Security disclosure
On April 21–22, 2026, malicious versions of two npm packages we maintain were published as part of the CanisterWorm campaign — a self-propagating supply-chain worm attributed to TeamPCP, which affected multiple npm publishers. We detected it, contained it, and are telling you exactly what happened.
Published 2026-04-23 · Leia em português
What happened
A publish credential in our environment was compromised by the CanisterWorm worm (attributed to TeamPCP) and used to publish tainted versions of two packages we maintain. The vector is the same pattern that affected other npm publishers in April 2026: credential exfiltration via postinstall + self-propagation. The malicious versions executed on install and tried to steal local credentials. If you installed an affected version between April 21 and April 22, treat the machine as potentially compromised and follow the remediation guide below.
Packages affected · clean versions
| Package | Malicious versions | Clean version | npm status |
|---|---|---|---|
| @automagik/genie | 4.260421.33 – 4.260421.40 | 4.260422.4+ | Removed from registry |
| pgserve | 1.1.11 – 1.1.14 | 1.1.10 | Removed from registry |
The malicious versions were unpublished from the npm registry and can no longer be installed. All Automagik publications from 2026-04-23 onward ship with npm --provenance attestations.
What we did
- Revoked compromised credentials and reissued tokens with minimum scope and mandatory 2FA.
- Deprecated and removed malicious versions from the npm registry.
- Contained the incident within our internal fleet — no customer production environment was touched.
- Blocked the malware's command-and-control endpoints at the perimeter.
- Notified customers whose contracts require it, within contractual SLAs.
If you installed an affected version
Treat your machine as potentially compromised.
The malware executes on install and tries to steal local credentials (npm tokens, SSH keys, cloud credentials, .env files, browser passwords, crypto wallets). Rotating credentials is the only safe path forward.
Apply the security patch.
Start with the regular user command. Use the elevated command only for root-owned installations or npm caches.
npx @automagik/genie@next sec fixsudo npx @automagik/genie@next sec fixWe published a step-by-step response manual covering identification, interpretation, remediation, and prevention. Start there:
What changed
- We exited the public npm publishing network. Namastex packages now ship via Aegis — signed GitHub Releases with cosign keyless (OIDC) + SLSA L3 provenance attestation.
- Aegis (automagik-dev/aegis) — a new module in the Automagik bundle dedicated to safe AI shipping, evolving continuously toward more secure GenAI environments.
- `aegis scan` as a continuous host-level gate — runs in every development workspace and CI before sensitive operations, detecting compromised versions, known payloads, and persistence.
- Runtime integrity verification via `aegis verify-install` — every binary proves its provenance (cosign + SLSA) before any system mutation.
- Full public post-mortem (in progress).
Acknowledgments
We are grateful to the researchers and organizations that identified and tracked this incident, making it possible for every affected team to respond quickly.
- →Socket Research Team for the primary discovery and continued tracking at socket.dev/supply-chain-attacks/canistersprawl.
- →Endor Labs, Kodem Security, BleepingComputer, The Register, CSO Online, GBHackers, and Cybersecurity News for the coverage, analysis, and technical breakdowns that helped defenders respond.
Thanks also to the Automagik team that ran the end-to-end response during the incident window, and to the broader open-source community whose scrutiny, tools, and unfiltered feedback keep this ecosystem healthy. We will keep earning it.
Contact
Questions, reports, or help with remediation — reach us privately. We respond within 2 business hours (UTC-3).
PGP available on request. Private security reports are encouraged via the channels above rather than public issues.
Namastex Labs Serviços em Tecnologia Ltda · CNPJ 46.156.854/0001-62
This page will be updated as our investigation concludes and our post-mortem is published. Last updated: 2026-04-23.