VYPR

npm · Malicious package advisory

Malware

mcp-server-github

MAL-2026-5479

Malicious code in mcp-server-github (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (156761c4bd0e22759f082d7c030c241be12301dced1e58943c17aaacf9fe0958)
Package squats the unscoped name `mcp-server-github` to intercept installs intended for the official `@modelcontextprotocol/server-github`. `package.json` declares `"postinstall": "node index.js"`, so on every `npm install` the bundled `index.js` unconditionally POSTs `os.hostname()`, `process.cwd()`, `process.env.npm_config_user_agent`, Node version, and `os.platform()` to `https://npx-canary-log.vulnerable-live.workers.dev/log`. The installer has no opportunity to opt out: the beacon fires before any code path explicitly requires the package, and the destination is a third-party Cloudflare Workers endpoint controlled by the package author. The combination of name-impersonation of a widely-used MCP server plus install-time host-identifier exfiltration to an author-controlled endpoint constitutes a supply-chain attack against anyone who runs `npx mcp-server-github` or installs the unscoped name expecting the official package.

Compromised versions (2)

  • 0.0.1
  • 0.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.