@modelcontextprotocol/expressExpress adapters for the MCP TypeScript server SDK.
This package is a thin Express integration layer for @modelcontextprotocol/server.
It does not implement MCP itself. Instead, it helps you:
requireBearerAuth (validates Authorization: Bearer … via your OAuthTokenVerifier)mcpAuthMetadataRouternpm install @modelcontextprotocol/server @modelcontextprotocol/express express
# For MCP Streamable HTTP over Node.js (IncomingMessage/ServerResponse):
npm install @modelcontextprotocol/node
createMcpExpressApp(options?)hostHeaderValidation(allowedHostnames)localhostHostValidation()requireBearerAuth(options)mcpAuthMetadataRouter(options)getOAuthProtectedResourceMetadataUrl(serverUrl)OAuthTokenVerifier (interface)import { createMcpExpressApp } from '@modelcontextprotocol/express';
const app = createMcpExpressApp(); // default host is 127.0.0.1; protection enabled
import { createMcpExpressApp } from '@modelcontextprotocol/express';
import { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';
import { McpServer } from '@modelcontextprotocol/server';
const app = createMcpExpressApp();
const server = new McpServer({ name: 'my-server', version: '1.0.0' });
app.post('/mcp', async (req, res) => {
// Stateless example: create a transport per request.
// For stateful mode (sessions), keep a transport instance around and reuse it.
const transport = new NodeStreamableHTTPServerTransport({ sessionIdGenerator: undefined });
await server.connect(transport);
await transport.handleRequest(req, res, req.body);
});
import { hostHeaderValidation } from '@modelcontextprotocol/express';
app.use(hostHeaderValidation(['localhost', '127.0.0.1', '[::1]']));