An attacker compromised 144 npm packages under the @mastra namespace after hijacking a single contributor account named ehindero. Mastra is an open-source framework for building AI applications in JavaScript and TypeScript. Security researchers at Endor Labs, JFrog, SafeDep, Socket, and StepSecurity identified the breach as part of a campaign called easy-day-js.
The attack exploited a supply chain vulnerability. By gaining control of one maintainer account, the attacker published malicious versions across dozens of packages simultaneously. Developers downloading these compromised packages would inadvertently install backdoored code into their projects.
The scope is substantial. The 144 affected packages span core Mastra components and extensions, potentially exposing any developer relying on @mastra libraries. This includes projects building AI-powered applications where Mastra serves as infrastructure.
Account takeover remains the primary vector for npm supply chain attacks. The ehindero account likely suffered weak credential security, reuse across platforms, or credential stuffing. Once breached, the attacker gained publishing rights across all packages under that account's control.
Organizations and individual developers must immediately audit their dependencies. Any project importing @mastra packages should check installed versions against npm's package history. Removing compromised versions and upgrading to patched releases is essential. Development teams should implement lockfile verification and dependency scanning tools to detect similar attacks.
The npm ecosystem continues to face pressure from malicious actors targeting popular packages. Mastra's focus on AI applications makes it an attractive target. Enterprise users running Mastra-dependent systems face particular risk of supply chain contamination.
This incident underscores the need for stronger npm account security measures. Two-factor authentication, IP allowlisting, and automated malware detection during package publication would reduce attack surface. npm's verification infrastructure remains reactive rather than proactive.
CATEGORY