Which versions of create-docs-mcp are malicious?

The following npm versions of create-docs-mcp are flagged malicious: 9999.99.99. Treat any of these as compromised.

How do I remediate create-docs-mcp if I installed it?

Remove create-docs-mcp from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is create-docs-mcp part of a known attack campaign?

Yes — create-docs-mcp is associated with the IN-MAL-2026-004950, IN-MAL-2026-004949 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect create-docs-mcp in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking create-docs-mcp and packages like it before any post-install script runs.

Malicious package

create-docs-mcpnpm

Malicious code in create-docs-mcp (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5397

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall create-docs-mcp

What this malware does

Package is published at version 9999.99.99 — the canonical high-version override used in dependency-confusion attacks against private/internal package names — with a description self-identifying as a name referenced in a private repo. On npm install, postinstall.js POSTs JSON to https://ddactic-lab.online/sc/beacon containing package name/version, Node version, OS, CI detection, and the installer's GITHUB_REPOSITORY, GITHUB_REPOSITORY_OWNER, and GITHUB_WORKFLOW environment variables when present. A DNS-encoded fallback is also emitted to subdomains of b.ddactic-lab.online to bypass HTTP egress filtering. The package's library entry point is a no-op self-require; its sole functional behavior is the install-time recon beacon. Installer harm: private repository slugs, owner names, and workflow identifiers leak from CI pipelines to an attacker-controlled domain on every install, identifying which organizations are vulnerable to follow-on dependency-confusion attacks against this name.

Malicious versions

1 flagged

9999.99.99

Indicators of compromise (SHA-256)

9533aa7d902b057e81b29616867dc5c0c48ee5593ae48ee7954f19babf07cbc0

fd4381fd77419441a2eefe6b22adef6c9f5adfe1b92be5d071abd5908fdf8647

Frequently asked questions

No. create-docs-mcp on npm has been identified as a malicious package (version 9999.99.99 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004950IN-MAL-2026-004949

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection