Skip to content
The Nexus
SECURITYJun 17 · 07:38 UTCTHE HACKER NEWS[email protected] (The Hacker News)

144 Mastra npm Packages Compromised via Hijacked Contributor Account

144 npm packages under the Mastra namespace (@mastra/*) were compromised in a supply chain attack named easy-day-js. A single npm account (ehindero) was used to mass-publish malicious packages, according to findings from JFrog, SafeDep, Socket, and StepSecurity.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting