Code Runner MCP

Execute JavaScript and Python code in a secure sandbox. Supports Deno for JS/TS and Pyodide for Python, with configurable permissions.

GitHub

Code Runner MCP

JSR npm

Let AI execute JavaScript/Python code with any package imports!

code-runner-logo

Core Value

  • Secure Sandbox: Isolated execution environment protecting your host system
  • Install-on-Demand: Dynamically import any npm/PyPI packages
  • Reduce Hallucinations: Let AI verify logic by executing code
  • Quick Validation: Test if packages meet your needs without local installation

Installation

JSR (Recommended)

deno add jsr:@mcpc/code-runner-mcp

Package: @mcpc/code-runner-mcp

npm

npm install @mcpc-tech/code-runner-mcp

Package: @mcpc-tech/code-runner-mcp

Quick Start

Option 1: Using Deno (Recommended)

{
  "mcpServers": {
    "code-runner": {
      "command": "deno",
      "args": ["run", "--allow-all", "jsr:@mcpc/code-runner-mcp/bin"],
      "env": {
        "DENO_PERMISSION_ARGS": "--allow-net",
        "NODEFS_ROOT": "/tmp",
        "NODEFS_MOUNT_POINT": "/tmp"
      },
      "transportType": "stdio"
    }
  }
}

Option 2: Using Node.js

{
  "mcpServers": {
    "code-runner": {
      "command": "npx",
      "args": ["-y", "@mcpc-tech/code-runner-mcp"],
      "env": {
        "NODE_OPTIONS": "--experimental-wasm-stack-switching",
        "DENO_PERMISSION_ARGS": "--allow-net",
        "NODEFS_ROOT": "/tmp",
        "NODEFS_MOUNT_POINT": "/tmp"
      },
      "transportType": "stdio"
    }
  }
}

Note: NODE_OPTIONS=--experimental-wasm-stack-switching is required for Pyodide (WebAssembly Python runtime) to work properly in Node.js.

Use Cases

JavaScript/TypeScript

// Import npm packages directly to test functionality
import { z } from "npm:zod";
import { serve } from "jsr:@std/http";

const schema = z.object({ name: z.string() });
console.log(schema.parse({ name: "test" }));

Python

# Dynamically install and use Python packages
import requests
response = requests.get("https://api.github.com")
print(f"Status code: {response.status_code}")

Package Mapping

When import names differ from PyPI package names, use the packages parameter:

# sklearn -> scikit-learn, PIL -> Pillow
from sklearn.datasets import load_iris
data = load_iris()
print(data.feature_names)

Use packages: {"sklearn": "scikit-learn"}

File System Access

# Access host file system (via NODEFS_ROOT and NODEFS_MOUNT_POINT)
import os
files = os.listdir('/tmp')  # List files at the mount point
print(f"Found {len(files)} files")

Environment Variables

VariableDescriptionDefault
ALLOWED_TOOLSSelectively enable tools: all, python, javascript, js, or comma-separated (e.g., python,javascript)all
DENO_PERMISSION_ARGSAdditional Deno permissions for JS/TS execution (e.g., --allow-net, --allow-all)-
NODEFS_ROOTHost file system root directory path for Python access-
NODEFS_MOUNT_POINTMount point path in Python environment (defaults to NODEFS_ROOT)-
PYODIDE_PACKAGE_BASE_URLCustom package download source for Pyodide (e.g., private mirror CDN)-
PYODIDE_PACKAGE_CACHE_DIRCustom package cache directory for Pyodide packages (Pyodide v0.28.1+)-

Tool Selection Examples

// Enable only Python
{ "ALLOWED_TOOLS": "python" }

// Enable only JavaScript
{ "ALLOWED_TOOLS": "javascript" }

// Enable both (default)
{ "ALLOWED_TOOLS": "python,javascript" }

Security Features

  • Deno Sandbox: Strict permission control with explicit authorization
  • Pyodide WASM: WebAssembly isolated environment
  • File System Isolation: Controlled host file access

Technical Architecture

  • JavaScript/TypeScript: Powered by Deno runtime
  • Python: Powered by Pyodide WebAssembly technology
  • Package Management: Dynamic installation from npm, JSR, and PyPI

Issues & Feedback: GitHub Issues
Repository: GitHub Repository

Related Servers