{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreihn6w5bvqphi774wuxivoxx5xmxca7mcoqhcb2kxroxyztlpmetau",
"uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mohtpxhzylf2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreifaprzgfh2zp7ut3io32rx3obu7riocssqbvdwmxuvbbwfzenx3hq"
},
"mimeType": "image/jpeg",
"size": 333965
},
"path": "/2026/06/144-mastra-npm-packages-compromised-via.html",
"publishedAt": "2026-06-17T07:38:24.000Z",
"site": "https://thehackernews.com",
"tags": [
"@mastra"
],
"textContent": "As many as 144 npm packages associated with the Mastra namespace (\"@mastra/*\"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.\n\n\"A single npm account (ehindero) mass-published more",
"title": "144 Mastra npm Packages Compromised via Hijacked Contributor Account"
}