On January 9, 2025, attackers compromised the npm account of a Mastra AI maintainer and published malicious updates to over 140 packages. Microsoft attributes the attack to Sapphire Sleet, a North Korean state-sponsored group. The malware targeted credentials and cryptocurrency wallets across Windows, macOS, and Linux systems.
This attack was a result of account compromise followed by systematic package poisoning—a method we've seen before, executed with precision against a framework used in production environments.
Attack Timeline
January 9, 2025: Attackers accessed the npm account 'ehindero', a maintainer for Mastra AI packages.
Same day: Malicious versions were published to over 140 npm packages in the Mastra AI ecosystem. Each update included a typosquatted dependency: 'easy-day-js', masquerading as the legitimate 'dayjs' library.
Detection: Microsoft's threat intelligence team identified the campaign and attributed it to Sapphire Sleet based on infrastructure patterns and targeting consistent with previous North Korean operations.
Current status: npm removed the malicious packages. Organizations that pulled updates on January 9 may have installed compromised code.
Failed Security Controls
Multi-factor authentication on the maintainer account: The 'ehindero' account was compromised, indicating either no MFA was configured or it was bypassed through credential theft or session hijacking.
Package signing and verification: npm's ecosystem lacks mandatory cryptographic signing for package updates. There was no technical control preventing a compromised account from publishing arbitrary code to 140 packages.
Dependency review process: The malicious dependency 'easy-day-js' was added to package manifests without triggering automated review. No CI/CD gate caught the typosquatted library name before publication.
Anomaly detection: Publishing updates to 140 packages simultaneously from a single account should have triggered rate-limiting or manual review. It didn't.
Least privilege: The compromised account had write access to the entire Mastra AI package namespace. A single credential unlocked 140 packages.
Security Standards and Requirements
PCI DSS v4.0.1 Requirement 8.4.2 mandates MFA for all access to the cardholder data environment. While npm isn't a CDE, the principle applies: critical infrastructure accounts need MFA. If your build pipeline pulls from npm and deploys to production, that's part of your attack surface.
NIST 800-53 Rev 5 CM-3 (Configuration Change Control) requires review and approval of changes to systems. Package updates are configuration changes. Your CI/CD pipeline should enforce review gates before accepting new dependencies, especially major version bumps or new transitive dependencies.
ISO 27001 Annex A.8.31 (Separation of Development, Test and Production Environments) addresses environment separation, but the underlying principle is least privilege. A maintainer account shouldn't have blanket write access to every package in a namespace without additional controls.
NIST CSF v2.0 function PR.DS-6 calls for integrity checking mechanisms. Package lockfiles (package-lock.json, yarn.lock) provide integrity checking through cryptographic hashes, but only if you commit them and verify hash mismatches in your pipeline.
Lessons and Action Items
Enhancing npm Security:
Enforce MFA on all npm accounts with publish permissions. Use hardware tokens or authenticator apps, not SMS. If you maintain packages, enable automation tokens with limited scope rather than using personal accounts for CI/CD publishing.
Commit your lockfiles and configure your CI to fail on hash mismatches. When npm install reports a different hash than what's in your lockfile, that's a signal. Don't ignore it.
Add dependency review to your pull request process. Tools like Socket, Snyk, or GitHub's native dependency review can flag new dependencies, especially typosquats. Configure them to block PRs that introduce packages with names similar to popular libraries.
Improving Detection:
Monitor your dependency tree for unexpected additions. The malicious 'easy-day-js' package appeared in package.json files that previously had no such dependency. Your SBOM tooling should alert on new transitive dependencies, particularly those with suspicious names.
Run package audits in your CI pipeline and fail builds on critical vulnerabilities. npm audit is a baseline, but consider commercial tools that track malicious packages in real-time, not just CVEs.
Containment Measures:
If you pulled npm packages on January 9, 2025, audit your installed dependencies. Check for 'easy-day-js' in your node_modules. Grep your package-lock.json for unexpected entries.
Review your npm audit logs. If you use a private registry like Artifactory or Verdaccio, check download logs for the affected date range.
Rotate credentials and secrets on any system where the malicious packages were installed. The payload targeted credentials and cryptocurrency wallets, so assume exfiltration if you had a match.
Architectural Considerations:
Consider using a private npm registry as a proxy. Tools like Verdaccio or Sonatype Nexus let you cache packages and implement additional scanning before they reach your developers. You can block packages by name pattern, preventing typosquats from entering your environment even if they pass npm's checks.
Implement package allowlisting for critical applications. If your production app only needs 50 dependencies, maintain an explicit allowlist and reject everything else. It's more work upfront, but it prevents exactly this scenario.
Conclusion:
Supply chain attacks succeed because we treat package registries as trusted infrastructure when they're actually untrusted networks. A compromised maintainer account is functionally equivalent to a compromised build server—both can inject code into your production environment.
Your dependency management process needs the same rigor as your deployment process: MFA, review gates, integrity checking, and monitoring. If you wouldn't deploy to production without a pull request review, don't pull from npm without dependency review.
Check your npm security settings today. Enable MFA on your organization's accounts. Add dependency review to your CI pipeline. Commit your lockfiles if you haven't already.
The next supply chain attack won't wait for you to be ready.
