We built this to power our own platform internally and thought it might be useful to the broader community. Most of it is open source.
The problem: MCP servers are code, not packages. Every server has different install procedures, runtimes, and configs. Beyond the UX annoyance, this creates real issues:
1. Cold starts: pip install or npm install at runtime kills latency. MCPB vendors dependencies, so startup is just unzip and execute (some of ours were taking 60+ seconds to `npm install`) 2. Non-deterministic builds: Same repo, different day, different behavior. Transitive deps shift. Bundles are immutable artifacts, same SHA = same behavior. 3. Security: You can scan a bundle before running it. Generate SBOMs. Run grype/syft/trivy. Know what you're executing before you execute it.
The CLI:
```
mpak search weather
mpak pull @publisher/weather
mpak run @publisher/weather
```
Publishing is a GitHub Action (uses OIDC, no API keys): - uses: NimbleBrainInc/mcpb-pack@v2
There's also a TypeScript SDK if you're building an MCP client and want to add bundle support programmatically.
Tag a release, bundle gets built and registered automatically.
MCPB is the spec (from the MCP maintainers). We run a public registry at mpak.dev, but the format is what matters. The goal is ecosystem-wide adoption, not lock-in.
CLI: npm i -g @nimblebrain/mpak
Registry: https://mpak.dev
Spec: https://github.com/modelcontextprotocol/mcpb
(PS We're also packaging up skills on it too.)
Happy to answer questions about the format or architecture.