The Mastra npm Supply Chain Attack: Hunting easy-day-js Before It Spreads

On the morning of June 17, JFrog's research team published its analysis of a supply chain campaign that slipped a malicious dependency called easy-day-js into 143 Mastra npm packages. The attacker first published a clean version of easy-day-js, waited, then pushed a weaponized release. Affected Mastra packages were republished to pull it in roughly 26 minutes later. Any team that ran an ordinary install during that window pulled down an install-time loader, a detached second-stage backdoor, and persistence that survives removing the package.

That compresses the defender's clock. You need to be able to answer the question: did anyone here install one of these packages, and if so, what happened next? The lag between a researcher publishing and you holding that answer is where the clock starts and risk accumulates.

For some, that lag is measured in days. Someone reads the report, pulls out the indicators, decides which telemetry sources to query, writes the queries, scopes them to developer laptops and CI runners, runs the hunt, then chases down whatever comes back. None of those steps is technically hard. They are just expensive in human time, and they compete with everything else already in the queue. By the time the hunt is scoped and run, any threat actor has had a head start.

In this supply chain compromise, the threat actors seemed to have taken extra steps to establish persistence. easy-day-js disables TLS verification, drops a randomly named payload into a temp directory, runs it as a detached process, then deletes its own loader so a later look at node_modules turns up nothing. It writes persistence into Node-themed paths: a LaunchAgent on macOS, a user service on Linux, a Run key on Windows. Removing the package does not stop the second-stage process.

{{ebook-cta}}

What same-day response actually looked like

When the JFrog research went live, our security operations team moved the same morning to teach Prophet AI's agents to recognize the activity from this campaign: the malicious dependency, the loader and persistence artifacts, the network indicators. One of our SecOps experts then ran that against live customer environments to confirm it held up in the field rather than only on paper.

Under an hour later, the first customer asked Prophet AI Threat Hunter to hunt for this exact campaign in their environment. The hunt handled the scoping and the querying from a plain-language description of the threat, and the answer came back quickly. No waiting on us, no writing queries by hand, no pulling an analyst off whatever they were already working on.

A hunt that comes back clean is still valuable

The hunt did not find a compromise. It surfaced potential hits, and an analyst ran every one of them down with the hunt's evidence trail already in hand. All  turned out to be legitimate developers who had pulled in Mastra packages as part of their normal work. No malicious installs, no second-stage processes, no persistence.

Produced quickly and backed by evidence, a clean result like that tells you two things: you are not affected by this specific campaign right now, and you have a read on how much benign noise this class of activity generates in your environment. Both are inputs you want before the next disclosure lands, not after. Seeing your own noise level is part of knowing your environment, and you rarely get to measure it on a quiet day.

Why speed is the risk-reduction story

The reduction in risk here came from collapsing the time between a public disclosure and a confident, evidence-backed answer for one specific environment. Speed of response is the control. When that interval is days, an attacker's head start compounds: persistence installs, credentials become reachable, a CI runner keeps building against a poisoned dependency. When it is under an hour, there is very little room for any of that to happen, and on the days when nothing is wrong, you learn that immediately and move on.

When a supply chain attack is disclosed, the fastest path to knowing whether you are affected is a targeted threat hunt scoped to that campaign's specific indicators and run against your own telemetry the same day. The teams that close that gap quickly get to spend their attention on the six hits that turned out to be developers, instead of on the multi-day scramble to find out whether any hits existed at all.

Supply chain disclosures will keep arriving on their own schedule, usually an inconvenient one. The question each time is how quickly you can turn someone else's research into a yes-or-no answer about your environment. If you want to see what hunting a live campaign looks like from disclosure to answer, we are happy to walk you through it.