144 Mastra npm Packages Compromised via Hijacked Contributor Account

A sweeping software supply chain attack has compromised 144 npm packages across the @mastra/* namespace, targeting Mastra — a popular open-source JavaScript and TypeScript framework used for building AI-powered applications. The campaign, codenamed easy-day-js, was achieved by hijacking a contributor account with publishing rights to the namespace.

The attack was uncovered and reported by security researchers, with details first published by The Hacker News on June 17, 2026.

What Is Mastra?

Mastra is an open-source JavaScript and TypeScript framework designed to simplify the development of AI applications. It provides abstractions for building AI agents, workflows, and integrations — making it a commonly used dependency in projects that interact with LLMs, vector stores, and agentic pipelines.

Given Mastra's positioning in the AI development toolchain, a compromise of its npm packages has the potential to affect a wide variety of production AI systems and the developer environments that build them.

How the Attack Unfolded

The easy-day-js campaign followed a now-familiar pattern in supply chain attacks targeting package registries:

Account Compromise — Attackers obtained valid npm credentials for a Mastra project contributor. The exact method of credential theft has not been publicly disclosed, but common vectors include phishing, credential stuffing from leaked databases, or exfiltration from previously compromised developer machines.
Malicious Package Publication — Using the hijacked account's publishing rights, attackers injected malicious code into 144 packages across the @mastra/* namespace and published the trojanized versions to the npm registry.
Developer Targeting — Downstream developers and automated CI/CD pipelines that ran npm install or updated Mastra dependencies during the exposure window would have received the malicious package versions.
Payload Execution — Malicious packages typically execute their payloads via npm's preinstall, install, or postinstall lifecycle scripts, which run automatically during package installation without explicit user interaction.

Potential Impact

The compromise of a widely used AI framework carries significant risk across multiple attack surfaces:

Developer Workstations

Developers who installed affected @mastra/* packages may have had secrets exfiltrated from their workstations, including:

npm authentication tokens (~/.npmrc)
Cloud provider credentials (AWS, GCP, Azure CLI configs)
Environment variables from project directories (.env files)
SSH private keys
GitHub, GitLab, or Bitbucket personal access tokens

CI/CD Pipeline Compromise

Automated build pipelines that install npm dependencies are a primary target in supply chain attacks. Compromised pipelines can expose:

Pipeline secrets and signing keys
Container registry credentials
Deployment tokens with production access

Transitive Exposure

Because Mastra is used as a dependency in AI projects, any application that includes @mastra/* packages — even indirectly — may have been affected during the exposure window.

Connection to Broader Supply Chain Campaigns

The easy-day-js campaign is the latest in a persistent wave of supply chain attacks targeting the npm ecosystem. Security researchers note tactical similarities to several recent campaigns:

Shai-Hulud / Mini Shai-Hulud — self-propagating npm worms that use stolen credentials to spread through the registry
IronWorm — a Rust-written npm credential stealer uncovered in June 2026
Miasma — a campaign that infected Microsoft GitHub repositories via compromised npm packages
Tanstack attack — a contributor account compromise that triggered secondary breaches at Grafana and OpenAI

The pattern of hijacking legitimate contributor accounts rather than creating new malicious packages is a deliberate tactic to bypass registry trust mechanisms and avoid automated flagging of unknown publisher accounts.

What Developers Should Do

Immediate Steps

Audit your package lock files — Check whether any @mastra/* packages were installed or updated during the exposure window. The npm security advisory will specify affected version ranges.
Rotate all secrets on exposed machines — If you installed affected packages on a developer workstation or in a CI/CD environment, treat all secrets accessible from that environment as compromised:
- Rotate npm tokens
- Regenerate GitHub/GitLab PATs
- Rotate cloud provider API keys and access tokens
- Revoke and reissue SSH keys
Pin dependency versions — Use exact version pinning and commit lock files to prevent automatic adoption of malicious package updates.
Enable npm audit in CI — Add npm audit --audit-level=high to your CI pipeline to catch known vulnerabilities before build time.

Longer-Term Hardening

# Lock down .npmrc to prevent token leakage
chmod 600 ~/.npmrc
 
# Use npm's built-in package integrity verification
npm install --audit
 
# Verify package signatures where available
npm config set verify-signatures true
 
# Review installed packages for suspicious postinstall scripts
npm ls --depth=0
cat node_modules/@mastra/*/package.json | grep -A5 '"scripts"'

Monitor outbound network traffic from CI — Unexpected network connections during npm install are a strong indicator of supply chain compromise.

npm Registry Response

The npm Security Team was notified and has been working to remove the affected malicious package versions from the registry. Developers should check the official Mastra GitHub repository and npm advisory database for the specific versions that were compromised and confirmed clean replacement versions.

A Growing Pattern

The easy-day-js attack is the latest example of how AI development frameworks have become high-value targets for supply chain threat actors. As AI tooling proliferates and more developers adopt frameworks like Mastra to build agentic applications, the attack surface exposed through developer dependencies continues to expand.

