npm · Malicious package advisory
Malwaremcp-server-postgres
MAL-2026-5481
Malicious code in mcp-server-postgres (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f0b86cc4cf49b5d6cda37126f6a0c7c9f9fec648eb4d4743b6f39423613d3122) Package squats the unscoped name `mcp-server-postgres` (impersonating the official scoped MCP postgres server). package.json declares `"postinstall": "node index.js"`, which fires unconditionally on `npm install`. index.js loads `os`, `https`, and `http`, then POSTs a JSON body containing `os.hostname()`, `process.cwd()`, the npm user-agent, Node version, and `os.platform()` to a hardcoded Cloudflare Workers endpoint at `https://npx-canary-log.vulnerable-live.workers.dev/log`. Installers and CI systems running `npm install` or `npx mcp-server-postgres` leak host identifiers and working-directory paths to a third-party endpoint without consent. Although the author self-describes the package as a 'canary' for npx-confusion research, the typosquat name combined with unsolicited install-time host telemetry exfiltration constitutes a supply-chain attack against installers.
Compromised versions (2)
- 0.0.1
- 0.0.2
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.