How to Debug MCP Server with Anthropic Inspector

Building MCP servers has become mainstream. Developers are happily welcoming the LLM era by embracing Anthropic’s MCP revolution and actively building MCP servers. MCP servers are simple to get going in as little as under twenty lines of code, but how do you debug them when they behave in unexpected ways?

Getting started with a simple MCP Server in Node.js

To debug an MCP server, we first begin with a simplistic MCP server implementation in Node.js. This MCP server exposes a tool that allows MCP client implementors such as Cursor, Qodo, Claude Desktop, and others, the capability to pull information about third-party open source packages.

The full MCP server code is available in the snyk-labs/mcp-server-npm repository on GitHub, and the following is the code in its entirety:

import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";
import { execSync } from "child_process";

const server = new McpServer({
  name: "npm JavaScript package management tools",
  version: "1.0.0",
  description: "Provides tools to get information about open source npm packages from the npmjs registry"
});

server.tool(
  "getNpmPackageInfo",
  "Get information about an npm package",
  {
    packageName: z.string()
  },
  async ({ packageName }) => {    
    const output = execSync(`npm view ${packageName}`, {
      encoding: "utf-8",
    });

    return {
      content: [
        {
          type: "text",
          text: output
        },
      ],
    };
  }
);

const transport = new StdioServerTransport();
await server.connect(transport);

As you can see from the above MCP server code, it relies on the npm package manager command-line utility to be available and then spawns a system process with the view command-line argument to pull information from the official npm registry.

The above implementation of an MCP server is deliberately vulnerable to command injection, which teaches developers about the security risks of malicious and insecure MCP servers.

Anthropic’s MCP Inspector

Anthropic provided a debugging user interface known as the MCP Inspector in the official @modelcontextprotocol package name space: @modelcontextprotocol/inspector.

For one-off debugging, you can run it with npx, such as: npx @modelcontextprotocol/inspector <mcp-server-command>, where you’d replace the <mcp-server-command> with the command-line and its argument of the MCP server.

I suggest the following Node.js package.json entry for quick access to the MCP Inspector tool:

{
"scripts": {
  "debug": "npx -y @modelcontextprotocol/inspector node index.js"
}
}

Running npm run debug for the first time will prompt you to install it if you don’t provide the -y argument to npx, and it would look like this:

♥ 18:22  npm run debug           

> mcp-server-npm@1.0.0 debug
> npx @modelcontextprotocol/inspector node index.js

Need to install the following packages:
@modelcontextprotocol/inspector@0.11.0
Ok to proceed? (y)

When it is finished installing and ready, you’ll see the following console output:

Starting MCP inspector...
⚙️ Proxy server listening on port 6277
🔍 MCP Inspector is up and running at http://127.0.0.1:6274 🚀

This is your cue to open up http://127.0.0.1:6274 in your browser ;-)

Given that our Node.js MCP server is exposed via process STDIO we’ll leave that transport type as-is, and hit the Connect button.

Connecting to the MCP server now results in a new horizontal tab rendered to the main content area with all the resources available from the MCP server. In our case, the MCP server only exposes Tools (one tool, to look up an npm package information from the npm registry) so clicking the List Tools will render a list with all available tools:

Now, we can interact with the MCP server actively via this MCP Inspector web interface. Simply click on one of the tools listed, getNpmPackageInfo in our case, and it will render the selected tool on the right pane along with the parameters you can provide it.

Here’s a screenshot of running it with the snyk package as a parameter

The MCP Inspector also prints out information to the console about interactions with MCP servers. For reference, here is the debug output that was printed when I recorded the above tool calls:

New connection
Query parameters: [Object: null prototype] {
  command: 'node',
  args: 'index.js',
  env: '{"HOME":"/Users/lirantal","LOGNAME":"lirantal","PATH":"/Users/lirantal/.npm/,"SHELL":"/bin/zsh","TERM":"xterm-256color","USER":"lirantal"}',
  transportType: 'stdio'
}
Stdio transport: command=/Users/lirantal/.local/state/fnm_multishells/34121_1745832579143/bin/node, args=index.js
Spawned stdio transport
Connected MCP client to backing server transport
Created web app transport
Set up MCP proxy
Received message for sessionId 83514436-7b4b-492f-8026-957684f3b736
Received message for sessionId 83514436-7b4b-492f-8026-957684f3b736
Received message for sessionId 83514436-7b4b-492f-8026-957684f3b736

More on Debugging MCP Servers

Another aspect of debugging MCP servers often involves printing debug output to the screen via console.log() in JavaScript; however, for process-based STDIO MCP servers, this isn’t going to work as you expect. For now, I encourage you to take a simple workaround: write debug logs to a log file.