North Korean hackers just turned 144 AI packages into credential harvesters. 1.1M weekly downloads are compromised.

144 Mastra npm packages. 1.1 million weekly downloads. One hijacked maintainer account.

On June 17, attackers published poisoned versions of every package in the @mastra scope in an 88-minute window. The entry point: a former contributor's npm account whose publish access was never revoked.

The payload: easy-day-js, a typosquat of the popular dayjs library. It disabled TLS verification, dropped a second-stage backdoor, stole credentials from 166 cryptocurrency wallet extensions, harvested browser data from Chrome, Edge, and Brave, and self-deleted to hide forensic evidence.

Microsoft attributed the attack to BlueNoroff — North Korea's cryptocurrency theft operation. The tradecraft was surgical: publish a clean version first to establish credibility, then weaponize it minutes before the mass publish.

Every CI/CD pipeline that ran `npm install` on any @mastra package between June 16-17 is potentially compromised. That includes npm tokens, GitHub tokens, cloud provider keys, LLM API keys, SSH keys, and database credentials.

Your CISO's existing supply chain security didn't catch this. Package manager lockfiles and version pinning won't help when the attacker controls the maintainer account.

Audit every @mastra dependency in your codebase today. Run `npm ls easy-day-js` across all projects. Rotate every credential that touched an affected build system. Treat the affected systems as fully compromised — not "at risk."

This is the third major supply chain attack targeting AI development toolkits in six weeks. The developer toolchain is now the attack surface.