Mastra npm Supply Chain Compromise: easy-day-js Typosquat Dropper

On June 17th, 2026, Sapphire Sleet, a North Korean state-sponsored threat actor, compromised the @mastra npm organization, the publishing scope behind a widely used open-source TypeScript framework for building AI agents and retrieval pipelines, and republished more than 140 packages with a single hidden malicious dependency. The foothold was a stale maintainer account whose scope access had never been revoked, not a flaw in Mastra's own code, which the maintainers later confirmed was untouched. Because Mastra packages are routinely installed in environments that hold LLM API keys, cloud credentials, and CI/CD tokens, and because the affected packages carry tens of millions of downloads a month, the compromise put some of the most sensitive secrets in modern development pipelines at risk.

The malicious dependency, easy-day-js, is a typosquat of the popular dayjs date library. The attacker first published a clean, near-identical lookalike to pass casual review, then added it across the Mastra scope under a caret version range so that a later malicious patch release would resolve automatically on the next install. Execution runs entirely from the package install lifecycle: a postinstall hook launches an obfuscated dropper using the Node.js runtime already on the host, so no external tooling is needed. The dropper disables TLS certificate validation, writes install beacon markers to map infected hosts, fetches a second-stage payload from an attacker server addressed by raw IP, launches it as a detached background process, and then deletes itself to remove the primary forensic artifact.

The second stage is a cross-platform cryptocurrency wallet stealer paired with a remote access trojan. It enumerates browser profiles for wallet extensions, collects host and environment data including credentials and tokens, and beacons to a separate command and control address while establishing persistence disguised as Node tooling through a LaunchAgent on macOS, a systemd user service on Linux, or a staging directory on Windows. Any developer workstation, CI runner, or build agent that resolved a malicious version during the exposure window should be treated as a credential and wallet exposure event, with endpoint and network telemetry around the install, rather than package scanning alone, being the most reliable place to catch it.