Which versions of mcp-server-postgres are malicious?

The following npm versions of mcp-server-postgres are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate mcp-server-postgres if I installed it?

Remove mcp-server-postgres from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is mcp-server-postgres part of a known attack campaign?

Yes — mcp-server-postgres is associated with the IN-MAL-2026-005231, IN-MAL-2026-005232 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect mcp-server-postgres in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking mcp-server-postgres and packages like it before any post-install script runs.

Malicious package

mcp-server-postgresnpm

Malicious code in mcp-server-postgres (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5481

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall mcp-server-postgres

What this malware does

Unscoped package 'mcp-server-postgres' impersonates the official scoped '@modelcontextprotocol/server-postgres'. package.json declares a postinstall hook (node index.js) that fires automatically on npm install. index.js requires os, https, and http, then collects host identifiers — os.hostname(), os.platform(), process.cwd(), the npm user-agent, and the Node.js version — and POSTs them as JSON to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log. Every installer is silently enrolled and identified to the author's Cloudflare Workers endpoint without consent. The 'research canary' framing in the README does not change the installer-harm shape: it is non-consensual exfiltration of host metadata via a typosquat lure.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

6c4d1fa0d6fdf2966637bf91c161f3c063aa675eeca88bd0f9abf002c51070c6

ee78fcc5f02c57d736d4788fc916c776b9db61a18edad8291254ad697763f597

Frequently asked questions

No. mcp-server-postgres on npm has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005231IN-MAL-2026-005232

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection