Easy-day-js Mastra package-publishing campaign
Campaign
Summary
Hide ▲
Show ▼
The easy-day-js campaign mass-published more than 140 malicious npm packages across the @mastra/* namespace, creating broad supply-chain exposure for developers and build systems. The operation used the ehindero npm account in a short publishing burst on 2026-06-17. The malicious packages could reach users through normal installs before defenders removed the tainted versions.
Related Happenings
Mastra @mastra/* npm packages hit by network compromise
Incident
H score24
First: 17.06.2026 10:38
Last: 17.06.2026 10:38
Sources 1
How related:
As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.
About this happening:
The **Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack**, putting installs at risk of workstation, CI runner, and build-environment comprom...
Mastra @mastra/* npm packages hit by network compromise
IncidentHow related: As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.
About this happening: The **Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack**, putting installs at risk of workstation, CI runner, and build-environment comprom...
Asteroiddao hit by network compromise
Incident
H score13
First: 04.06.2026 18:25
Last: 04.06.2026 18:25
Sources 1
About this happening:
**asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...
Asteroiddao hit by network compromise
IncidentAbout this happening: **asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...
IronWorm npm supply-chain infection and self-propagation
Malware Activity
H score15
First: 04.06.2026 18:25
Last: 04.06.2026 18:25
Sources 1
About this happening:
**IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...
IronWorm npm supply-chain infection and self-propagation
Malware ActivityAbout this happening: **IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...
Miasma GitHub and npm supply-chain campaign
Campaign
H score26
First: 02.06.2026 00:38
Last: 02.06.2026 00:38
Sources 1
About this happening:
The **Miasma** supply-chain campaign has expanded into a new **PyPI** branch called **Hades**, with **37 malicious wheel artifacts** across **19 packages**. The compromised releas...
Miasma GitHub and npm supply-chain campaign
CampaignAbout this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** branch called **Hades**, with **37 malicious wheel artifacts** across **19 packages**. The compromised releas...
Latest development: 05.06.2026 21:05
A new Miasma wave is linked to 57 compromised npm packages across more than 286 malicious versions, with malicious installs abusing a 157-byte binding.gyp file for code execution during npm install and then staging additional payloads that inject persistent backdoor files into project repositories and target AI-assisted IDE workflows.
Red Hat npm Namespace Hijacked in Supply Chain hit by cyberattack
Incident
H score13
First: 01.06.2026 20:40
Last: 01.06.2026 20:40
Sources 1
About this happening:
**Red Hat's** official npm namespace was hijacked in a **supply chain attack** that republished **32 packages** in the **@redhat-cloud-services** scope on **June 1**; the maliciou...
Red Hat npm Namespace Hijacked in Supply Chain hit by cyberattack
IncidentAbout this happening: **Red Hat's** official npm namespace was hijacked in a **supply chain attack** that republished **32 packages** in the **@redhat-cloud-services** scope on **June 1**; the maliciou...
Timeline
-
17.06.2026 10:38 2 articles · 2h ago
Easy-day-js Mastra package-publishing campaign
Initial DisclosureOn **2026-06-17**, the **ehindero** account began mass-publishing malicious packages across the **@mastra/*** namespace. The short-window release burst seeded the **easy-day-js** supply-chain operation before the malicious versions were pulled.
Show sources
- 144 Mastra npm Packages Compromised via Hijacked Contributor Account — thehackernews.com — 17.06.2026 10:38
- 144 Mastra npm Packages Compromised via Hijacked Contributor Account — thehackernews.com — 17.06.2026 10:38