The npm ecosystem's trust model — where any contributor with publishing rights can push updates to all packages in a namespace — creates structural risk that individual organizations cannot fully mitigate without registry-level controls. npm's upcoming npm 12 changes to default script execution behavior are a step in the right direction, but the fundamental account compromise vector remains.

Organizations building AI applications should treat their software supply chain as a critical attack surface, apply least-privilege principles to package registry access, and maintain incident response runbooks specifically for supply chain compromise scenarios.

Sources

The attack was uncovered and reported by security researchers, with details first published by The Hacker News on June 17, 2026.

What Is Mastra?

How the Attack Unfolded

The easy-day-js campaign followed a now-familiar pattern in supply chain attacks targeting package registries:

Account Compromise — Attackers obtained valid npm credentials for a Mastra project contributor. The exact method of credential theft has not been publicly disclosed, but common vectors include phishing, credential stuffing from leaked databases, or exfiltration from previously compromised developer machines.
Malicious Package Publication — Using the hijacked account's publishing rights, attackers injected malicious code into 144 packages across the @mastra/* namespace and published the trojanized versions to the npm registry.
Developer Targeting — Downstream developers and automated CI/CD pipelines that ran npm install or updated Mastra dependencies during the exposure window would have received the malicious package versions.
Payload Execution — Malicious packages typically execute their payloads via npm's preinstall, install, or postinstall lifecycle scripts, which run automatically during package installation without explicit user interaction.

Potential Impact

The compromise of a widely used AI framework carries significant risk across multiple attack surfaces:

Developer Workstations

Developers who installed affected @mastra/* packages may have had secrets exfiltrated from their workstations, including:

npm authentication tokens (~/.npmrc)
Cloud provider credentials (AWS, GCP, Azure CLI configs)
Environment variables from project directories (.env files)
SSH private keys
GitHub, GitLab, or Bitbucket personal access tokens

CI/CD Pipeline Compromise

Automated build pipelines that install npm dependencies are a primary target in supply chain attacks. Compromised pipelines can expose:

Pipeline secrets and signing keys
Container registry credentials
Deployment tokens with production access

Transitive Exposure

Because Mastra is used as a dependency in AI projects, any application that includes @mastra/* packages — even indirectly — may have been affected during the exposure window.

Connection to Broader Supply Chain Campaigns

The easy-day-js campaign is the latest in a persistent wave of supply chain attacks targeting the npm ecosystem. Security researchers note tactical similarities to several recent campaigns:

Shai-Hulud / Mini Shai-Hulud — self-propagating npm worms that use stolen credentials to spread through the registry
IronWorm — a Rust-written npm credential stealer uncovered in June 2026
Miasma — a campaign that infected Microsoft GitHub repositories via compromised npm packages
Tanstack attack — a contributor account compromise that triggered secondary breaches at Grafana and OpenAI

What Developers Should Do

Immediate Steps

Audit your package lock files — Check whether any @mastra/* packages were installed or updated during the exposure window. The npm security advisory will specify affected version ranges.
Rotate all secrets on exposed machines — If you installed affected packages on a developer workstation or in a CI/CD environment, treat all secrets accessible from that environment as compromised:
- Rotate npm tokens
- Regenerate GitHub/GitLab PATs
- Rotate cloud provider API keys and access tokens
- Revoke and reissue SSH keys
Pin dependency versions — Use exact version pinning and commit lock files to prevent automatic adoption of malicious package updates.
Enable npm audit in CI — Add npm audit --audit-level=high to your CI pipeline to catch known vulnerabilities before build time.

Longer-Term Hardening

# Lock down .npmrc to prevent token leakage
chmod 600 ~/.npmrc
 
# Use npm's built-in package integrity verification
npm install --audit
 
# Verify package signatures where available
npm config set verify-signatures true
 
# Review installed packages for suspicious postinstall scripts
npm ls --depth=0
cat node_modules/@mastra/*/package.json | grep -A5 '"scripts"'

Monitor outbound network traffic from CI — Unexpected network connections during npm install are a strong indicator of supply chain compromise.

144 Mastra npm Packages Compromised via Hijacked Contributor Account

What Is Mastra?

How the Attack Unfolded

Potential Impact

Developer Workstations

CI/CD Pipeline Compromise

Transitive Exposure

Connection to Broader Supply Chain Campaigns

What Developers Should Do

Immediate Steps

Longer-Term Hardening

npm Registry Response

A Growing Pattern

Sources

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

144 Mastra npm Packages Compromised via Hijacked Contributor Account

What Is Mastra?

How the Attack Unfolded

Potential Impact

Developer Workstations

CI/CD Pipeline Compromise

Transitive Exposure

Connection to Broader Supply Chain Campaigns

What Developers Should Do

Immediate Steps

Longer-Term Hardening

npm Registry Response

A Growing Pattern

Sources

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm