An attacker compromised a dormant contributor account in the @mastra npm namespace and rapidly republished 141 packages carrying a hidden remote access trojan dropper, exposing more than 1.1 million weekly downloads across the Mastra AI developer ecosystem. The campaign, confirmed independently by StepSecurity, SafeDep, and Microsoft Threat Intelligence, was still active at the time of initial disclosure.
How the Hijacked ehindero Account Unlocked the Entire @mastra Namespace
The npm account “ehindero” belonged to a former Mastra contributor whose organization-level scope access was never revoked after they stopped contributing to the project. An attacker took control of this account and exploited that unrestricted access to republish 141 @mastra packages in a rapid burst between 01:12 and 02:36 UTC on June 17, inserting a previously absent dependency called “easy-day-js” into every affected package.
The window of opportunity arose from a common npm access management failure. Organizations that do not regularly audit and revoke scope access for inactive contributors leave open takeover paths that can persist indefinitely — with no visible warning to the project’s active maintainers or its downstream users.
The easy-day-js Typosquat and How the Postinstall Dropper Erased Its Tracks
Easy-day-js is a typosquat of dayjs, a widely used JavaScript date library. The malicious package contained an obfuscated postinstall script: when a developer ran npm install on any affected @mastra package, the script automatically downloaded and executed a second-stage RAT payload from attacker-controlled servers, then deleted itself to eliminate forensic evidence.
This self-deletion mechanism is a deliberate evasion choice. By the time a developer or security analyst examined installed packages, the postinstall dropper had already executed and removed itself — leaving the downloaded RAT as the remaining indicator of compromise, if it had not already achieved persistence through separate means.
@mastra/core, mastra, and create-mastra: The Packages Every Mastra Project Imports
The 141 republished packages included @mastra/core, mastra, and create-mastra — the foundational packages that virtually every Mastra project depends on either directly or through transitive dependencies. Any developer who ran npm install on a new or updated Mastra project during the exposure window pulled in the malicious easy-day-js dependency automatically, without any visible warning and without any action beyond a standard install command.
npm removed the malicious package versions after the attack was reported. Microsoft Threat Intelligence’s advisory identified over 80 compromised packages — a figure that varied slightly across the three confirming organizations.
What AI Developer Build Machines Expose When a RAT Lands
Mastra is specifically designed for building enterprise AI applications, and its user base includes developers constructing LLM workflows, AI agents, and integrations with major AI providers. A RAT deployed on an AI developer’s machine provides access to a concentrated set of high-value credentials: LLM API keys, AI application source code, model configurations, production deployment credentials, and cloud provider secrets.
Bearer tokens for LLM APIs are particularly sensitive. Unlike traditional user passwords, API keys authenticate programmatic access directly — whoever holds the key can issue API calls indistinguishable from those of the legitimate organization. Theft of these credentials from a developer’s build environment could result in unauthorized model usage charged to the victim’s account, exfiltration of sensitive data submitted through the API, and access to proprietary model configurations or fine-tuning datasets.
The attack also demonstrates a structural risk in the npm ecosystem: contributor scope access, once granted, does not expire automatically when a contributor becomes inactive. Regular access audits and time-bounded contributor permissions are the primary controls that would have closed the ehindero account’s window before it could be exploited.
Developers who ran npm install on any @mastra package during the UTC exposure window should audit their dependency trees for easy-day-js, inspect development machines for RAT indicators, and rotate all API keys, LLM credentials, and cloud secrets accessible from affected build environments.
