⚠️ THIS IS A VULNERABLE LAB — YOU ARE ALLOWED TO HACK IT Learn more
feeds.feedburner.com • 2026-06-17 07:38

145 Mastra npm Packages Compromised via Hijacked Contributor Account

thumb
As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk. "A single npm account (
Read original