MALICIOUS versions of pgserve were published to npm on 21 April 2026, with the compromised editions being 1.1.11, 1.1.12 and 1.1.13. The versions inject a 1,143-line credential-harvesting script that runs via postinstall on every npm install, and the malware behaves as a supply-chain worm, re-injecting itself into every package that a victim’s machine token can publish.
Stolen data is encrypted with RSA-4096 plus AES-256 and exfiltrated to a decentralized Internet Computer Protocol canister, while a secondary webhook domain is used if a TEL_SIGN_KEY environment variable is set. The attack was detected by the StepSecurity AI Package Analyst, which flagged all three compromised versions as Critical / Rejected, and Harden-Runner confirmed live exfiltration before blocking the exfiltration domains telemetry.api-monitor[.]com and cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io.
The last legitimate pgserve release was v1.1.10, tagged on 17 April 2026, and the maintainer was notified via GitHub, with the compromised postinstall script named check-env[.]js and a public[.]pem file embedded in the package.