Registry Landscape

The MCP ecosystem is fragmented across 9+ registries. No single source has complete coverage or security scanning.

Registry Servers APIPublishingHostingSearchSecurityVersioning Auth
Cursor Directory https://cursor.directory 500 None
GitHub (search) https://github.com 3,200 OAuth
Glama https://glama.ai 23,900 None
MCP.so https://mcp.so 21,164 None
npm https://www.npmjs.com 400 None
Official MCP Registry https://registry.modelcontextprotocol.io 600 None
PulseMCP https://pulsemcp.com 15,440 API Key
PyPI https://pypi.org 200 None
Smithery https://smithery.ai 7,200 Bearer

Registry Profiles

Cursor Directory 500

Curated directory for Cursor IDE focused on developer productivity servers.

Security posture

No security scanning. Curation provides some quality filtering but no formal security review.

Cursor IDE integrationDeveloper productivity focusCurated catalog
https://cursor.directory
GitHub (search) 3,200

GitHub is where most MCP servers are published, but it is not a curated discovery surface — we index by topic search and repo metadata, not editorial inclusion.

Security posture

Dependabot and CodeQL available but not MCP-aware. No annotation verification or trust scoring.

Source code hostingRelease versioningDependabot alerts
https://github.com
Glama 23,900

Largest registry by count. Offers MCP server for querying its own registry.

Security posture

No security scanning. No verification. No trust scoring. Quantity over quality.

Largest catalogMCP-native queryingCross-registry aggregation
https://glama.ai
MCP.so 21,164

Scraping-based aggregator indexing servers from GitHub, npm, and other sources.

Security posture

No API

Community-drivenOpen
https://mcp.so
npm 400

Node.js package registry increasingly used for MCP server distribution.

Security posture

npm audit for dependency vulnerabilities. Sigstore provenance attestations for build verification. No MCP-specific scanning.

Sigstore provenancenpm auditSemantic versioningDependency graph
https://www.npmjs.com
Official MCP Registry 600

The canonical registry from the MCP specification authors at modelcontextprotocol.io. Delegates security scanning to subregistries — Ultra Ledger is that subregistry.

Security posture

No scanning. No verification. No signing. Security is explicitly out of scope — the spec says subregistries handle it.

Official spec complianceVersioning supportStructured publishing API
https://registry.modelcontextprotocol.io
PulseMCP 15,440

Community-curated registry with editorial approach and visitor analytics.

Security posture

No automated scanning. Editorial curation provides some quality signal but no formal security assessment.

Editorial curationVisitor analyticsCommunity reviews
https://pulsemcp.com
PyPI 200

Python package index with growing MCP server ecosystem.

Security posture

Trusted Publishers for verified uploads. Sigstore attestations. Malware detection via automated scanning. No MCP-specific analysis.

Trusted PublishersSigstore attestationsMalware detection
https://pypi.org
Smithery 7,200

Largest independent MCP registry with hosted deployment and semantic search.

Security posture

No security scanning or vulnerability checking. No annotation verification. Servers are accepted without security review.

Hosted deploymentSemantic searchREST APIServer analytics
https://smithery.ai