Maybe the developer didn’t actually do this on purpose? I sometimes leave debug code in by accident when I publish as well. It happens. A bcc in plain sight seems like debug to me.
Maybe the developer didn’t actually do this on purpose? I sometimes leave debug code in by accident when I publish as well. It happens. A bcc in plain sight seems like debug to me.
Agreed. When building an app that sends email, bcc-ing yourself is an unreasonably effective logging mechanism.
Wouldn't they notice a shitload of private emails coming in and publicly apologize/announce what happened as soon as possible?
The reaction (removing the package) is also similar to an inexperienced developer when confronted to their first vulnerability report.
Assuming good intentions (debugging) rather than malice was at play, communication is key: drop the malicious version of the package, publish a fix, and communicate on public channels (blog post, here on HN, social media) about the incident.
A proper timeline (not that AI slop in the OP article) also helps bring back trust.
I came here to say this too. I’m really not sure he’d leave his very public personal email in there in purpose. I am not ashamed to say I still use my personal Gmail for testing in 2025.
By the way, this is not specific to MCP, could have happened to any package.
I maintain the Nodemailer library. Several years ago I used my personal email in a few usage examples. Developers still copy that old snippet, add their SMTP credentials and send test emails - which land in my inbox.