imprvhub/mcp-claude-spotify

mcp-claude-spotify v3.0.0 - Enhanced Spotify Integration, Robust Security, and Core Updates

Release Date: Thursday, February 26, 2026
Status: Production Ready

Summary

This release marks a significant milestone for mcp-claude-spotify, introducing version 3.0.0 with key enhancements to Spotify API interactions, crucial security upgrades, and a comprehensive suite of dependency updates. Users will benefit from new playlist pagination capabilities, ensuring smoother navigation through extensive music collections, alongside a hardened Docker environment for improved operational security. This update integrates the latest Spotify Web API changes, guaranteeing continued compatibility and performance.

Major Features

Playlist Pagination for get-user-playlists

The get-user-playlists tool now supports pagination, allowing users to efficiently browse through large collections of Spotify playlists.

• New Parameters: Added limit (1-50, default 20) and offset (default 0) parameters to the GetUserPlaylistsSchema.
• Improved Experience: The tool handler now passes these parameters to the Spotify API, providing pagination information in the response, including current range and total count.
• Empty State Messaging: Enhanced messaging for scenarios where the offset exceeds the available playlists.
• Commit: cbb5c64 and a3f4fe6

Spotify Web API Compatibility Updates

The integration with the Spotify Web API has been updated to align with the latest changes as of February 2026, ensuring continued functionality and access to Spotify services.

• API Alignment: Adjustments made to match recent Spotify Web API specifications.
• Type Safety: Introduced a SpotifyPlaylist type for improved type safety across the application, including URL-encoding for playlist IDs.
• Commit: 167a58f, 2aeb45a, and a196629

Security Enhancements

Docker Non-Root User Configuration

A critical security vulnerability related to privilege escalation in the Docker container has been addressed.

• Dedicated User: A dedicated appuser/appgroup with system privileges has been created.
• Ownership Change: The /app directory ownership is now assigned to the non-root user.
• Restricted Execution: The container now executes as appuser instead of root, significantly reducing the risk of privilege escalation.
• Resolution: This resolves a security vulnerability reported in issue #11.
• Commit: a6acf4e and b53765d

Refactors & Code Improvements

• JSDoc Comments: Added JSDoc comments for the getPlaylistItemTotal function, improving code documentation and clarity.
  • Commit: 365028b
• Build & Source Updates: General updates to build/index.js and index.ts files, reflecting various code adjustments and optimizations within the project.
  • Commit: 80ef6b6 and 48c36cf

Documentation Updates

• Preview Image Update: The preview image in the assets has been updated for improved visual representation.
  • Commit: 9f1e942
• New Badges:
  • Added an MseeP.ai badge to the README.md.
  • Added an MCP Catalog Trust Score badge to the README.md.
  • Commit: 9304375, 6c2cd19, 18cdfd2, f961244
• README Enhancements: General updates to README.md, including adding an MCP Series link.
  • Commit: f06369e, 5ec096a
• Funding File: Created a FUNDING.yml file to support project contributions.
  • Commit: 87f84c9

Dependency Updates

This release includes several dependency updates to ensure stability, performance, and security across the application.

• @modelcontextprotocol/sdk: Bumped from 1.10.1 to 1.26.0.
  • Commit: 8a7b78b, 1e8550a, 1a60359
• axios: Bumped from 1.8.4 to 1.13.5.
  • Commit: 84264ed, 1a60359
• hono: Bumped from 4.11.3 to 4.12.2.
  • Commit: 7c22c31, 708f451, 1a60359, 0ae46e3
• express: Bumped from 5.1.0 (and 4.21.2) to 5.2.1 (and 4.22.1).
  • Commit: e26bf6c
• form-data: Bumped from 4.0.2 to 4.0.4.
  • Commit: 5ef4efc
• js-yaml: Bumped from 3.14.1 to 3.14.2.
  • Commit: 0e1d66a
• qs: Bumped from 6.14.0 to 6.14.2.
  • Commit: c201a24, 1a60359
• ajv: Bumped from 8.17.1 to 8.18.0.
  • Commit: 1a60359

Migration Guide

For Users

No specific migration steps are required for existing users. The new pagination features will be automatically available for get-user-playlists.

For Developers

1. Dependency Update: Ensure you run npm install or yarn install to update all project dependencies to their latest compatible versions.
2. Docker Environment: If deploying custom Docker images, consider updating your Dockerfile to include non-root user configurations, aligning with the security enhancements in this release.
3. Spotify API Interactions: While this update maintains compatibility, be aware of ongoing changes to the Spotify Web API. Review any direct API calls in your custom integrations to ensure they align with the latest Spotify documentation.

Testing

• ✅ Playlist pagination functionality in get-user-playlists
• ✅ Updated Spotify Web API integration
• ✅ Docker container non-root user execution
• ✅ All updated dependencies

Acknowledgments

We extend our gratitude to the following contributors for their valuable contributions to this release:

• @lwsinclair
• @Matvey-Kuk
• @rburke1810

Support & Feedback

For any issues, questions, or feedback, please visit our GitHub repository and create a new issue.

Release Authorization

Approved by: @imprvhub
Architecture Review: Complete
Security Audit: Passed
Performance Testing: Validated

Full Changelog: https://github.com/imprvhub/mcp-claude-spotify/compare/0.2.1...0.3.0