Unscoped package mcp-server-github impersonates the official @modelcontextprotocol/server-github MCP server. package.json declares a postinstall hook ("postinstall": "node index.js") that fires on every npm install. index.js POSTs a JSON payload to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log containing os.hostname(), process.cwd(), process.env.npm_config_user_agent, Node version, and platform/arch. The same exfiltration also fires when the package is invoked via npx, which is the documented invocation pattern for the legitimate scoped package and the likely confusion vector. Errors are silently swallowed. The combination of name-confusion against a widely-used scoped package, install-time auto-execution via lifecycle hook, hardcoded author-controlled destination, and unconsented transmission of installer host identifiers is a typosquat-with-payload supply-chain attack.