145 Mastra npm Packages Compromised via Hijacked Contributor Account

A supply chain attack compromised 145 npm packages in the Mastra namespace, a JavaScript and TypeScript framework for building AI applications. The attack, tracked as easy-day-js, exploited a hijacked contributor account to inject malicious code into packages under the @mastra/* namespace.

Security firms Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Snyk discovered the compromise. The attacker gained control of a single npm account with publishing rights across multiple Mastra packages, allowing them to push malicious versions to the registry without detection.

Mastra is widely used by developers building AI-powered applications, meaning the compromise affects a large downstream ecosystem. The attack demonstrates the vulnerability of namespace-based package management systems where a single compromised credential grants access to numerous packages. Organizations relying on @mastra/* packages may have unknowingly installed trojanized versions containing attacker-controlled code.

The scope of the compromise is substantial. With 145 packages affected, the attack surface extends across numerous development teams and production environments. Developers who installed compromised versions during the window of exploitation face potential code execution risks, data theft, and supply chain propagation to their own applications.

The attack underscores critical gaps in npm account security practices. The attacker likely obtained credentials through phishing, credential reuse, or exploitation of a weak password. Once inside, they exploited npm's trust model, which grants broad publishing permissions to authenticated accounts without requiring per-package approval workflows.

Affected organizations should immediately audit their npm dependencies, identify which packages contain Mastra components, and verify the versions installed. Checking package-lock.json or yarn.lock files reveals exactly which versions were pulled. Organizations should patch to the latest clean versions once npm or the Mastra maintainers remove malicious releases.

The Mastra project maint