Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat - StepSecurity

Customers

Pricing

Resources

Company

Request a Demo<br>Login

Customers

Pricing

Resources

Company

Start Free

Login

Back to Blog

Threat Intel

Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat

On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular dayjs date library, and its latest version contained an obfuscated postinstall dropper that downloaded and ran a second-stage payload from attacker-controlled servers, then deleted itself to remove any trace. Packages with a combined weekly download count exceeding 1.1 million were exposed. If you installed any @mastra package today, treat your environment as compromised.

Sai Likhith<br>View LinkedIn

June 17, 2026

Share on X<br>Share on X<br>Share on LinkedIn<br>Share on Facebook<br>Follow our RSS feed

Table of Contents

Loading nav...

Summary<br>On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular dayjs date library, and its latest version contained an obfuscated postinstall dropper that downloaded and ran a second-stage payload from attacker-controlled servers, then deleted itself to remove any trace. Packages with a combined weekly download count exceeding 1.1 million were exposed. If you installed any @mastra package today, treat your environment as compromised.

This is an ongoing attack. Additional @mastra packages are continuing to be compromised as we publish this post. we will continue to update our blog post with additional findings. We have responsibly disclosed this issue in mastra-ai-repo: https://github.com/mastra-ai/mastra/issues/18045<br>Background: The Mastra AI Framework<br>Mastra is a rapidly growing open-source TypeScript framework for building AI agents, multi-step workflows, and retrieval-augmented generation (RAG) pipelines. It provides native integrations for major LLM providers (OpenAI, Anthropic, Google), persistent agent memory, Model Context Protocol (MCP) servers, vector databases, and cloud deployment targets. Because Mastra sits at the intersection of AI development and cloud infrastructure, its packages are routinely installed in environments that hold some of the most sensitive credentials in modern software development:<br>LLM API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY)<br>Cloud provider credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AZURE_TENANT_ID)<br>Database connection strings and tokens<br>CI/CD secrets and VCS tokens (GITHUB_TOKEN, NPM_TOKEN)<br>This makes the Mastra ecosystem an exceptionally high-value target for supply chain attackers.<br>How the Attack Unfolded<br>Stage 0 Pre-positioning: The Clean Bait Package (June 16)<br>The attack actually started the day before. On June 16, 2026 at 07:05 UTC, npm user sergey2016 published easy-day-js@1.11.21, a clean, fully functional copy of the legitimate dayjs date library with no malicious code at all. Its only purpose was to look credible. The package mirrors dayjs's version numbering (1.11.x), author metadata (iamkun), homepage, repository URL, license, and keywords, so it could pass a casual visual inspection without raising flags.<br>This bait version (not the malicious one) was what got injected into the @mastra packages as a dependency. The trick is in how npm resolves versions: the dependency was pinned as "easy-day-js": "^1.11.21", which means npm always resolves to the latest matching version at install time. So once the attacker published the malicious 1.11.22, every fresh npm install would automatically pull the payload without needing any further changes to the @mastra packages themselves.<br>Stage 1 Payload Upload (June 17, 01:01 UTC)<br>At 01:01 UTC on June 17, sergey2016 published easy-day-js@1.11.22. This version is identical to 1.11.21 with one addition: a file named setup.cjs (4,572 bytes) and a postinstall hook that executes it:<br>"postinstall": "node setup.cjs --no-warnings"‍<br>The --no-warnings flag suppresses Node.js runtime warnings that might tip off the user. The setup.cjs file itself is obfuscated using a custom-alphabet Base64 scheme backed by a 40-element string array that has to be rotated 34 positions before an arithmetic integrity check passes. This is specifically designed to trip up static analysis tools that evaluate the string array before the rotation runs.<br>Stage 2 @mastra Organization Compromise & Mass Publish (01:12–02:39 UTC)<br>Just 11 minutes after uploading the payload, the attacker used compromised @mastra organization credentials to kick off an automated publishing campaign. Over the next 88 minutes, 140+ packages across the entire Mastra ecosystem were republished with easy-day-js quietly added as a production...