{"_id":"mcp-server-sentry","_rev":"2-a03d6e08694502e545bf2389f2077701","name":"mcp-server-sentry","dist-tags":{"latest":"0.0.2"},"versions":{"0.0.1":{"name":"mcp-server-sentry","version":"0.0.1","keywords":["security-research","canary","npx-confusion","bug-bounty"],"license":"MIT","_id":"mcp-server-sentry@0.0.1","maintainers":[{"name":"node-canaries","email":"reacher.dev@proton.me"}],"homepage":"https://github.com/theinfosecguy/npx-canary#readme","bugs":{"url":"https://github.com/theinfosecguy/npx-canary/issues"},"bin":{"mcp-server-sentry":"index.js"},"dist":{"shasum":"bb35a4f090eb1ef8833d9a90bafefeec099dd6b3","tarball":"https://registry.npmjs.org/mcp-server-sentry/-/mcp-server-sentry-0.0.1.tgz","fileCount":3,"integrity":"sha512-2lKbHqncUy77jU2CDqWm5GhYi+/KNDO/DlFcE14v6nRPKbfV+oKXd9NTGIoZqsERKNrVhn3+D6ZBmBMas1s6Jg==","signatures":[{"sig":"MEUCIQDUABUxr8yKrq4GHbEQQEGFAqZv3TYQP0tFBGqRg0hk/QIga5eiPTw8V/uSpAr5TAw+0uymZfe/7URiOoHHiiFIvOw=","keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U"}],"unpackedSize":3284},"main":"index.js","gitHead":"a3f48e2f41d1e89e848cd08ecec7032325af0bb3","scripts":{"postinstall":"node index.js"},"_npmUser":{"name":"node-canaries","email":"reacher.dev@proton.me"},"repository":{"url":"git+https://github.com/theinfosecguy/npx-canary.git","type":"git"},"_npmVersion":"11.6.2","description":"Security research canary — not for production use. Part of an authorized bug bounty research project.","directories":{},"_nodeVersion":"25.2.1","_hasShrinkwrap":false,"_npmOperationalInternal":{"tmp":"tmp/mcp-server-sentry_0.0.1_1780069668269_0.4157750364310273","host":"s3://npm-registry-packages-npm-production"}},"0.0.2":{"name":"mcp-server-sentry","version":"0.0.2","description":"Security research canary — not for production use. Part of an authorized bug bounty research project.","main":"index.js","bin":{"mcp-server-sentry":"index.js"},"scripts":{"postinstall":"node index.js"},"repository":{"type":"git","url":"git+https://github.com/theinfosecguy/npx-canary.git"},"license":"MIT","keywords":["security-research","canary","npx-confusion","bug-bounty"],"gitHead":"aa3bb402fbd4cbb5ca0be66cf675106eb797ef2c","_id":"mcp-server-sentry@0.0.2","bugs":{"url":"https://github.com/theinfosecguy/npx-canary/issues"},"homepage":"https://github.com/theinfosecguy/npx-canary#readme","_nodeVersion":"25.2.1","_npmVersion":"11.6.2","dist":{"integrity":"sha512-u7pRh8VK6D58yh+NN7d222POrR9yWlpIfGKEs1j8Gs+w8tSLKtnUg3HNEqlx4XMeY0HUbgKJ9SkR6if57HOvrQ==","shasum":"a99f477776fcacac2a38e53e9d5545b167b56202","tarball":"https://registry.npmjs.org/mcp-server-sentry/-/mcp-server-sentry-0.0.2.tgz","fileCount":3,"unpackedSize":3289,"signatures":[{"keyid":"SHA256:DhQ8wR5APBvFHLF/+Tc+AYvPOdTpcIDqOhxsBHRwC7U","sig":"MEUCIEMZa6yPd3y+i9CYqehPFW4XXNtqxbarHYZdrL2cjR67AiEAlyxt/M8Ol3WbFt3PlWX4vZGS1rjNdfe/NhwKpb3KdpM="}]},"_npmUser":{"name":"node-canaries","email":"reacher.dev@proton.me"},"directories":{},"maintainers":[{"name":"node-canaries","email":"reacher.dev@proton.me"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages-npm-production","tmp":"tmp/mcp-server-sentry_0.0.2_1780071707535_0.3011943125382399"},"_hasShrinkwrap":false}},"time":{"created":"2026-05-29T15:47:48.052Z","modified":"2026-05-29T16:21:47.808Z","0.0.1":"2026-05-29T15:47:48.422Z","0.0.2":"2026-05-29T16:21:47.680Z"},"bugs":{"url":"https://github.com/theinfosecguy/npx-canary/issues"},"license":"MIT","homepage":"https://github.com/theinfosecguy/npx-canary#readme","keywords":["security-research","canary","npx-confusion","bug-bounty"],"repository":{"type":"git","url":"git+https://github.com/theinfosecguy/npx-canary.git"},"description":"Security research canary — not for production use. Part of an authorized bug bounty research project.","maintainers":[{"name":"node-canaries","email":"reacher.dev@proton.me"}],"readme":"# mcp-server-sentry — Security Research Canary\n\nThis package is part of an authorized bug bounty research project investigating **npx confusion** — a supply chain attack vector where unclaimed npm package names matching common binary references can be squatted.\n\n## What this package does\n\nOn install or execution, it sends minimal telemetry to a logging endpoint:\n- Timestamp, hostname, working directory, npm user-agent, platform\n- **Nothing sensitive** — no environment variables, file contents, tokens, or keys\n\n## Why it exists\n\nThe unscoped package name `mcp-server-sentry` was unclaimed on npm. The official equivalent (if any) uses a scoped name. AI coding agents and developer tooling commonly invoke `npx mcp-server-sentry`, which resolves to whatever package owns this name on the npm registry. This canary proves that real traffic reaches this name.\n\n## Disclosure\n\nThis is security research. If you received this package unintentionally, it means an AI agent or automated tool resolved `mcp-server-sentry` via npx and the package was publicly available. No malicious action has been taken.\n\n**Questions?** Open an issue: https://github.com/theinfosecguy/npx-canary\n","readmeFilename":"README.md"}