Mastra npm Supply Chain Attack Hits 144 Packages via Hijacked Account

A single compromised npm contributor account ("ehindero") was used to mass-publish more than 144 malicious packages across the @mastra/* scope on June 17, 2026, in an 88-minute automated campaign tracked as "easy-day-js." Mastra is a widely used open-source JavaScript and TypeScript framework for building AI applications, and its packages are routinely installed inside cloud and AI development environments that hold high-value credentials. Researchers from JFrog, SafeDep, Socket, and StepSecurity jointly analyzed the incident, warning that the Mastra ecosystem is an exceptionally high-value target because of its position at the intersection of AI development and production infrastructure. The infected packages themselves do not contain malicious code; instead, the attacker added a third-party library named "easy-day-js" to each package's dependency list.

The "easy-day-js" package is a functional clone of the popular "dayjs" date utility, first published on June 16, 2026, by an npm user called "sergey2016," and later updated with malicious changes at 1:01 a.m. UTC on June 17. Its postinstall hook fires an obfuscated loader that disables SSL/TLS certificate validation, then fetches a second-stage payload from attacker-controlled infrastructure at 23.254.164[.]92. The loader spawns the payload as a detached background process and then self-deletes to minimize forensic evidence. SafeDep characterized the second stage as a cross-platform information stealer capable of harvesting browser history, draining data from more than 160 cryptocurrency wallet browser extensions, and establishing persistence on Windows, macOS, and Linux systems before exfiltrating everything to a command-and-control server at 23.254.164[.]123. Operators can also push follow-on modules for execution on any of the three major operating systems. Security teams can investigate the hosting infrastructure further with a WHOIS lookup on the suspicious IPs, and verify outbound network behavior using a DNS leak test to detect unexpected resolutions.

JFrog noted that the campaign combined familiar supply chain tradecraft with practical stealth: a clean decoy version, an obfuscated postinstall loader, runtime payload download, detached execution, self-deletion, Node-themed persistence, and a remote module system. Even if the compromised "easy-day-js" package is removed after installation, the second-stage process may continue running and persistence may already be in place. The incident underscores how a single small dependency change can become an install-time compromise across a large package ecosystem, and highlights why developers should pin dependency versions, enable npm audit signatures, and monitor postinstall script behavior in CI/CD pipelines.