Which versions of mcp-server-fetch are malicious?

The following npm versions of mcp-server-fetch are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate mcp-server-fetch if I installed it?

Remove mcp-server-fetch from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is mcp-server-fetch part of a known attack campaign?

Yes — mcp-server-fetch is associated with the IN-MAL-2026-005234, IN-MAL-2026-005233 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect mcp-server-fetch in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking mcp-server-fetch and packages like it before any post-install script runs.

Malicious package

mcp-server-fetchnpm

Malicious code in mcp-server-fetch (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5476

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall mcp-server-fetch

What this malware does

Package name squats the legitimate scoped MCP fetch server. The package.json declares "postinstall": "node index.js", which runs index.js on every npm install. index.js builds a payload from os.hostname(), os.platform(), process.cwd(), process.version, and the npm_config_user_agent environment variable, then POSTs it to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log (a Cloudflare Worker not affiliated with the legitimate MCP project). The same code runs again whenever the bin is invoked. The README's framing as "authorized bug bounty research" does not constitute consent from installers, who receive no notice and no opt-out before host identifiers leave their machine on npm install. The combination of name-squatting a known package, a postinstall hook firing automatically, and unconsented exfiltration of host identifiers to an attacker-style anonymous worker endpoint matches the typosquat-with-exfiltration pattern.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

4a64ba282db25ccfc53d1b5cb699a2cd68ec0e5124003e211f9928e96674122c

850472999c9baffe4a663fb1b8dd900ba844e8296aeb24de25864c6025af1c16

Frequently asked questions

No. mcp-server-fetch on npm has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005234IN-MAL-2026-005233

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection