Mastra: 144 npm packages compromised via vendor account takeover

Colleagues — a cybersecurity alert: the easy-day-js campaign compromised up to 144 @mastra/* packages.
What happened:
- npm account "ehindero" was taken over; attacker mass-published malicious packages.
- The malicious dependency "easy-day-js" runs in postinstall, disables TLS and downloads an info‑stealer from C2.
- It harvests browser history, data from 160+ crypto extensions, and achieves cross‑platform persistence.
Recommendations: revert to known-safe versions, rotate tokens, audit workstations and CI, and require provenance/signatures for package publishes.
Why it matters: the malware executes on install — build environments and developer machines are at risk.
What additional measures do you deem critical to protect the software supply chain?
#cybersecurity #supplychain #npm #opensource


Latest comments
No comments yet.