{"id":"MAL-2026-5481","summary":"Malicious code in mcp-server-postgres (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f0b86cc4cf49b5d6cda37126f6a0c7c9f9fec648eb4d4743b6f39423613d3122)\nPackage squats the unscoped name `mcp-server-postgres` (impersonating the official scoped MCP postgres server). package.json declares `\"postinstall\": \"node index.js\"`, which fires unconditionally on `npm install`. index.js loads `os`, `https`, and `http`, then POSTs a JSON body containing `os.hostname()`, `process.cwd()`, the npm user-agent, Node version, and `os.platform()` to a hardcoded Cloudflare Workers endpoint at `https://npx-canary-log.vulnerable-live.workers.dev/log`. Installers and CI systems running `npm install` or `npx mcp-server-postgres` leak host identifiers and working-directory paths to a third-party endpoint without consent. Although the author self-describes the package as a 'canary' for npx-confusion research, the typosquat name combined with unsolicited install-time host telemetry exfiltration constitutes a supply-chain attack against installers.\n","modified":"2026-06-12T20:01:43.759089645Z","published":"2026-06-09T20:34:49Z","database_specific":{"malicious-packages-origins":[{"sha256":"6c4d1fa0d6fdf2966637bf91c161f3c063aa675eeca88bd0f9abf002c51070c6","source":"amazon-inspector","modified_time":"2026-06-09T20:34:49Z","versions":["0.0.1"],"id":"IN-MAL-2026-005231","import_time":"2026-06-09T20:45:57.509546196Z"},{"id":"IN-MAL-2026-005232","source":"amazon-inspector","sha256":"ee78fcc5f02c57d736d4788fc916c776b9db61a18edad8291254ad697763f597","versions":["0.0.1"],"modified_time":"2026-06-09T20:34:50Z","import_time":"2026-06-09T20:45:57.599849438Z"},{"sha256":"083002f0c966dc86b847b4a40733a705c82249bbdad0d7f3fef8861f58f983f1","source":"amazon-inspector","modified_time":"2026-06-12T19:07:29Z","versions":["0.0.2"],"id":"IN-MAL-2026-006022","import_time":"2026-06-12T19:43:59.235102535Z"},{"sha256":"f0b86cc4cf49b5d6cda37126f6a0c7c9f9fec648eb4d4743b6f39423613d3122","source":"amazon-inspector","modified_time":"2026-06-12T19:07:27Z","versions":["0.0.2"],"id":"IN-MAL-2026-006019","import_time":"2026-06-12T19:43:58.903981438Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-postgres/v/0.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-postgres/v/0.0.2"}],"affected":[{"package":{"name":"mcp-server-postgres","ecosystem":"npm","purl":"pkg:npm/mcp-server-postgres"},"versions":["0.0.1","0.0.2"],"database_specific":{"indicators":{"evidence_files":[{"tlsh":"6c3195e180f805351fee46d3e2e9a899a36ff126360778f0b49e02295fc90980771cd2","path":"index.js","sha256":"7e44b21be634b28a9772004faf455a933349127afe559353d0e7e61dccdbbb7b"}],"domains":["npx-canary-log.vulnerable-live.workers.dev"],"package_integrity":[{"hashes":{"sha1":"619d5e7a8cf71d7cbf29b260f406442286c4935f","sha512_sri":"sha512-IxhzDulWucT/bRAY4fo07EpNfusWdSz1iCwmawMrlUeIJXbovHCwDa8qq04xY2w8EYWvE/SjiCIbyl6PuqVS2Q=="},"filename":"mcp-server-postgres-0.0.1.tgz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-postgres/MAL-2026-5481.json","cwes":[{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}