As many as 144 npm packages associated with the Mastra
namespace ("@mastra/*"), a popular open-source JavaScript and
TypeScript framework for building artificial intelligence (AI)
applications, have been compromised as part of a software supply
chain attack codenamed easy-day-js, per findings from JFrog,
SafeDep, Socket, and StepSecurity. "A single npm account (ehindero)
mass-published more
Read more https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
