140+ official npm packages under the @mastra/* namespace have been compromised via a malicious dependency easy-day-js. Executing npm install automatically triggers a cross-platform infostealer and persistent backdoor.
AGS-2026-0006
Mastra supply chain poisoning attack
Affected
- namePattern
- @mastra/*
- namePattern
- easy-day-js
- versionRange
- 1.11.22
- namePattern
- protocal.cjs
- namePattern
- nvmconf.service
- namePattern
- com.nvm.protocal.plist
- namePattern
- NvmProtocal
Self-check
AgentGuard subscribers receive this advisory automatically and their local guard runs the inspection below.
Inspect paths
~/.nvm/**/node_modules/~/.openclaw/**/node_modules/~/.config/NodePackages/~/Library/NodePackages/~/.npm/_npx/./Library/Caches//tmp/C:\ProgramData\NodePackages\C:\Users\*\AppData\Local\Temp\*%LOCALAPPDATA%\npm-cache\_npx\
Remediation: uninstall— 1. Identify Local Dependency Contamination
# Verify if the poisoned transitive package exists in your local environment tree
npm ls easy-day-js
# Audit lockfiles to check if your builds are fetching the compromised version
grep -A1 '"easy-day-js"' package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null
2. Audit System-Level Persistence Components
macOS Environment
# Check for malicious LaunchAgents and matching drop scripts
ls -la ~/Library/LaunchAgents/com.nvm.protocal.plist 2>/dev/null && echo "🚨 CRITICAL: Persistent LaunchAgent Found!"
ls -la ~/Library/NodePackages/protocal.cjs 2>/dev/null && echo "🚨 CRITICAL: Malicious Script Found!"
Linux Environment
# Check for unauthorized systemd user units and core drops
ls -la ~/.config/systemd/user/nvmconf.service 2>/dev/null && echo "🚨 CRITICAL: Malicious User Service Active!"
ls -la ~/.config/systemd/nvmconf/protocal.cjs 2>/dev/null && echo "🚨 CRITICAL: Malicious Script Found!"
Windows Environment (Run via cmd.exe / PowerShell)
:: Verify if the node masquerading payload directory exists
dir "C:\ProgramData\NodePackages\protocal.cjs" /b 2>nul && echo 🚨 CRITICAL: Windows Dropped Binary Found!
:: Check the CurrentUser Startup Key for the persistence point
reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NvmProtocal" 2>nul && echo 🚨 CRITICAL: Startup Registry Entry Found!
3. Evacuation and Eradication Protocol
If a machine flashes any indicator above, isolate the machine network link immediately and step through these commands:
Kill Active Subprocesses: Terminate any unreferenced background node processes pointing to random temp JavaScript strings or tracking protocal.cjs.
Purge Persistence Layers:
Windows: Clear the registry subkey item via reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NvmProtocal" /f and force delete the drop path C:\ProgramData\NodePackages\.
macOS: Call launchctl unload ~/Library/LaunchAgents/com.nvm.protocal.plist, then completely wipe the .plist metadata and the corresponding ~/Library/NodePackages/ runtime folder.
Linux: Run systemctl --user disable --now nvmconf.service, then clear the systemd description configuration and drop directories.
Wipe Cache & Re-lock: Force purge global build package targets using npm cache clean --force. Roll back @mastra/* dependencies in your package.json to known-clean versions prior to June 17, 2026. Regenerate a clean, secure lockfile from a sterile sandbox environment.
4. Post-Incident Credential & Asset Rotation
The malware scans configurations for 160+ unique cryptocurrency browser extensions (e.g., MetaMask, Phantom, Coinbase Wallet) and exfiltrates local browser databases (Chrome, Edge, Brave History records).
Web3/Crypto Wallet Migration: If any crypto browser extension was logged into on the compromised machine, changing browser passwords or deleting the plugin is mathematically insufficient. Immediately set up a new, sterile seed phrase on an untainted hardware device and migrate all digital assets off the exposed addresses.
