MICROSOFT Threat Intelligence reported a significant npm supply chain compromise impacting over 140 packages in the mastra scope, initiated through the takeover of the ehindero npm maintainer account. The attacker published a malicious package, _easy-day-js_, mimicking the popular _dayjs_ library which included a postinstall hook executing harmful scripts upon installation. This compromise affected developer environments running npm install or update, risking exposure of credentials and software integrity.
Microsoft has suggested various mitigations, including reviewing dependency trees, using known-good versions, and checking for indicators of compromise. Notably, Microsoft Defender products are equipped to detect and respond to related threats.