Dossier
Mastra
Coverage of Mastra in the Nexus archive.
- 144 Mastra npm Packages Compromised via Hijacked Contributor Account
144 npm packages under the Mastra namespace (@mastra/*) were compromised in a supply chain attack named easy-day-js. A single npm account (ehindero) was used to mass-publish malicious packages, according to findings from JFrog, SafeDep, Socket, and StepSecurity.