Hijacked Mastra npm Account Spread easy-day-js Info-Stealer to 144 Packages
A software supply chain attack compromised up to 144 @mastra/* npm packages after an attacker abused lingering publish access on a former contributor account and pushed tainted releases into the widely used JavaScript and TypeScript AI framework ecosystem. The malicious package versions did not contain the payload directly; instead, they added a dependency on easy-day-js, a typosquatted package impersonating the legitimate dayjs library. Investigators said the attacker first published a benign-looking easy-day-js@1.11.21, then followed with malicious easy-day-js@1.11.22 before releasing compromised Mastra packages that referenced the permissive version range ^1.11.21, allowing the harmful dependency to be pulled in during installation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
npm removes malicious package versions and reverts latest tags
Following the discovery, npm removed malicious versions from the most prominent affected packages and reverted their latest tags. Defenders advised users who installed the affected versions to treat hosts as potentially compromised, roll back packages, rotate credentials, and investigate for artifacts.
Mastra disables token publishing and mandates MFA for npm publishes
In response to the npm compromise, Mastra disabled token-based npm publishing and required multi-factor authentication for all publishes. The change was announced alongside guidance for users to audit dependencies, inspect logs, update to clean versions, and rotate credentials on affected systems.
Mastra removes unauthorized owner and publishes clean replacement releases
After the @mastra npm scope compromise, Mastra removed the unauthorized owner account used in the attack and published clean forward-rolled package releases to replace the compromised versions. The report also noted the source repository was not modified and the malicious dependency was inserted during package publishing.
Researchers disclose the easy-day-js supply chain attack
Researchers reported a software supply chain attack dubbed easy-day-js affecting up to 144 npm packages in the @mastra/* namespace. Their analysis described the malicious dependency chain, the obfuscated loader behavior, and the final payload's information-stealing capabilities.
Malicious easy-day-js and compromised @mastra packages are published
On 2026-06-17, an attacker using access to the @mastra npm organization published malicious Mastra package versions that added a dependency on easy-day-js@1.11.22. The malicious package used a postinstall hook to fetch and run a second-stage payload, and the activity was tied to a hijacked contributor account with lingering publish access.
Attacker publishes benign easy-day-js@1.11.21 to npm
The attacker first published a benign-looking easy-day-js version 1.11.21, apparently to establish credibility before the malicious stage of the campaign. This package later served as the dependency name used in compromised Mastra releases.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
20 references tracked. Mallory keeps watching after this page renders.
From Package to Postinstall Payload: Inside the Mastra npm Supply Chain Compromise | Community Portal | Gurucul
community.gurucul.com
Open sourceFrom package to postinstall payload: Inside the Mastra npm supply chain compromise - Malware News - Malware Analysis, News and Indicators
malware.news
Open sourceEasy-day-js Targets Mastra, Dependency Attacks Grow - Malware News - Malware Analysis, News and Indicators
malware.news
Open sourceMastra npm Supply Chain Attack Explained | Orca Security
orca.security
Open sourceMastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat - StepSecurity
stepsecurity.io
Open sourceMastra npm Scope Takeover | Snyk
snyk.io
Open sourceeasy-day-js: Supply Chain Campaign Targets Mastra npm Packages - JFrog Security Research
research.jfrog.com
Open sourceMicrosoft has identified a supply chain attack on the Mastra-AI npm ecosystem, with 80+ packages compromised through npm account takeover. The attacker introduced a phantom dependency into the… | Microsoft Threat Intelligence
linkedin.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious NPM Packages Targeting the JavaScript Supply Chain
A large-scale attack on the NPM (Node Package Manager) ecosystem has been uncovered, involving the publication of over 64,000 malicious packages by a coordinated group known as the IndonesianFoods worm. This campaign, active for more than two years, leveraged at least seven newly created NPM user accounts to distribute the malicious packages, which are notable for their consistent naming patterns and unusual internal dictionary. The attackers focused on creating new packages rather than stealing credentials, and the scale of the operation more than doubles the previously known number of malicious NPM packages. Security researchers have made available a comprehensive list of the affected packages and user accounts for further analysis. In a separate but related incident, researchers identified a highly popular fake NPM package, "@acitons/artifact," which was downloaded over 206,000 times. This package used a typosquatting technique to mimic the legitimate GitHub Actions Toolkit and was designed to steal GitHub credentials by executing a malicious post-install script. The attack highlights the growing threat of software supply chain compromises, with the malicious package aiming to exfiltrate tokens from build environments and potentially publish further malicious artifacts. Both incidents underscore the increasing sophistication and scale of supply chain attacks targeting the JavaScript development community.
Mar 21, 2026
Compromised npm Maintainer Account Spread Credential-Stealing Malware Across AntV and timeago.js
Attackers abused the npm account **`atool`**—linked to the maintainer of **`timeago.js`** and with publish rights across Alibaba’s **AntV** ecosystem—to push malicious releases into widely used JavaScript packages. Reporting from StepSecurity, SafeDep, Aikido Security, and CSO indicates the campaign affected packages including **`timeago.js`**, **`echarts-for-react`**, **`size-sensor`**, and numerous **`@antv/*`** libraries used for charting, graphing, rendering, mapping, and spreadsheet functions in web applications and dashboards. Researchers said the attacker published malicious code at scale, with one account citing **637 malicious versions across 317 packages in about 22 minutes**, while another identified **143 compromised packages** with affected versions. The payload was described as a **CI/CD credential stealer** and linked by some researchers to the **Mini-Shai-Hulud** worm, raising concern because the infected packages are commonly pulled into front-end builds and automated pipelines such as **GitHub Actions**, **GitLab CI**, and Kubernetes-hosted CI systems, where exposed tokens and cloud credentials could enable broader downstream compromise.
May 25, 2026
Malicious npm Packages Spread Through `binding.gyp` Across Popular JavaScript Libraries
Security researchers reported a renewed npm supply-chain campaign affecting a wide range of JavaScript and TypeScript packages, with malicious versions published across families including **autotel**, **awaitly**, **executable-stories**, **node-env-resolver**, AI SDK components, telemetry libraries, and ESLint-related tooling. StepSecurity described the activity as a `binding.gyp`-based attack that spreads "like a worm," while OX Security linked the activity to the returning **Miasma** campaign and said the affected packages collectively account for roughly **647,000 monthly downloads**. The published notices focus on package exposure rather than a CVE-style vulnerability disclosure, listing compromised package names and exact version numbers as the primary indicators of risk. Across both reports, the incident is characterized as a software supply-chain compromise in the npm ecosystem, with no confirmed threat actor attribution, malware family details beyond the Miasma label, or technical exploit chain disclosed in the available summaries.
Jun 4, 2026