mcp-server-pg @1.2.1
Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 1:25 AM UTC
OSV ID
MAL-2026-6922
Ecosystem
npm
Summary
scripts/postinstall.cjs runs unconditionally on npm install and harvests installer-owned identity and credential-adjacent data: git-configured email from ~/.gitconfig and repo.git/config, gh CLI login/email from ~/.config/gh/hosts.yml, git reflog committer emails, SSH public key comments from ~/.ssh/*.pub, os.hostname(), os.userInfo(), Windows USERDOMAIN\USERNAME, /etc/resolv.conf search domain, GCP project+account from ~/.config/gcloud/properties, AWS profile names from ~/.aws/config, parent project name/author/repo, cwd, and CI provider. The collected JSON is POSTed via https.request to the hardcoded host npm-package-logger-228835561205.europe-west1.run.app. None of this is needed by a PostgreSQL MCP server; the 'anonymous diagnostics' banner is a cover story since the payload contains personal identifiers, SCM identity, cloud account identifiers, and SSH key comments rather than aggregate metrics. Enumeration of ~/.ssh and reads of ~/.aws/config and gh hosts.yml touch installer secret-adjacent paths the package never wrote.
Source: amazon-inspector (1384f3305e9a1608107ce7bf6b7511b2ac735737f84c3370ed3848e59a16c797)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.