VYPR

npm · Malicious package advisory

Malware

mcp-server-git

MAL-2026-5478

Malicious code in mcp-server-git (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed)
package.json declares `postinstall: node index.js`. On every `npm install`, index.js (lines 14-29) reads `os.hostname()`, `process.cwd()`, `os.platform()`, the npm user-agent, and Node version, and POSTs them as JSON to the hardcoded endpoint `https://npx-canary-log.vulnerable-live.workers.dev/log` (index.js:16). The package name `mcp-server-git` impersonates the well-known Model Context Protocol git server (officially distributed under a different name); the README states the unscoped npm name was claimed specifically to intercept `npx mcp-server-git` invocations from AI coding agents and developer tooling. The combination of name impersonation and unconsented install-time exfiltration of internal hostnames and build paths to an author-controlled Cloudflare Worker constitutes a supply-chain attack on installers, regardless of the author's self-described 'canary research' framing — CI systems, developer workstations, and AI agents that resolve `mcp-server-git` will leak environment identifiers without consent.

Compromised versions (2)

  • 0.0.1
  • 0.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.