Mastra npm takeover poisons 140 packages
Install-time malware makes import checks the wrong comfort blanket for teams auditing developer workstations and CI/CD runners.
TL;DR
Microsoft says an attacker took over the ehindero npm maintainer account and published poisoned versions of more than 140 mastra and @mastra packages. The packages pulled in easy-day-js, a typosquat of dayjs, whose postinstall hook contacted attacker-controlled command-and-control infrastructure and ran a second-stage payload. Any workstation or continuous integration and delivery pipeline that ran npm install or npm update after publication was potentially exposed, even if the Mastra code was never imported.
Microsoft’s account of the Mastra compromise is a useful reminder that npm supply-chain triage cannot stop at application imports. The compromised ehindero maintainer account had publish rights across the Mastra ecosystem, and Microsoft says the attacker used it to push poisoned latest-tagged versions of more than 140 packages under the mastra and @mastra scopes. Those versions introduced easy-day-js, a malicious typosquat of dayjs, which executed through a postinstall hook during package installation.
That is the operational point. If a developer workstation or CI/CD runner resolved the compromised package versions during npm install or npm update, the payload could run before anyone cared whether the library was used in code. Microsoft says the dropper disabled Transport Layer Security certificate verification, contacted attacker-controlled command-and-control infrastructure, downloaded a second stage, and launched it as a detached hidden Node.js process. The obvious audit set is therefore lockfiles, build logs, runner images, package caches, and secrets available to the install environment, not just source files.
The registry-side cleanup is real but not curative. Microsoft says it shared findings with npm, the compromised packages were removed, and the attacker’s publish access to the @mastra scope was revoked. Good. The downstream work still belongs to the teams whose builds ran during the exposure window. This also fits the larger npm pattern Microsoft has been documenting this year: Axios malicious versions in April, @antv maintainer compromise in May, and typosquatted packages aimed at cloud and CI/CD secrets later that month, each turning package installation into the execution path (https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/, https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/, https://www.microsoft.com/en-us/security/blog/2026/05/28/typosquatted-npm-packages-used-steal-cloud-ci-cd-secrets/). Treat this as an incident-response trigger for exposed build environments, not a package hygiene ticket.
Published ·Deep Fathom