pgserve is maintained by Automagik. We take the security of this package seriously and appreciate responsible disclosure from the community.
Please do not open public issues for security reports.
Send private reports to one of the following channels:
| Channel | Address | Best for |
|---|---|---|
| Security email | privacidade@namastex.ai |
Anything security-related, including coordinated disclosure |
| DPO (privacy + security officer) | dpo@khal.ai |
Privacy, LGPD, data protection concerns |
| Private GitHub advisory | Report via GitHub | Preferred for CVE assignment and coordinated release |
PGP available on request.
- Acknowledgement: within 2 business hours (UTC-3).
- Initial triage and severity assessment: within 24 hours.
- Fix or mitigation plan: within 7 days for critical/high severity.
- Public disclosure: coordinated with reporter, typically within 30 days of fix.
We will credit reporters publicly (with their permission) in the released advisory.
| Version line | Status |
|---|---|
1.1.10 and later clean releases |
✅ Supported — current |
1.1.11 – 1.1.14 |
❌ COMPROMISED — do not use |
1.1.0 – 1.1.9 |
|
1.0.x and earlier |
❌ End of life |
Always install from the current stable line. Pin explicit versions in your package.json and avoid latest for supply-chain sensitive packages.
Between 2026-04-21 (~22:14 UTC) and 2026-04-22 (~14:00 UTC), versions 1.1.11, 1.1.12, 1.1.13, and 1.1.14 were published to npm by a threat actor after a developer GitHub OAuth token was exfiltrated. The malicious versions contained a TeamPCP payload in scripts/check-env.js that executed via postinstall to harvest local credentials.
- Exposure window: ~16 hours
- Detection-to-containment: under 20 hours
- Current status: malicious versions
npm unpublish-ed and no longer installable
If you installed versions 1.1.11 – 1.1.14 between April 21–22, 2026, assume your machine is compromised. Follow the remediation guide linked below.
Resources:
- 📖 Full incident response manual
- 🌐 Public advisory (English)
- 🌐 Aviso público (Português)
- 🛡️ GitHub Security Advisories for this repository
A full public post-mortem will be published within 30 days of containment.
We thank the researchers and organizations that identified and tracked this incident:
- Socket Research Team — primary discovery and continued tracking at socket.dev/supply-chain-attacks/canistersprawl.
- Endor Labs, Kodem Security, BleepingComputer, The Register, CSO Online, GBHackers, Cybersecurity News — for coverage, analysis, and technical breakdowns that helped defenders respond quickly.
We also thank the Automagik team that ran the end-to-end response during the incident window, and the broader open-source community whose scrutiny, tools, and unfiltered feedback keep this ecosystem healthy. We will keep earning it.
Effective 2026-04-23, all pgserve releases are governed by:
- Provenance attestation — every publication is signed with
npm --provenanceand verifiable via Sigstore. - OIDC trusted publishing — migrating to GitHub Actions OIDC publish, eliminating long-lived npm tokens. (in progress)
- Mandatory 2FA on every maintainer account with publish rights.
- Environment protection — production publishes require manual approval from a second maintainer.
- Quarterly token audit — scope and permission review.
- External pentest — scheduled ahead of the original roadmap.
- Pin explicit versions, not
latest:"pgserve": "1.1.10". - Use
npm ciin CI. It enforces lockfile-based installs by default. - Evaluate
--ignore-scriptsper-package for untrusted dependencies. The currentpgserverelease does not require any lifecycle script to function. - Verify package provenance:
npm view pgserve --json | jq '.dist.attestations'. - Monitor advisories: subscribe to GitHub security alerts for this repository.
- Security & incidents:
privacidade@namastex.ai - Data Protection Officer (DPO): Cezar Vasconcelos —
dpo@khal.ai - Security disclosure page: automagik.dev/security
Namastex Labs Serviços em Tecnologia Ltda · CNPJ 46.156.854/0001-62
Last updated: 2026-04-23 · v1.0