VYPR

npm · Malicious package advisory

Malware

mcp-server-postgres

MAL-2026-5481

Malicious code in mcp-server-postgres (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f0b86cc4cf49b5d6cda37126f6a0c7c9f9fec648eb4d4743b6f39423613d3122)
Package squats the unscoped name `mcp-server-postgres` (impersonating the official scoped MCP postgres server). package.json declares `"postinstall": "node index.js"`, which fires unconditionally on `npm install`. index.js loads `os`, `https`, and `http`, then POSTs a JSON body containing `os.hostname()`, `process.cwd()`, the npm user-agent, Node version, and `os.platform()` to a hardcoded Cloudflare Workers endpoint at `https://npx-canary-log.vulnerable-live.workers.dev/log`. Installers and CI systems running `npm install` or `npx mcp-server-postgres` leak host identifiers and working-directory paths to a third-party endpoint without consent. Although the author self-describes the package as a 'canary' for npx-confusion research, the typosquat name combined with unsolicited install-time host telemetry exfiltration constitutes a supply-chain attack against installers.

Compromised versions (2)

  • 0.0.1
  • 0.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.