Skip to main content

In this section

5 Best MCP Servers for Developers

Written by
Headshot of Liran Tal

Liran Tal

0 mins read

The Model Context Protocol is making its rounds from Claude Desktop to OpenAI, following up with support, and rest assured that MCP Servers are front-and-center for software development too.

Regardless of whether you’re using Cursor, Qodo, or VS Code’s own MCP support for their Agent Mode Copilot code assistant tool, if you aren’t leveraging MCP Servers, you are missing out on an enhanced software development experience.

Benefits of MCP Servers for Developers

LLMs are limited by their data training cut-off date, which means that if you’re using the latest version of a runtime, say Node.js 22 LTS, then any recent API changes pushed in the last couple of months would be entirely missing as context for the LLM.

Even more so, MCP Servers don’t just bridge up-to-date context like RAG is intended for; they also provide the ability to extend LLMs from being an input/output process in the form of a chat conversation to allowing the ability to trigger actions, also known as function calls or tools.

Imagine you’re using an open source library, but the Claude, Gemini, or OpenAI models are just unaware of the new APIs available in a recent major release. There’s an MCP Server to bridge that gap.

If you want to fix an open issue on a GitHub code repository right from the Cursor IDE, you’d normally open a browser, search for the open issue, copy and paste the context text into Cursor, and ask it to implement. 

Guess what? There’s an MCP Server that pulls that info right from the Cursor Tab chat interface. So, here are my five recommendations for MCP Servers that I think developers will get the most value from:

MCP #1: Context7

Context7 is a hub for open source third-party libraries across various language ecosystems. Its purpose is to index and provide to the LLM an up-to-date API documentation for popular libraries; they’re kept indexed via Context7’s own hub and tooling: https://context7.com

Context7 from Upstash creators provides MCP Server for third-party open source libraries API documentation for LLMs and AI.

One way to work with Context7 is by finding the relevant library page (and ensuring it is indeed correctly indexing data from the trusted authority) and then copying the textual indexed data from that library’s page to your LLM:

Context7 Fastify API documentation page

Another, potentially better, and more programmable way of doing it is by installing the MCP Server for Context7. Following the Context7 code repo documentation, you require a Node.js environment and run these commands:

{
  "mcpServers": {
    "context7": {
      "command": "npx",
      "args": ["-y", "@upstash/context7-mcp@latest"]
    }
  }
}

This requires a Node.js runtime in the local environment to run the `npx command.

You can then prompt Cursor in a chat, such as:

Create a basic todo note taking app in Fastify Node.js framework. use context7.

Security disclaimer

Context7 indexes markdown, text, and other documentation found in third-party libraries, but nothing prevents an adversarial from contributing a documentation update that introduces a malicious prompt injection or suggests weak and insecure APIs.

In continuation of the above, adversaries can exploit the similarity search mechanism by Context7 to build vector embeddings that would highly match their own contributions for specific APIs that they target, then bake their malicious suggestions.

MCP #2: GitHub MCP Server

GitHub is a central source for developers to manage code, review code changes, and collaborate with other developers. As such, developers often work through different GitHub pages, such as Issues or Pull Requests, to comment, push code, and perform other software development activities.

However, GitHub interactions for that are mostly driven through the browser by interacting with the GitHub website and GitHub MCP Servers changes that dynamic entirely.

The GitHub MCP Server is primarily installed via a Docker image, and as of writing this article, it exposes 36 tools. Here is an example of some of the tools showing in Qodo Gen, the VS Code extension for Agentic AI code assistance:

Qodo Gen shows GitHub MCP Server in VS Code

To set up the server, you need to provide it the following MCP Server definition and replace the 1234 placeholder value of the GitHub Personal Access token (PAT) with your own: 

{
    "docker": {
        "command": "docker",
        "args": [
            "run",
            "-i",
            "--rm",
            "-e",
            "GITHUB_PERSONAL_ACCESS_TOKEN",
            "ghcr.io/github/github-mcp-server"
        ],
        "env": {
            "GITHUB_PERSONAL_ACCESS_TOKEN": "1234"
        }
    }
}

Then, “chatting with GitHub” becomes as easy as a simple prompt:

Qodo Gen uses GitHub MCP Server over Docker to run list_issues tool call

Also, the Git MCP Server is another handy MCP resource for local source code version management and Git workflows for those who do not understand Git or need to look up complex Git workflows.

