Mastra npm scope hijacked: 144 AI-framework packages backdoored (easy-day-js)
A hijacked contributor account was used to republish 144 packages in the popular @mastra AI-agent npm scope with a malicious typosquatted dependency, easy-day-js, that pulled down a cross-platform remote-access trojan and cryptocurrency stealer onto any developer machine or build system that installed them.
- Victim
- Mastra (@mastra npm scope)
On 17 June 2026, the @mastra npm scope β the package namespace of Mastra, a widely used open-source TypeScript framework for building AI agents and AI-powered applications maintained by San Francisco startup Kepler Software (founded by the team behind Gatsby) β was hijacked in a software supply-chain attack tracked as easy-day-js. An attacker used a forgotten, still-privileged contributor account to republish 144 packages under the scope, each carrying a single malicious dependency that delivered a remote-access trojan and cryptocurrency stealer to anyone who installed them.
How it happened
The campaign hinged on two things: a typosquatted package and a dormant account with publishing rights. On 16 June 2026, an npm user called sergey2016 published easy-day-js, a near-copy of the popular dayjs library, as clean code. Early on 17 June (around 01:01 UTC) that package was quietly updated with malicious logic. Minutes later, between roughly 01:12 and 02:39 UTC, the attacker abused a hijacked @mastra contributor account (ehindero) whose publishing access to the scope had never been revoked, running an automated 88-minute campaign that republished 142 packages across the namespace β each with easy-day-js added to its dependency list.
The payload
Pulling in easy-day-js triggered the download and execution of a cross-platform remote-access trojan with cryptocurrency-stealing functionality. Because the malicious dependency rode inside trusted @mastra/* packages β which together see more than 1.1 million weekly downloads β any developer workstation, CI runner, or build system that installed an affected version after 16 June 2026 should be treated as potentially compromised.
Why it matters
The incident is a textbook supply-chain failure: a single over-privileged, forgotten contributor account was enough to weaponise an entire popular namespace, and a typosquatted transitive dependency hid the payload in plain sight. Responders and GitHub urged developers to roll back to pre-incident package versions and rotate every secret that may have been exposed on affected machines β npm and GitHub tokens, cloud-provider keys, LLM API keys, CI/CD secrets, SSH keys, and database credentials β and to move any cryptocurrency funds to fresh wallets generated on clean devices. It is also a pointed reminder that the booming AI-tooling ecosystem is now squarely in the sights of supply-chain attackers.
Timeline
An npm account named 'sergey2016' publishes 'easy-day-js' β a typosquat of the legitimate dayjs date library β at around 07:05 UTC as a clean, fully functional copy.
At about 01:01 UTC the attacker pushes a malicious update to easy-day-js, then between roughly 01:12 and 02:39 UTC uses the hijacked '@mastra' contributor account 'ehindero' to automatically republish 142 packages across the scope, each with easy-day-js injected as a dependency.
Security vendors and GitHub disclose the compromise; affected versions are pulled and developers are advised to roll back to pre-incident releases and rotate all credentials.
Sources
- orca.securityhttps://orca.security/resources/blog/mastra-npm-supply-chain-attack/
- thehackernews.comhttps://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
- snyk.iohttps://snyk.io/blog/a-forgotten-contributor-account-compromised-the-entire-mastra-npm-package-scope/
- stepsecurity.iohttps://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js
- cloudsmith.comhttps://cloudsmith.com/blog/inside-the-mastra-npm-supply-chain-attack
- scworld.comhttps://www.scworld.com/brief/mastra-npm-packages-compromised-in-easy-day-js-supply-chain-attack