Context7 MCP

v2026.6

Upstash

MCPdocumentationcode-contextretrievalupstash

Strong

About This MCP

Upstash's documentation-retrieval MCP server. Two tools (resolve-library-id, get-library-docs) inject up-to-date, version-specific library documentation into the agent's context to prevent hallucinated APIs. The most-starred MCP server repo (57.1k), but with a notable security history: the ContextCrush content-injection vulnerability (disclosed Feb 2026, patched within days).

Last Evaluated: June 10, 2026

Official Website

Trust Vector Analysis

Dimension Breakdown

🚀Performance & Reliability

documentation accuracy

Spot-check of returned documentation against official library docs across popular frameworks

Evidence

Context7 README — Docs are parsed from official library sources and served version-specifically, directly addressing hallucinated or outdated APIs in LLM code generation

highVerified: 2026-06-10

retrieval relevance

Relevance assessment of topic-filtered retrievals across common and long-tail queries

Evidence

Context7 get-library-docs tool — Topic-scoped retrieval with configurable token budget returns focused snippets; relevance degrades for niche topics in very large libraries

mediumVerified: 2026-06-10

api reliability

Availability monitoring of the hosted API endpoint over the evaluation period

Evidence

Context7 service — Backend hosted on Upstash infrastructure; remote Streamable HTTP endpoint and local stdio server both depend on the hosted API, which has shown solid availability

mediumVerified: 2026-06-10

library coverage

Coverage sampling across mainstream and long-tail open-source libraries

Evidence

Context7 library index — Tens of thousands of indexed libraries with community submission of new ones; resolve-library-id reliably maps natural-language names to indexed library IDs

highVerified: 2026-06-10

error recovery

Error-path testing with unknown libraries, rate limits, and offline backend

Evidence

Context7 MCP implementation — Unresolved library names return candidate matches rather than hard failures; rate-limit and backend errors surface as readable messages the agent can react to

mediumVerified: 2026-06-10

🛡️Security

content injection resistance

Review of the ContextCrush vulnerability, its patch, and the residual risk of doc-content prompt injection

Evidence

Noma Labs — ContextCrush disclosure — ContextCrush: the Custom Rules / 'AI Instructions' feature let anyone publishing a library inject unsanitized instructions into consuming agents' context; researchers demonstrated .env credential theft. Disclosed 2026-02-18, patched 2026-02-23

Context7 repository — Post-patch, publisher-supplied instruction content is sanitized/restricted, but retrieved documentation remains third-party content flowing into the agent context by design

highVerified: 2026-06-10

supply chain trust

Analysis of the open library-submission pipeline as an attack surface for agent contexts

Evidence

Noma Labs — ContextCrush disclosure — Anyone can publish or update a library in Context7's index, making indexed docs an open supply chain into agent contexts; ContextCrush proved this channel was exploitable at scale

highVerified: 2026-06-10

vulnerability response

Assessment of disclosure-to-patch timeline and vendor cooperation

Evidence

Noma Labs — ContextCrush disclosure timeline — Disclosed to Upstash 2026-02-18; patched 2026-02-23 (5 days); coordinated public disclosure 2026-03-05 — fast remediation, though the vulnerable feature had shipped without sanitization review

highVerified: 2026-06-10

credential exposure risk

Analysis of indirect credential-theft pathways via injected instructions in a multi-tool agent

Evidence

Noma Labs — ContextCrush demonstration — The demonstrated exploit exfiltrated .env credentials by instructing the agent to read and transmit secrets — Context7 itself holds no credentials beyond an optional API key, but its content channel could weaponize other tools the agent holds

highVerified: 2026-06-10

authentication security

Review of API-key handling for the hosted endpoint and local server

Evidence

Context7 documentation — Works without authentication for basic use; optional API key raises rate limits and is passed via header/env var. Minimal credential surface, but the remote endpoint means key handling depends on client configuration

mediumVerified: 2026-06-10

🔒Privacy & Compliance

query data exposure

Data flow analysis of outbound query content to the hosted backend

Evidence

Context7 architecture — Library names and topic queries are sent to Upstash's hosted API; queries can reveal what technologies a team is using but contain no source code

mediumVerified: 2026-06-10

sensitive data protection

Assessment of direct and indirect sensitive-data pathways

Evidence

Context7 tool design — Tools never read local files or code themselves, limiting direct exposure; however, ContextCrush showed retrieved content can induce other tools to exfiltrate secrets, so isolation depends on the surrounding agent

mediumVerified: 2026-06-10

data minimization

Review of request payloads and tool surface area

Evidence

Context7 tool schemas — Only two narrowly-scoped read-only tools; requests carry just a library ID, topic, and token budget — a notably minimal data footprint among MCP servers

highVerified: 2026-06-10

third party data sharing

Data sharing pathway analysis across Upstash and LLM provider

Evidence

Upstash privacy policy — Queries are processed by Upstash per its privacy policy; retrieved docs additionally flow to the connected LLM provider like all MCP tool results

mediumVerified: 2026-06-10

👁️Trust & Transparency

documentation quality

Documentation completeness and accuracy review

Evidence

Context7 README — Clear installation instructions for 20+ MCP clients, both local and remote transports, and well-documented tool parameters

highVerified: 2026-06-10

open source transparency

Source availability review of client/server versus hosted backend

Evidence

GitHub repository — MCP server is MIT-licensed and open source; the backend indexing/retrieval pipeline at context7.com is proprietary, leaving part of the stack unauditable

highVerified: 2026-06-10

incident disclosure

Review of vendor communication during and after the ContextCrush incident

Evidence

Noma Labs — ContextCrush disclosure — Upstash cooperated with coordinated disclosure and patched within 5 days; public acknowledgment came primarily through the researcher's publication rather than a detailed vendor advisory

highVerified: 2026-06-10

operation visibility

Logging and traceability assessment of tool calls and returned content

Evidence

Context7 tool design — Both tools are read-only with visible parameters and outputs in MCP host logs; retrieved doc content is fully inspectable before the agent acts on it

highVerified: 2026-06-10

⚙️Operational Excellence

ease of setup

Setup complexity assessment across remote and local installation paths

Evidence

Context7 installation docs — Remote endpoint requires only a URL (https://mcp.context7.com/mcp) with no install; local server via npx @upstash/context7-mcp; no API key needed for basic use

highVerified: 2026-06-10

performance

Latency measurement of resolve and retrieval calls

Evidence

Context7 hosted API — Doc retrievals typically return in under a couple of seconds; configurable token budget keeps context costs predictable

mediumVerified: 2026-06-10

feature coverage

Feature scope assessment relative to documentation-retrieval needs

Evidence

Context7 tool reference — Deliberately narrow: two tools doing one job well (documentation retrieval); no code search, examples execution, or private-docs indexing in the open tier

highVerified: 2026-06-10

community adoption

Adoption metrics and ecosystem-integration analysis

Evidence

GitHub API — 57,127 stars as of 2026-06-10 — the largest MCP server repository on GitHub; integrated into setup guides of most major MCP clients

highVerified: 2026-06-10

maintenance activity

Commit frequency, release cadence, and patch-responsiveness analysis

Evidence

GitHub repository activity — Active maintenance by Upstash with regular releases, fast security patching (ContextCrush fixed in 5 days), and continuous library-index growth

highVerified: 2026-06-10

Strengths

+Directly addresses hallucinated/outdated APIs with version-specific, current documentation
+Largest MCP server community on GitHub (57.1k stars) with broad client integration
+Minimal tool surface: two read-only tools with a small, predictable data footprint
+Zero-friction setup — remote endpoint works with just a URL, no API key required
+Fast vendor response to the ContextCrush vulnerability (patched in 5 days)
+Configurable token budget keeps documentation injection cost-controlled

Limitations

!ContextCrush (Feb 2026) proved the library index is an exploitable injection channel into agent contexts; retrieved third-party content remains untrusted by design
!Open publishing model means doc quality and integrity vary across the index
!Backend indexing/retrieval pipeline is proprietary and unauditable
!Dependent on Upstash's hosted service — no fully offline operation
!Queries reveal a team's technology stack to a third party
!Narrow scope: documentation retrieval only, no private-docs support in the open tier

Metadata

license: MIT

supported platforms

0: All platforms with Node.js 18+ (local server); any MCP client (remote endpoint)

programming languages

0: TypeScript

mcp version: 1.0

github repo: https://github.com/upstash/context7

github stars: 57127

package: @upstash/context7-mcp

remote endpoint: https://mcp.context7.com/mcp

api dependency: Context7 hosted documentation API (Upstash)

authentication: Optional API key (higher rate limits)

first release: 2025-04

maintained by: Upstash

status: Active

security incidents

0: [object Object]

transport types

0: stdio

1: streamable-http

installation methods

0: npm

1: npx

2: remote-url

3: docker

Use Case Ratings

code generation

Core use case — current, version-specific docs measurably reduce hallucinated APIs and deprecated patterns

research assistant

Excellent for researching library capabilities and APIs; limited to indexed open-source documentation

education

Strong for learning frameworks with accurate, up-to-date examples instead of stale training data

content creation

Useful for writing accurate technical tutorials and documentation-backed articles

data analysis

Indirectly helpful (correct API usage for analysis libraries) but not an analysis tool itself