Comprehensive Token Revocation: Revoke and rotate all environment files, variables, and API entries accessible to the compromised developer space or CI runner, including:
Local or repository-stored npm publish tokens, GitHub PATs, and SSH keys.
Cloud infrastructure provider access keys (AWS AccessKey, Alibaba Cloud, Google Cloud service accounts).
CI/CD automation pipeline secrets and internal production server deployment keys.
Affected Packages:
@mastra/node-speaker 0.1.1
@mastra/s3vectors 1.0.7
create-mastra 1.13.1
@mastra/voice-xai-realtime 0.1.2
@mastra/voice-speechify 0.12.2
@mastra/voice-sarvam 1.0.2
@mastra/voice-playai 0.12.2
@mastra/voice-openai-realtime 0.12.6
@mastra/voice-openai 0.12.3
@mastra/voice-murf 0.12.3
@mastra/voice-modelslab 0.1.2
@mastra/voice-inworld 0.3.1
@mastra/voice-google-gemini-live 0.12.2
@mastra/voice-google 0.12.3
@mastra/voice-gladia 0.12.2
@mastra/voice-elevenlabs 0.12.2
@mastra/voice-deepgram 0.12.2
@mastra/voice-cloudflare 0.12.3
@mastra/voice-azure 0.11.2
@mastra/voice-aws-nova-sonic 0.1.4
@mastra/vercel 1.0.1
@mastra/vectorize 1.0.3
@mastra/upstash 1.1.3
@mastra/twilio 1.0.2
@mastra/turbopuffer 1.0.3
@mastra/temporal 0.1.14
@mastra/tavily 1.0.3
@mastra/stagehand 0.2.5
@mastra/speech-speechify 0.2.1
@mastra/speech-replicate 0.2.1
@mastra/speech-openai 0.2.1
@mastra/speech-murf 0.2.1
@mastra/speech-ibm 0.2.1
@mastra/speech-google 0.2.1
@mastra/speech-elevenlabs 0.2.1
@mastra/speech-azure 0.2.1
@mastra/spanner 1.1.2
@mastra/slack 1.3.1
@mastra/server 2.1.1
@mastra/redis-streams 0.0.4
@mastra/redis 1.1.3
@mastra/react 1.0.1
@mastra/railway 0.1.1
@mastra/qdrant 1.0.3
@mastra/playground-ui 33.0.1
@mastra/pinecone 1.0.2
@mastra/perplexity 0.1.1
@mastra/otel-exporter 1.2.3
@mastra/opensearch 1.0.3
@mastra/opencode 0.0.47
@mastra/openai 1.0.2
@mastra/observability 1.14.2
@mastra/node-audio 0.1.8
@mastra/nestjs 0.1.15
@mastra/mysql 0.1.1
@mastra/mssql 1.3.2
@mastra/modal 0.2.2
@mastra/memory 1.20.4
@mastra/mem0 0.1.14
@mastra/mcp-registry-registry 1.0.2
@mastra/longmemeval 1.0.50
@mastra/loggers 1.1.3
@mastra/lance 1.0.7
@mastra/laminar 1.2.3
@mastra/koa 1.5.14
@mastra/google-drive 0.1.1
@mastra/google-cloud-pubsub 1.0.6
@mastra/github-signals 0.1.2
@mastra/gcs 0.2.3
@mastra/files-sdk 0.2.1
@mastra/express 1.3.31
@mastra/engine 0.1.1
@mastra/elasticsearch 1.2.1
@mastra/e2b 0.3.4
@mastra/dsql 1.0.3
@mastra/docker 0.3.1
@mastra/deployer-vercel 1.1.38
@mastra/deployer-netlify 1.1.20
@mastra/deployer-cloudflare 1.1.44
@mastra/deployer-cloud 1.42.1
@mastra/deployer 1.42.1
@mastra/daytona 0.4.2
@mastra/dane 1.0.2
@mastra/cursor 0.2.1
@mastra/couchbase 1.0.4
@mastra/core 1.42.1
@mastra/convex 1.2.2
@mastra/codemod 1.0.4
@mastra/cloudflare-d1 1.0.7
@mastra/cloudflare 1.4.2
@mastra/cloud 0.1.24
@mastra/client-js 1.24.1
@mastra/claude 1.0.3
@mastra/chroma 1.0.2
@mastra/browser-viewer 0.1.3
@mastra/browser-firecrawl 0.1.1
@mastra/brightdata 0.2.2
@mastra/blaxel 0.4.2
@mastra/azure 0.2.3
@mastra/auth-workos 1.5.3
@mastra/auth-supabase 1.0.2
@mastra/auth-studio 1.2.4
@mastra/auth-okta 0.0.5
@mastra/auth-firebase 1.0.1
@mastra/auth-cloud 1.1.4
@mastra/auth-clerk 1.0.3
@mastra/auth-better-auth 1.0.4
@mastra/auth-auth0 1.0.2
@mastra/astra 1.0.2
@mastra/arthur 0.3.3
@mastra/arize 1.2.3
@mastra/agentfs 0.1.1
@mastra/agentcore 0.2.2
@mastra/agent-builder 1.0.42
@mastra/agent-browser 0.3.2
@mastra/acp 0.2.2
@mastra/libsql 1.13.1
@mastra/langsmith 1.2.4
@mastra/inngest 1.5.2
@mastra/langfuse 1.3.6
@mastra/mcp-docs-server 1.1.47
@mastra/mcp 1.10.1
@mastra/mongodb 1.9.3
@mastra/otel-bridge 1.2.3
@mastra/pg 1.13.1
@mastra/posthog 1.0.29
@mastra/rag 2.2.2
@mastra/s3 0.5.3
@mastra/sentry 1.1.4
@mastra/schema-compat 1.2.12
mastra 1.13.1
@mastra/duckdb 1.4.3
@mastra/ai-sdk 1.4.6
@mastra/auth 1.0.3
@mastra/braintrust 1.1.4
@mastra/clickhouse 1.10.1
@mastra/datadog 1.2.5
@mastra/dynamodb 1.0.9
@mastra/evals 1.3.1
@mastra/editor 0.11.3
@mastra/fastify 1.3.31
@mastra/fastembed 1.1.3
@mastra/hono 1.4.26
easy-day-js 1.11.22
mastraqqq 1.13.1
Indicators of Compromise (IOCs)
Network Indicators:
23.254.164[.]92
https://23.254.164[.]92:8000/update/49890878
23.254.164[.]123
https://23.254.164[.]123:443/49890878
AS54290 (Hostwinds LLC)
hwsrv-1327786.hostwindsdns[.]com
hwsrv-1327785.hostwindsdns[.]com
Code and String Indicators:
NvmProtocal (Windows Run-key value name)
com.nvm.protocal (macOS LaunchAgent label)
nvmconf.service (Linux systemd unit name)
protocal.cjs (dropped stage-2 filename)
NodePackages (drop directory name (Win/mac/Linux variants))
.pkg_history / .pkg_logs (loader beacon/marker files)
/update/49890878 (stage-2 download path / bot id)
SHA-256 Hashes:
b122a9873bedf145ae2a7fd024b5f309007dbb025149f4dc4ac3f7e4f32a36a4 - easy-day-js setup.cjs (stage-1 loader)
c38954e85bf5433e61e7c8f4230336695624ae88b6953afabf7bf817aa91b638 - easy-day-js@1.11.22 package.json
cdec8b20338beb708b5be8d3d7a3041a35a8b0fb92f9186262f312d55ff82066 - loader variant
9570f77a5e1511869f4e554e7166df9fde081f2583e293c2569621792ed7d9c9 - loader variant
221c45a790dec2a296af57969e1165a16f8f49733aeab64c0bbd768d9943badf - stage-2 stealer