A major software supply chain attack has struck the popular Mastra AI npm ecosystem, prompting urgent warnings from Microsoft and cybersecurity researchers. More than 80 packages were compromised after attackers reportedly took over npm maintainer accounts and injected malicious code into package updates.
The attack affects multiple widely used Mastra packages and demonstrates how rapidly threat actors are targeting the booming AI developer ecosystem.
Microsoft Detects Large-Scale npm Package Compromise
According to Microsoft’s security team, attackers successfully compromised over 80 packages within the Mastra AI ecosystem through an npm account takeover campaign.
The attackers introduced a malicious “phantom dependency” into affected packages, causing developers to unknowingly install malware when updating dependencies.
Among the most notable affected releases is [email protected], which introduces a dependency called easy-day-js@^1.11.21.
At first glance, the package appears legitimate. However, security researchers identified it as a typosquatting package designed to impersonate the popular JavaScript date library dayjs.
How the Malicious Package Works
The compromised dependency resolves to [email protected], which contains a malicious post-install script.
Once installed, the package automatically executes a file called setup.cjs, triggering a multi-stage malware deployment process.
1. SSL Verification Is Disabled
The malware first disables TLS certificate validation using:
NODE_TLS_REJECT_UNAUTHORIZED=0This allows the attacker to communicate with command-and-control (C2) infrastructure without certificate validation errors.
2. Infection Tracking Files Are Created
The malware creates hidden files on the victim’s system, including:
~/.pkg_history
~/.pkg_logsThese files appear to help the attackers track infected machines and avoid duplicate infections.
3. Second-Stage Payload Is Downloaded
The malicious script downloads an additional JavaScript payload from attacker-controlled infrastructure.
This transforms the initial package compromise into a much more dangerous multi-stage infection chain.
4. Malware Runs Invisibly
The downloaded payload is launched as a detached background process using hidden execution methods.
On Windows systems, the malware reportedly uses invisible process execution to reduce the likelihood of detection by users.
5. Evidence Is Deleted
To conceal the attack, the malware removes the original setup script after execution.
This tactic makes forensic investigations significantly more difficult and reduces visible indicators of compromise.
Packages Affected
Microsoft reports that the attack impacts:
- [email protected]
- mastra/pg
- mastra/mcp
- mastra/schema-compat
- mastra/ai-sdk
- mastra/rag
- More than 80 additional packages within the Mastra ecosystem
Because these packages are commonly used in AI-powered applications and developer workflows, the potential impact could be widespread.
Indicators of Compromise (IOCs)
Microsoft recommends that developers and security teams immediately check for the following indicators:
Suspicious Files
~/.pkg_history
~/.pkg_logsUnexpected JavaScript Files
Look for:
- Randomly named .js files
- Suspicious scripts in home directories
- Unexpected files in temporary folders
Security Alerts
Organizations using Microsoft Defender for Endpoint should investigate alerts containing:
Trojan:JS/ObfusNpmJsWhat Developers Should Do Immediately
Developers using Mastra packages should take immediate action.
Downgrade to Safe Versions
Microsoft advises users to downgrade affected installations and explicitly use:
[email protected]until patched releases become available.
Verify Dependency Trees
Review package-lock.json, npm-shrinkwrap.json, pnpm-lock.yaml, or yarn.lock files for unexpected dependency additions.
Use Lockfiles
Lockfiles can help prevent accidental upgrades to compromised package versions and reduce exposure to supply chain attacks.
Audit Recent Installations
Organizations should review build logs, CI/CD pipelines, developer workstations, and production systems for evidence of recent installations of affected versions.
Why This Attack Matters
Software supply chain attacks have become one of the most effective methods for compromising developers and organizations at scale.
Rather than attacking individual targets directly, threat actors compromise trusted packages used by thousands of projects. Once developers install an infected update, attackers gain a foothold inside development environments, CI/CD systems, and potentially production infrastructure.
The latest Mastra incident highlights how AI development ecosystems are increasingly becoming attractive targets for cybercriminals.
Final Thoughts
The compromise of more than 80 Mastra ecosystem packages represents one of the most serious npm supply chain incidents affecting AI developers in recent months.
With malicious code executing automatically during package installation, developers should urgently audit their environments, downgrade affected versions, and investigate systems for indicators of compromise.
Organizations using Mastra packages should treat this incident as a high-priority security event and verify that no compromised versions have entered their software supply chain.
Please follow us on our Facebook page and X account for all latest and breaking Windows and Microsoft related news.
