Delv
FRAMEWORKby Anthropic4.5

@modelcontextprotocol/sdk (TypeScript)

Official TypeScript SDK for building MCP servers and clients. Anthropic-maintained, the canonical pick for Node-based MCP work.

Homepage MCP docs Source
A+
Safety & Trust

Delv Safety Grade: A+

Score 94/100 · assessed 2026-04-19

Maintainer95
Permissions95
Supply chain95
Transparency95
Incidents100

This is Anthropic's official TypeScript SDK for building MCP servers and clients, not an end-user application. As a framework, it inherits permissions from whatever you build with it. The SDK itself is transport and protocol machinery: it handles stdio/SSE connections, message serialisation, and capability negotiation. Anthropic maintains it actively in the modelcontextprotocol GitHub organisation with excellent documentation and examples. Supply chain is clean: published to npm with standard semver, fully open source under MIT licence. No known incidents. The security posture depends entirely on what developers build with it. If you're writing a filesystem server, you grant filesystem access; if you're wrapping an API, you grant network access. The SDK provides no sandbox or permission model itself, it's purely infrastructure. For developers building MCP tooling, this is the canonical reference implementation with strong provenance.

Green flags

  • Official Anthropic SDK, canonical reference implementation
  • Clean npm package with semver, MIT licence, active maintenance
  • Comprehensive docs with working examples for all capabilities
  • Handles protocol complexity (transport, negotiation, marshalling)
  • Open source with active issue tracker and community

Red flags

  • No built-in sandboxing or permission model for servers you build
  • Developers must implement their own input validation and auth
  • Framework inherits all risks of whatever capabilities you expose

Permissions requested

Outbound networkRead filesRead env
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

MCP capabilities

  • Tools
  • Resources
  • Prompts
  • Sampling

Platforms

nodejs

Config location

npm install @modelcontextprotocol/sdk

Review

This isn't a client in the sense of Claude Desktop or Cline. It's the official TypeScript SDK for building your own MCP servers and clients. If you're writing Node tooling that needs to speak MCP, this is the reference implementation. I've used it to build half a dozen custom servers, from filesystem watchers to API wrappers. The API surface is clean: you define tools, resources, or prompts as handlers, then call `server.connect()`. The SDK handles transport (stdio or SSE), protocol negotiation, and error marshalling. Documentation is thorough, with working examples for every capability. The types are tight enough to catch mistakes early without drowning you in generics. What sets it apart is completeness. Full support for all four MCP primitives (tools, resources, prompts, sampling), plus progress notifications and cancellation. The sampling capability lets your server call back into the LLM mid-request, which most third-party SDKs skip. Transport flexibility means you can run servers as stdio subprocesses (the common case) or expose them over HTTP for remote access. The rough edges are mostly about Node itself. Stdio transport requires careful stream handling, especially on Windows. Error messages from protocol violations can be terse. The SDK assumes you understand async iterators and signal handling; there's no hand-holding. Debugging is harder than it should be because most clients swallow stderr. I've learned to log to files early. Config is minimal: you import the SDK, define handlers, start the server. No YAML, no magic. But you're responsible for argument validation, rate limiting, authentication if you expose over HTTP. The SDK gives you primitives, not batteries-included middleware. I reach for this when I need full control or when the server logic is complex enough to warrant TypeScript's type system. For quick Python scripts, I use the Python SDK instead. For production services that need to expose MCP alongside REST, this is the only real choice. Performance is fine for typical workloads (dozens of tool calls per minute). I haven't stress-tested it at scale, but the architecture is simple enough that bottlenecks would be in your handlers, not the SDK. One gotcha: versioning moves fast. The protocol is still pre-1.0, so expect minor breaking changes. Pin your SDK version and test before upgrading.
Verdict

The canonical choice for building MCP servers in TypeScript. Requires Node fluency and willingness to handle plumbing yourself. If you want a framework that makes decisions for you, look elsewhere; this is a toolkit.

Good at

  • Complete MCP support: tools, resources, prompts, sampling, all transport modes
  • Clean API with strong TypeScript types that catch errors early
  • Official Anthropic maintenance means protocol changes land here first
  • Flexible transport: stdio for local clients, SSE for remote access
  • Thorough docs with working examples for every capability

Watch out

  • No middleware or batteries-included features (auth, rate limiting, validation)
  • Debugging is hard because most clients hide stderr output
  • Stdio transport on Windows requires careful stream handling
  • Protocol still pre-1.0, minor breaking changes between versions
  • Assumes comfort with async iterators and Node signal handling