Packageactivev0.4.7
Soma
Drop-in RMCP runtime for provider-backed MCP tools, prompts, resources, and agent capabilities.
jmagar/soma WebsiteUpdated Jul 12, 2026 No blockers found
assessed on 3 of 4 dimensions
MaintenanceActively maintained — last activity 1 days ago.Package registries (npm/PyPI/NuGet) · as of Jul 13, 2026
PassProvenanceOrigin linked to a public source repository.Official MCP Registry · as of Jul 12, 2026
PassSupply chainNo known vulnerabilities in scanned package dependencies (OSV).OSV (Google Open Source Vulnerabilities) · as of Jul 13, 2026
PassManifest integrityManifest capture requires running the package (sandbox phase).
PendingBehavioral trustNo live endpoint to observe.
Not applicable
Connect
npm package · v0.4.7 · stdio
SOMA_BIN
Optional absolute path to the installed soma binary. When unset, the npm launcher runs soma from PATH.SOMA_HOME
Runtime data directory for local stdio/CLI runs.SOMA_PROVIDER_DIR
Directory scanned for drop-in provider manifests and modules.SOMA_API_URL
Optional deployed platform API or upstream API base URL used by the SomaClient compatibility layer. Leave unset for local provider/runtime mode.SOMA_API_KEYsecret
Optional bearer token or upstream API key for provider-backed calls that use SomaClient. Keep secret.RUST_LOG
Rust tracing filter for local CLI and stdio MCP logs.
Provenance
- Official MCP Registry · as of Jul 12, 2026 · registry-tos
- OSV (Google Open Source Vulnerabilities) · as of Jul 13, 2026 · CC-BY-4.0
- Package registries (npm/PyPI/NuGet) · as of Jul 13, 2026 · registry-tos
Every verdict is attributable to its sources and recomputed from our own landed copy, never read live on this page.