That’s all it took.
Recently, someone snuck malicious code into multiple @mastra npm packages.
If you’ve got any Mastra stuff running anywhere in your stack, read this now. Not after your standup tomorrow.
This isn’t some hypothetical.
Researchers were still seeing active connections on infected machines when the news broke.
The mechanics. No jargon
Mastra’s an open-source AI framework for JS/TS devs.
Solid tool, actually.
What happened: an old contributor account called ehindero. Dormant for a long time, nobody ever revoked access. Got reactivated. npm doesn’t expire credentials. Your publish rights just sit there, forever, unless someone manually removes them.
First move: published easy-day-js. Looked like the real dayjs date library. Nobody blinked.
Eleven minutes later: another version. This one had a postinstall hook. When devs ran `npm install`, the hook fired silently, grabbed a second-stage payload from attacker servers, then deleted itself.
Clean as a surgical laser.
Over the next period, multiple packages got republished with easy-day-js quietly added as a production dependency.
The version range meant any fresh install pulled the poisoned version automatically.
Weekly downloads on the affected packages? A significant number. Even if a small percentage of those were active dev machines, that’s a lot of compromised boxes.
Side note: their GitHub security page was a mess when I checked.
No prominent banner, no pinned advisory. Amateur hour.
What the payload actually grabbed
Cross-platform info stealer.
Windows, macOS, Linux — equal opportunity.
It scanned for browser-stored credentials, browser history, crypto wallet extensions. MetaMask, Keplr, Coinbase, and numerous other wallet extensions got targeted. Sources argue about the exact count, but the scope stays consistent.
Attribution went to Sapphire Sleet.
BlueNoroff. The North Korean APT group that treats developer supply chains like an ATM.
Here’s the part that kept me up: anyone who installed @mastra during that window might have persistent malware with live connectivity sitting on their machine right now. Not “possibly exposed.” Active infection.
Sources described it as ongoing when they went to press.
Why this keeps working
Single orphaned account. No credential rotation.
No 2FA enforced at the registry level.
npm’s model trusts org members until someone removes them. Contributors leave. Nobody thinks about it. The access just… stays.
Third major npm supply chain incident in recent memory. Every time, the same advice: audit your deps, rotate tokens, enable 2FA. All correct.
None of it trickles down to indie devs or small teams who don’t have a formal security review process for every package they touch.
They see something useful. They npm install it. They move on.
Your laptop isn’t a staging environment.
Every package with a postinstall hook runs code on your system automatically. Most of the time it’s fine. Sometimes it’s a catastrophe.
What to actually do
Check your package-lock.json or yarn.lock.
Look for @mastra packages. Check if easy-day-js shows up anywhere in your dependency tree.
If you installed or updated any @mastra package during the publication window: treat your machine as compromised.
Rotate every npm token you have. Today. Not end of sprint.
Enable 2FA on your npm account. Audit your org members. Remove anyone who isn’t actively contributing. Add a package-lock audit step to your CI pipeline. Catch unexpected deps before they hit production.
For your personal machines: if you’ve got any of those targeted wallet extensions installed and you’ve run @mastra code recently. Assume exposure. The drain risk is real. Right now.
When Mastra releases cleaned packages: fresh install. `rm -rf node_modules && npm install` from a verified clean version. That’s the only way to be certain the backdoor is gone from your lock file.
The honest part
You can’t stop every supply chain attack. You can tighten your surface, audit your deps, enforce least-privilege on your registries. But every time you run `npm install`, you’re trusting strangers’ code with your machine.
The people who are gonna get wrecked by this? Not enterprises with security teams. Indie devs. Small shops. The ones who grabbed @mastra because it looked useful, installed it on their main work machine, and moved on.
Their machines have live connections right now. They probably don’t know it yet.
Go audit your stack.
