Npm imposters for pgserve and automagik …

NPM PUB_DATE: 2026.04.23

NPM IMPOSTERS FOR PGSERVE AND AUTOMAGIK EXFILTRATE CLOUD CREDS AND WORM INTO YOUR PACKAGES

Malicious npm packages impersonating pgserve and automagik are stealing cloud credentials and infecting developers’ published packages via npm tokens. Research...

Malicious npm packages impersonating pgserve and automagik are stealing cloud credentials and infecting developers’ published packages via npm tokens.

Researchers at Socket flagged fake pgserve and automagik packages on npm that harvest data, SSH keys, browser wallets, and cloud creds, then spread to other machines and projects via worm-like behavior. StepSecurity separately confirmed compromised pgserve versions (1.1.11–1.1.13) with a 1,143‑line postinstall credential stealer, saying the last clean pgserve is 1.1.10 InfoWorld.

The fake automagik variants include 4.260421.33 through 4.260421.39, with additional malicious releases still emerging and the full scope under investigation InfoWorld. Socket also noted overlap with the recent CanisterWorm npm supply‑chain campaign.

[ WHY_IT_MATTERS ]

01.

This is a developer-focused supply-chain worm that can steal AWS/Azure/GCP creds and silently backdoor every npm package you publish.

02.

Even transient dev boxes and CI agents are targets via postinstall scripts, so blast radius can include org-wide registries and runtime environments.

[ WHAT_TO_TEST ]

terminal
Scan lockfiles and internal registries for pgserve@1.1.11–1.1.13, automagik 4.260421.33–.39, and automagik/genie; break builds on detection.
terminal
Run CI with npm ci --ignore-scripts and egress blocks during install; measure breakage and rotate any discovered npm/cloud tokens.

[ BROWNFIELD_PERSPECTIVE ]

Legacy codebase integration strategies...

01.
Freeze to last-known-good versions (pgserve<=1.1.10), enforce private proxy/allowlists, disable install scripts in CI, and rotate/revoke npm publish and cloud creds.
02.
Require 2FA and minimal scopes on npm tokens; audit your published packages for unauthorized changes.

[ GREENFIELD_PERSPECTIVE ]

Fresh architecture paradigms...

01.
Adopt ephemeral dev environments with no long-lived cloud creds, per-project scoped tokens, and a curated internal registry.
02.
Treat install-time scripts as hostile by default; enforce lockfiles, SBOMs, and continuous dependency scanning from day one.

Enjoying_this_story?

Get daily NPM + SDLC updates.

Practical tactics you can ship tomorrow
Tooling, workflows, and architecture notes
One short email each weekday

arrow_back

PREVIOUS_DATA_LOG

Agentic AI in prod: adaptive circuit breakers, safer checkpoints, and shadow deploys

Initialize_Return_to_Core

LINK_STATUS: 127.0.0.1 (SECURE)

NEXT_DATA_LOG

Fixing bank chatbots: voice-first, context-grounded, and compliance-aware

arrow_forward