Supply chain attack trojanzies 140 Mastra framework npm packages
Mastra AI npm packages were trojanzied via an easy-day-js typosquat dependency, compromising 140 packages with remote payload delivery, according to the Mastra GitHub issue and Endor Labs. Attackers backdoored packages to drop remote payloads through the malicious dependency. The incident affects developers using Mastra framework packages from the npm registry.
Topics
Sources
- Official Read article
- Press Read article
Go deeper
This intelligence is sourced automatically from public sources across the web and synthesised by the Prefactor AI pipeline. Stories are reviewed before publication.