140+ Mastra npm packages compromised with easy-day-js typosquat backdoor
Multiple packages in the Mastra npm organization were backdoored to drop remote payloads via a typosquat dependency on easy-day-js, affecting 140 or more packages. The incident highlights fragility in the AI agent framework ecosystem's supply chain, where build and deployment tools lack isolation mechanisms.
Topics
Sources
- Official Read article
- Press Read article
Go deeper
This intelligence is sourced automatically from public sources across the web and synthesised by the Prefactor AI pipeline. Stories are reviewed before publication.