Hijacked ex-contributor token enables mass Mastra scope poisoning via easy-day-js dependency
A single unrevoled npm token allowed automated poisoning of 144 Mastra packages through a malicious dayjs clone. The campaign highlights persistent failures in access revocation and provenance enforcement that enable repeatable supply-chain attacks against AI-adjacent open-source namespaces.
The attack chain relied on a clean initial publish of easy-day-js by sergey2016 followed by postinstall hook that disabled TLS validation, fetched a dropper from 23.254.164[.]92, executed a detached stealer harvesting 160+ crypto-wallet extensions, and self-deleted. Evidence from SafeDep and StepSecurity shows every poisoned package lacked SLSA provenance that legitimate Mastra CI builds carry, exposing the absence of mandatory attestation enforcement on the namespace.
This incident repeats the exact maintainer-account pattern seen in prior scope-wide compromises where tokens were never rotated after contributor departure. Unlike isolated typosquatting, the choice of an AI-framework namespace with cloud-credential exposure indicates deliberate targeting of high-value build environments rather than opportunistic malware distribution.
Npm removed the tagged versions yet left the underlying token-issuance model unchanged. Without enforced provenance checks or automated scope-owner alerts on dormant accounts, the same vector remains open across other popular scopes that still permit unauthenticated publishes from legacy tokens.
StepSecurity: Within 90 days at least two additional popular scopes will disclose similar dormant-contributor token abuse once provenance policies remain optional.
Sources (2)
- [1]StepSecurity & SafeDep joint analysis(https://blog.stepsecurity.io/mastra-compromise-2026)
- [2]Socket.dev incident report(https://socket.dev/blog/mastra-scope-takeover)