{"id":"MAL-2026-5485","summary":"Malicious code in mcp-server-supabase (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8)\nPackage squats the unscoped name `mcp-server-supabase` to intercept `npx mcp-server-supabase` invocations intended for the official scoped Supabase Model Context Protocol server. `package.json` declares `\"postinstall\": \"node index.js\"`, and `index.js` collects `os.hostname()`, `os.platform()`, `process.cwd()`, `npm_config_user_agent`, and Node.js version, then POSTs them to `https://npx-canary-log.vulnerable-live.workers.dev/log` (hardcoded at index.js:16). Every install or `npx` invocation silently transmits installer host identifiers to an attacker-controlled Cloudflare Workers endpoint, with no consent, opt-out, or documentation prior to install. The name-confusion attack ensures AI coding agents and developer tooling that invoke the unscoped name are routed to this code instead of the legitimate scoped package.\n","modified":"2026-06-12T20:01:44.109242621Z","published":"2026-06-09T20:33:36Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-09T20:33:37Z","id":"IN-MAL-2026-005218","versions":["0.0.1"],"import_time":"2026-06-09T20:45:55.633073611Z","source":"amazon-inspector","sha256":"08b416eb115aa1fc3bcf831a10dcb808fcaa66c0c5d8986fc10fe61ca901584d"},{"modified_time":"2026-06-09T20:33:36Z","id":"IN-MAL-2026-005217","versions":["0.0.1"],"import_time":"2026-06-09T20:45:55.5165788Z","source":"amazon-inspector","sha256":"fdd7519780160ab3a92639d54eab0a62f08b3d435e61276f4ba599c638c3cd40"},{"import_time":"2026-06-12T19:43:47.636332059Z","id":"IN-MAL-2026-005920","versions":["0.0.2"],"source":"amazon-inspector","modified_time":"2026-06-12T19:04:50Z","sha256":"437a772e3658568d06f1071a482406523fe96faa46bddc4be35a2e3a45a216ec"},{"modified_time":"2026-06-12T19:04:49Z","source":"amazon-inspector","versions":["0.0.2"],"id":"IN-MAL-2026-005919","import_time":"2026-06-12T19:43:47.541860966Z","sha256":"85ea87cccc1a60ceb3cf3efe3d5e9839ae5e2a53beaa024a66827f2cdc2504c8"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-supabase/v/0.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-supabase/v/0.0.2"}],"affected":[{"package":{"name":"mcp-server-supabase","ecosystem":"npm","purl":"pkg:npm/mcp-server-supabase"},"versions":["0.0.1","0.0.2"],"database_specific":{"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"indicators":{"package_integrity":[{"filename":"mcp-server-supabase-0.0.1.tgz","hashes":{"sha1":"53c3f9388bd9cb7fd862b9d6dd1c46f2b7b935c2","sha512_sri":"sha512-BsJPxD8cz1K9NMUPcgPmb6WD6bJwccDiFHZkVNqx2P+GBvC+mfA+AL/G9jzFkWHbOXfMg44XkVCOtQQLE5daSQ=="}}],"evidence_files":[{"tlsh":"133195e181f805351bee46d3e1e9a899a36ff1263a0778f0b45e02691fc909807b1cd2","path":"index.js","sha256":"f51bf8adfd8286861e0d580cb654ec8c989708c2174a85a98192f5b1363f968f"},{"tlsh":"4af09e70d87495330aed4ae10476a444b579aa161640fc2913d3506cd75c9b713bf29c","path":"package.json","sha256":"fc34b558cf6802024814801a560fa4ee4c85470ab43a171c2c13a94d4081c7cc"}],"domains":["npx-canary-log.vulnerable-live.workers.dev"]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-supabase/MAL-2026-5485.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}