SlowMist|6月 17, 2026 10:58
🚨 SlowMist TI Alert 🚨
A coordinated npm supply chain attack affecting 140+ @mastra/* packages. The affected packages added a dependency on easy-day-js@^1.11.21, which can be automatically resolved during installation to the malicious version easy-day-js@1.11.22, triggering attacker-controlled code through an install-time hook.
Potential attacker actions include install-time code execution, persistence on Windows/macOS/Linux, browser history collection, cryptocurrency wallet extension inventory, credential or CI secret exposure through follow-on tasking, and data exfiltration.
Treat any system that installed affected @mastra/* versions as potentially compromised: remove malicious versions and easy-day-js, delete node_modules and package caches, reinstall known-clean versions with verified lockfiles, isolate impacted hosts, preserve logs, remove persistence artifacts, and rotate npm, GitHub, cloud, SSH/Git, CI/CD, and wallet-related credentials where exposure is possible.
As always, stay vigilant!
https://enterprise.misteye.io/threat-intelligence/SM-2026-286130(SlowMist)
Share To
HotFlash
APP
X
Telegram
CopyLink