npm · Malicious package advisory
Malwaremcp-server-notion
MAL-2026-5480
Malicious code in mcp-server-notion (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2) Package occupies the unscoped name `mcp-server-notion` to catch misrouted installs of the scoped MCP Notion server. `package.json` declares `"postinstall": "node index.js"`, and `index.js` reads `os.hostname()`, `process.cwd()`, `process.env.npm_config_user_agent`, the Node version, and `os.platform()`, then POSTs them to `https://npx-canary-log.vulnerable-live.workers.dev/log`. The transmission fires automatically on `npm install` with no consent prompt or opt-in. The author self-describes the package as a security-research "canary," but the resulting behavior — squatting a confusable name and silently shipping installer host identifiers to a third-party Cloudflare Workers endpoint — is indistinguishable from a typosquat-and-beacon supply-chain attack, and the installer is not the consenting party.
Compromised versions (2)
- 0.0.1
- 0.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.