{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihn6w5bvqphi774wuxivoxx5xmxca7mcoqhcb2kxroxyztlpmetau",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mohtpxhzylf2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifaprzgfh2zp7ut3io32rx3obu7riocssqbvdwmxuvbbwfzenx3hq"
    },
    "mimeType": "image/jpeg",
    "size": 333965
  },
  "path": "/2026/06/144-mastra-npm-packages-compromised-via.html",
  "publishedAt": "2026-06-17T07:38:24.000Z",
  "site": "https://thehackernews.com",
  "tags": [
    "@mastra"
  ],
  "textContent": "As many as 144 npm packages associated with the Mastra namespace (\"@mastra/*\"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.\n\n\"A single npm account (ehindero) mass-published more",
  "title": "144 Mastra npm Packages Compromised via Hijacked Contributor Account"
}