145 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 145 npm packages associated with the Mastra namespace mastra a popular opensource JavaScript and TypeScript framework for building artificial intelligence AI applications have been compromised as part of a software supply chain attack codenamed easydayjs per findings from Endor Labs JFrog OX Security SafeDep Socket StepSecurity and Synk A single npm account