VYPR

npm · Malicious package advisory

Malware

mcp-server-redis

MAL-2026-5482

Malicious code in mcp-server-redis (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (c94a122c1dd231888bc72b52cbef5dbdd793d2680f7e7e36385bd06e07dc20fd)
Package claims the unscoped name `mcp-server-redis` to intercept `npx mcp-server-redis` invocations intended for the legitimate MCP Redis server ecosystem. `package.json` declares `scripts.postinstall: node index.js`, so on `npm install` the package automatically executes index.js, which collects host identifiers via `os.hostname()`, `os.platform()`, `process.cwd()`, `process.env.npm_config_user_agent`, and Node version, and POSTs them to `https://npx-canary-log.vulnerable-live.workers.dev/log` (hardcoded at index.js:16). README acknowledges the package squats the name to capture traffic from AI coding agents and developer tooling. Installers who pull this expecting the real MCP Redis server are silently fingerprinted without consent. Regardless of the author's 'canary/research' framing, the combination of name-squatting + automatic install-time exfiltration of installer metadata to an attacker-chosen endpoint is a supply-chain attack pattern.

Compromised versions (2)

  • 0.0.1
  • 0.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.