144 Mastra npm packages compromised in major software supply chain attack (opens in new tab)
Mastra npm Packages Compromised in easy-day-js Supply Chain Attack: What Developers Must Know The Mastra npm packages compromise is one of the largest targeted software supply chain attacks seen in the JavaScript ecosystem to date. In June 2026, attackers exploited a hijacked npm contributor account — specifically ehindero — and mass-published malicious versions of 144 packages under the @mastra namespace. As Mastra serves as a popular open-source JavaScript and TypeScript framework for artif...
Read the original article