A software supply chain attack codenamed 'easy-day-js' compromised 144 npm packages within the Mastra namespace, a popular framework for building AI applications. The attack was executed through a hijacked contributor account (ehindero) that mass-published malicious packages, posing significant risks to organizations using this JavaScript/TypeScript framework.
As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity. "A single npm account (ehindero) mass-published more
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
