Cybersecurity researchers with ReversingLabs and SpecterOps recently found this malicious JavaScript library, postmark-mcp. This discovery has raised alarm about the vulnerability of the software supply chain. The actual developer was someone under the name of “phanpak” who published the library to npm on 9/15/2025. It went viral almost instantly, racking up 1,643 downloads before it was pulled from the platform. In version 1.0.16, published only two days later, backdoor code was injected. This code silently CC’d every single email that went through the MCP server to the developer’s personal email address.
The postmark-mcp library is a duplication of a well-established library. It took us a single-line change to support the email forwarding feature. This change made it so that the library could duplicate thousands of emails sent to “phan@giftshop[.]club.” How easy this malicious behavior is to accomplish has shocked many cybersecurity specialists.
Nature of the Malicious Code
The postmark-mcp library is intentionally architected to mimic the valid features of its predecessor. Yet, it contained a critical bug that exposed user data. Ever since its rollout, this backdoor secretly diverted incoming intelligence, amassing a trove of sensitive emails without the users being aware.
Idan Dardikman, a cybersecurity researcher who analyzed the library, noted, “Since version 1.0.16, it’s been quietly copying every email to the developer’s personal server.” He called the postmark-mcp backdoor “embarrassingly easy.” As we learned from his demonstration, in which he deployed it on a 5G network and quickly captured sensitive user data, the dangers are deadly real.
Developer Background and Package Deletion
Phanpak, the author of the postmark-mcp package, has been a maintainer on 31 other npm packages. This singular library is the dramatic exception that proves the rule on why open development practices are a departure worth making in the software development community. After the discovery of its bad intentions, the postmark-mcp package was quickly removed from npm to stop any more exploitation.
In response to the incident, Postmarkapp.com issued a statement clarifying their lack of involvement with the malicious package: “We didn’t develop, authorize, or have any involvement with the ‘postmark-mcp’ npm package.” They further promised users that their legitimate Postmark API and services are safe and unaffected by this incident.
Implications for Software Supply Chain Security
The emergence of postmark-mcp is a reminder of the vulnerabilities that exist in software supply chains. This incident highlights how third-party libraries can present serious risks to application development. Cyber security researchers are calling on developers to take greater care with external packages. Even small malicious changes in these packages can lead to large-scale data leaks.
Fonseca explained that security is a top priority and as things develop, these high-security standards will be met. Second, they encourage appropriate vetting pipelines for software packages. Even the most ostensibly minor modification, like using postmark-mcp, can lead to disastrous results affecting user privacy and data integrity as evidenced by the case of postmark-mcp.