A supply chain attack on June 17, 2026, injected a malicious easy-day-js dependency into 140+ packages across the @mastra npm scope, deploying a postinstall dropper that steals cryptocurrency wallets, API keys, and CI/CD credentials from developer workstations Microsoft Security Blog. The attack, attributed with high confidence to the North Korean state-sponsored group Sapphire Sleet, exploited a dormant contributor account that retained publish access to the entire Mastra ecosystem Snyk.
The blast radius includes high-traffic packages such as @mastra/core (4 million monthly downloads) and mastra (1.5 million monthly downloads). Combined weekly downloads across all affected packages exceed 1.1 million, making this one of the most broadly impactful npm supply chain compromises of 2026 StepSecurity.
Mastra Npm Supply Chain Attack: How the Attack Unfolded
The attack chain required no zero-day vulnerability. Instead, the attacker compromised the npm account ehindero, a former Mastra contributor whose publish rights to the @mastra scope had never been revoked Snyk. npm does not expire scope publish permissions for inactive accounts, so a single stolen credential was sufficient to push updates to every package in the ecosystem.
On June 16, 2026, the attacker published a clean easy-day-js@1.11.21 as a bait package. This version was a byte-for-byte clone of the legitimate dayjs library (57 million weekly downloads), including matching metadata, repository URL, and author fields StepSecurity. The attacker then injected "easy-day-js": "^1.11.21" into the package.json files of 140+ @mastra packages and republished them with easy-day-js tagged as latest.
The critical detail is npm’s SemVer resolution. When users ran npm install, the caret range ^1.11.21 automatically resolved to easy-day-js@1.11.22, which the attacker uploaded on June 17 at 01:01 UTC with a malicious postinstall hook Microsoft Security Blog.
The Malicious Payload
The weaponized easy-day-js@1.11.22 contains a 4,572-byte obfuscated setup.cjs dropper that executes automatically during installation, even if the compromised package is never explicitly imported in application code Microsoft Security Blog. The dropper performs the following actions in sequence:
- Disables TLS certificate validation by setting
NODE_TLS_REJECT_UNAUTHORIZED=0, allowing the payload to communicate with attacker infrastructure over a self-signed certificate on a raw IP address. - Writes marker files to
~/.pkg_historyand~/.pkg_logsto track infected hosts. - Downloads a second-stage payload from
https://23.254.164[.]92:8000/update/49890878. - Writes the payload to the system temporary directory and executes it as a detached, window-hidden Node.js process.
- Self-deletes to reduce forensic traces.
The second-stage payload is an obfuscated cross-platform tool that targets cryptocurrency wallets and developer credentials. It reads Chrome, Brave, and Edge browser profiles to extract data from MetaMask, Phantom, Solflare, Coinbase Wallet, OKX, and Keplr extensions. It also collects system metadata, LLM API keys, cloud provider credentials, database connection strings, and CI/CD tokens StepSecurity.
Scope and Impact
The attacker republished 142 packages across the Mastra ecosystem in a tightly automated sequence between 01:12 and 02:39 UTC on June 17 Snyk. Key compromised packages include:
@mastra/core@1.42.1— core framework engine (4M monthly downloads)@mastra/memory@1.20.4— memory management layer@mastra/server@2.1.1— runtime server component@mastra/deployer@1.42.1— deployment toolingmastra@1.13.1— top-level framework package@mastra/rag@2.2.2— retrieval-augmented generation integrations@mastra/mcp@1.10.1— Model Context Protocol integrations
The Mastra team responded within hours, revoking the attacker’s publish access, removing the malicious easy-day-js package from npm, and forward-rolling clean versions for all affected packages Snyk. Source code in the Mastra GitHub repository was not modified; the malicious dependency was injected only into published npm tarballs.
What Developers Should Do
If you installed any @mastra package, or any package that depends on @mastra, on or after June 17, 2026, treat your environment as potentially compromised StepSecurity.
Immediate remediation steps include:
- Audit your
package-lock.jsonandnpm-shrinkwrap.jsonforeasy-day-jsentries. - Delete
node_modulesand reinstall from a clean lockfile. - Rotate all credentials exposed on the affected machine: LLM API keys, GitHub tokens, AWS keys, npm tokens, and cryptocurrency wallet seed phrases.
- Review system persistence mechanisms, including scheduled tasks, launch agents, and Node.js background processes.
Bottom Line
The Mastra supply chain attack was not a sophisticated zero-day exploit. It was a credential hygiene failure: a dormant npm account retained publish access for months, and the attacker used it to inject a single malicious dependency across an entire package scope. The postinstall hook converted every installation command into an automatic compromise vector, and the payload went after the most sensitive assets developers keep on their workstations.
This incident reinforces a rule that grows more important every year: scope publish permissions should expire when contributors become inactive. Until npm or registry operators enforce that standard, every open source project with a broad publish scope is one dormant account away from a similar event.
[^1]: Microsoft Security Blog — https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/.
[^2]: Snyk — https://snyk.io/blog/a-forgotten-contributor-account-compromised-the-entire-mastra-npm-package-scope/.
[^3]: StepSecurity — https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js.
