCP tool names in buygit_deep_audit.

Architecture

┌─────────────────────────────────────────────┐
│  AI Agent (Claude, GPT, Gemini, …)          │
│  ↕ MCP JSON-RPC (stdio or Streamable HTTP)  │
├─────────────────────────────────────────────┤
│  @buygit/mcp-server                         │
│  14 tools · 7 resources · 4 prompts         │
│  Zod input validation · structuredContent   │
│  Retry w/ exponential backoff (429/503)     │
├─────────────────────────────────────────────┤
│  undici Pool → buygit.com REST API          │
│  Public · Read-only · No auth · Free        │
└─────────────────────────────────────────────┘

Privacy & licensing

The BuyGit Open Index API is public, read-only, no auth. There is no key to install. Requests are not personally identifiable (the server doesn't log the queries you make).

The catalog excludes seller-curated listings — only crawler-imported public-repo metadata is exposed. Each result includes a url field linking back to the canonical BuyGit page; please surface that link when redistributing.

This package is MIT licensed. The API responses are licensed for indexing + attribution per the BuyGit API terms.

Links

Develop

cd packages/mcp-server
pnpm install
pnpm build
node dist/index.js   # connects on stdio — feed it MCP JSON-RPC over stdin

Or run the watch build while developing:

pnpm dev

Run tests:

pnpm test           # 57 tests (handler + server + federation)

To smoke-test against the live API:

BUYGIT_API_BASE=https://buygit.com node dist/index.js
# then in another process, send a `tools/list` JSON-RPC frame

from github.com/genoxdeveloper/buygit-mcp-server

Install @Buygit/ Server in Claude Desktop, Claude Code & Cursor

Recommended · one command, every IDE
unyly install buygit-mcp-server

Installs into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.

First time? Get the CLI: curl -fsSL https://unyly.org/install | sh

Or configure manually

Run in your terminal:

claude mcp add buygit-mcp-server -- npx -y @buygit/mcp-server

FAQ

Is @Buygit/ Server MCP free?

Yes, @Buygit/ Server MCP is free — one-click install via Unyly at no cost.

Does @Buygit/ Server need an API key?

No, @Buygit/ Server runs without API keys or environment variables.

Is @Buygit/ Server hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install @Buygit/ Server in Claude Desktop, Claude Code or Cursor?

Open @Buygit/ Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare @Buygit/ Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs