What Happened
On June 17, 2026, attackers executed a surgical supply chain attack against the Mastra AI framework ecosystem on npm. They first compromised “ehindero,” a former contributor whose scope access had never been revoked, then used that account to inject a malicious dependency called easy-day-js into 144 packages under the @mastra namespace. The move took 88 minutes from start to finish.
easy-day-js is a typosquat of the widely used dayjs date library. Its initial version, published June 16 at 07:05 UTC, contained no malicious code — a clean cover to pass automated checks. The malicious payload arrived hours later in a silent update. Each Mastra package received easy-day-js as a new dependency, and its postinstall script downloaded a second-stage payload from attacker-controlled servers before deleting itself to erase evidence.
The payload steals credentials, environment variables, API keys, and cloud secrets from the compromised environment. Combined weekly downloads across the 144 affected @mastra/* packages exceed 1.1 million. The incident was disclosed by StepSecurity, Orca Security, and OX Security, and the malicious packages have since been removed from npm. The root cause was a stale contributor account with retained publish permissions — the same pattern behind the Axios npm attack in March 2026.
Why This Matters for Canadian Organizations
Mastra is a popular JavaScript and TypeScript framework for building AI applications, and Canadian technology companies, government digital services, and financial services firms building AI-enabled tools on Node.js are likely among the 1.1 million weekly download base. Any CI/CD pipeline, developer workstation, or build server that ran npm install against any @mastra/* package after June 16 is potentially compromised.
The consequences extend well beyond the Mastra packages themselves. A compromised CI runner typically holds AWS, Azure, or GCP credentials, GitHub tokens, database connection strings, and third-party API keys — the full set of secrets a build system needs to function. Under OSFI B-13, Canadian financial institutions are required to identify and contain software supply chain risks as part of their technology and cyber risk management obligations. The Office of the Privacy Commissioner’s PIPEDA guidance requires notification where a breach of personal information creates a real risk of significant harm, a threshold any credential-theft incident from a production pipeline is likely to meet.
This attack follows a consistent pattern of campaigns attributed to groups targeting the AI and developer tooling supply chain in 2026, including the Checkmarx Jenkins plugin breach, the GlassWorm VS Code extension campaign, and the Miasma Red Hat npm attack. Canadian organizations building on open-source AI frameworks face a sustained and systematic threat to their software delivery infrastructure.
What to Do
Treat any system that installed @mastra/* packages after June 16, 2026 as fully compromised. Rotate all credentials, tokens, and API keys accessible from those environments — including cloud provider keys, GitHub PATs, database passwords, and AI provider API keys. Review CI/CD pipeline logs from June 16–17 for outbound connections to unknown hosts. Check npm audit and dependency trees for the presence of easy-day-js. Implement npm provenance attestation and lock file enforcement to reduce dependency confusion risk. Review stale contributor accounts on all internal and open-source package namespaces your organization controls or depends on. Report confirmed theft of personal data to the Office of the Privacy Commissioner under PIPEDA breach of security safeguards obligations.
Source: The Hacker News