MCP #3: Snyk MCP Server

More code leads to more software bugs, and more software bugs? Unfortunately, a good chance that they lead to security vulnerabilities.

Coding is fun, but whether your third-party dependencies have code with vulnerabilities or whether the LLM is generating code with vulnerabilities, you are opening yourself up to security risks. 

Let’s add some AI Security guardrails on all of these Agentic AI code assistance tools, and what’s more convenient than using Snyk and its industry-leading vulnerability database, and Snyk’s own machine learning powered source code scanning to audit GenAI code.


The Snyk MCP Server allows access to the Snyk security platform, and all you have to do to install it and ensure that Cursor, Windsurf, or Copilot don’t expose you to insecure code is to spin up the Snyk via its MCP Server as follows:

{
    "Snyk": {
        "command": "snyk",
        "args": [
            "mcp",
            "-t",
            "stdio",
            "--experimental"
        ]
    }
}

Here is Snyk in action, finding security vulnerabilities:

MCP #4: Database MCP Server

Having a conversation with your Database? Why not!

When we developers need to browse the database to look at the current state of data, we’re often used to installing SQL user interface tools as extensions in our IDEs or using dedicated SQL exploration tools like DBeaver, Sequel PRO, Postico, or others.

But with dedicated database MCP Servers, if we just need to query the database for records, update or delete data off of tables as one-off use or a type of activity that doesn’t require automation or database migration scripts, then that’s a job done a lot more easily and accessible via natural language by prompting the chat.

As such, many popular databases have their own dedicated MCP servers, such as:

  • MySQL MCP Server

  • PostgreSQL MCP Server

  • SQLite MCP Server

Here’s an example of setting up the SQLite MCP Server using its Docker image. In Qodo Gen extension, go to Tools -> Add New MCP and paste this MCP Server definition:

{
    "sqlite": {
        "command": "docker",
        "args": [
            "run",
            "-i",
            "--rm",
            "-v",
            "/Users/lirantal/projects/repos/llm-ai-security-demo/:/mcp",
            "mcp/sqlite",
            "--db-path",
            "/mcp/mcp-sqlite/conversations.db"
        ]
    }
}

As you can see in the above JSON, it maps my local directory for a project into the container’s own /mcp directory (at the root of the file system). There, it exempts finding the SQLite database to connect to at /mcp/mcp-slite/conversations.db, meaning that the mcp-sqlite/conversations.db is relative to the project path I provided to map `/mcp for.

Once successfully connected, you’ll see it listed in the Custom MCPs and all the tools it exposes:

SQLite MCP Server added as Custom MCP to Qodo Gen extension on VS Code

Now I can just query it in simple text…

Prompting the SQLite MCP Server to list an SQLite database tables in the Qodo Gen extension on VS Code

MCP #5: Puppeteer MCP Server

Browser automation with Puppeteer MCP Server is another favorite developer MCP Server, especially for frontend developers who need to perform a bunch of browser actions such as taking screenshots, navigating through specific flows that they are building pages for, point-and-click buttons, and so on.

Leveraging the Puppeteer MCP Server with a Docker image to run it in a headless browser mode is a quick way to get started. Use the following MCP Server definition:

{
  "mcpServers": {
    "puppeteer": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--init", "-e", "DOCKER_CONTAINER=true", "mcp/puppeteer"]
    }
  }
}

Once the MCP Server is enabled, here are some ideas on how to prompt it for various actions:

Ideas for Puppeteer MCP Server prompts

Here are some ideas for prompting the Puppeteer MCP Server for developer use-cases:

  • Take a screenshot of https://snyk.io and save it as screenshot.png.

  • Click the "Login" button on https://snyk.io.

  • Fill in the username field with "testuser" and the password field with "password123" on https://snyk.io.

  • Extract all the links from https://snyk.io and list them.

More on MCP Servers

Following are a handful of resources I’ve put together for you on MCP Servers and security:

Secure your applications with Snyk

Get started with Snyk to enable your developers to build securely from the start.

Book a live demoStart free